KnowBe4 Security Awareness Training Blog

A Single Tweet Saw One Woman's Bank Account Entirely Wiped Out

Written by Stu Sjouwerman | May 28, 2019 1:36:02 PM

Dean Dunham at The Mirror in the UK reported: "Social media is often disgruntled customers first port of call when they want to make a complaint about goods or services these days, but after hearing Andrea’s story this week I would urge caution when doing this.

Andrea from Milton Keynes had a shock last month when she discovered that her bank account had been cleared out by fraudsters.

This was devastating news and left Andrea desperately short of money. Whilst she was assured that she would be reimbursed the money by her bank, it was explained that this would have to go through a process and could take up to two weeks.

She therefore decided to obtain a short-term loan to tide her over. To her horror she was refused, on the basis that she already had three loans and was in default on all of them.

Andrea did not understand this as she had not taken out any loans. Crooks took out loans in her name as well as emptying her account. However, it soon became clear that her identity had been stolen and that fraudsters had taken out loans in her name.

After some investigation it became clear what had happened.

In December 2018 Andrea had experienced problems with her broadband. She decided to take to Twitter to complain to her provider Virgin. She received a very rapid response from @virginCSmedia, whom she assumed to be the customer service team of Virgin.

The response asked for her name, address and account number in the first instance to which she responded. A new message was then sent stating that they were having trouble locating her account so they would need some further information.

They asked for her date of birth and place of birth, which she provided. The next message confirmed that the account had been located and asked for Andrea’s phone number. She spoke to them on the phone as well as online

Andrea then received a call from someone purporting to be a Virgin customer services agent. The man on the phone said that he needed to ask a security question first. He then proceeded to ask Andrea for the bank details of where her direct debit is paid. She gave this information.

Andrea took screenshots of the Twitter communications at the time so that she had a record of what had been said. This was a good idea but didn’t stop her getting scammed.

The account has now been suspended, and Virgin Media have said "any accounts claiming to be us are reported immediately through the appropriate channels", but it's a clear warning to never trust anyone who contacts you directly and asks for bank details or any other personal information." Cross-posted with grateful acknowledgement.

Find out how affordable new-school security awareness training is for your organization. Get a quote now.