In which the banks encourage people not to click on links in unexpected emails



  • Or maybe not.

    0_1464281744297_barclays.png

    Fucking idiots.



  • My only Mac user at least realized links were dangerous finally ...

    0_1464282257802_upload-28b6cadb-d026-4e8a-91de-d6b036d2bdeb

    And yes, (s)he emailed me on a Saturday.


  • SockDev

    @PJH and no transport security, nice!




  • From: Me
    To: internetsecurity@barclays.com
    Date: Thu, 26 May 2016 18:06:24 +0100
    Subject: Fwd: PJH, we help keep your account safe

    Since I know banks aren't, or certainly shouldn't be, actively encouraging
    customers to click on random links in emails that aren't expected,
    especially those that claim to be about security for example, by not
    sending out unexpected emails encouraging customers to click on random
    links relating to security, this is clearly some sort of phishing scam
    email...

    I look forward to a, non-form-letter, explanation if this is, indeed,
    genuine as to why Barclays is encouraging customers to click on links in
    random emails coming (apparently or otherwise) from Barclays.

    [snip forward]

    I'm sure you all know what the reply, if there is one, will allude to...



  • I don't see the part where they said not to click links in unexpected emails. I do see the part where they said that they'd use your name and the last 4 digits of your card so that you're supposed to know the email's legit. Of course, that little suggests that anyone could sniff those details out of their legit email as it pinged across the interwebs, but ...

    I'm not particularly keen on barclaycard. Some random person filed for bankruptcy, and when they tried to withdraw his line of credit, they somehow withdrew my line of credit instead. Without telling me. And when I got them on the phone, it progressed from "we're not sure what the problem is... it looks like you have no line of credit", to when I eventually got to talk to someone who could actually dig deeper, "did you file for bankruptcy? [no...] well, we received this notice... [well, if you did, it wasn't from me.... you should probably double check that...] uh, we'll call you back." And then they eventually admitted that it was a mistake, and my credit was back. But not before I had to go scrambling to get all of my automatic monthly payments changed so they wouldn't all try to charge that card and get declined...



  • @anotherusername

    [bank doing something incredibly stupid]

    so a day that ends in Y ... because if you've ever seen banking software ... you start to cry.



  • @rad131304 yeah, until my current bank does something incredibly stupid I'm just going to pretend like they're any better.



  • @anotherusername said in In which the banks encourage people not to click on links in unexpected emails:

    @rad131304 yeah, until my current bank does something incredibly stupid I'm just going to pretend like they're any better.

    Wait, what?



  • @rad131304 until my current bank does something incredibly stupid that affects me in some considerably inconvenient way, I really have not much choice but to just ignore the fact that pretty much all banks are equally fucked up.



  • Used to bank with Wachovia, bought out by Wells Fargo, and after that I left them.

    One day I get a phone call claiming they're from my bank and trying to sell me on opening a savings account with them, and all they need is my bank account info and we can open it up right now over the phone...

    ... yes, this doesn't sound fishy...

    Furthermore I already had a savings account with them, so what, they want me to open up yet another one?

    I don't do it of course, and hang up. I then do a reverse lookup on the phone number, and it turns out to be the address of my bank right around the corner. So wait... was this legit? Or did someone spoof their number?

    So I shoot an email to customer support informing them of the fact. Explaining that either if this were them that's very bad taste in security, teaching customers it's OK to just hand out account information over the phone to people that called them with no confirmation of who they are... or that worse, there's someone in the area spoofing their phone number and phishing for personal account information.

    1 day later, I get a form email response slightly modified to me (name replaced, that sort), explaining that I should never respond to emails asking me for my account information.

    Yay, they didn't read my email.

    So I called their support line.

    They proceeded to yell at me, call me a liar, and that I was out to slander them...

    I cancelled my account immediately and moved to the credit union my girlfriend uses.



  • @anotherusername I guess that's a low enough bar to set?



  • @anotherusername said in In which the banks encourage people not to click on links in unexpected emails:

    I don't see the part where they said not to click links in unexpected emails.

    That's the OOB stuff (radio, newspapers etc), where they tell people not to trust emails (claiming to be) from banks and don't click the links. It's a right-pondian thing I've noticed. Dunno about left-pondia.



  • @PJH said in In which the banks encourage people not to click on links in unexpected emails:

    [snip]
    

    I'm sure you all know what the reply, if there is one, will allude to...

    The more interesting question, I think, is whether the bank actually does anything with your input.

    For example, my bank has two-factor authentication. You log in using username and password, and in order to pay someone you need to answer a challenge. The answer for the challenge can either be on a paper list of 100 answers that the bank sends you every once in a while, or the answer can be sent by SMS. Now this bank had had the wonderful idea that you could change from the paper list to SMS, with free choice of phone number, without answering a challenge. I have phoned them immediately, and of course they didn't acknowledge the problem and came up with some silly excuse, but they did fix it within a day or so.

    Such a quick real action increases my trust more than any nice hand-written letter could do.



  • @Grunnen said in In which the banks encourage people not to click on links in unexpected emails:

    The more interesting question, I think, is whether the bank actually does anything with your input.

    I'll have no idea - the whole reason this stuck with me is because I don't generally get emails from them at all (beyond the "your balance is £0.00" emails I get once a month. It's not a frequently used card.)



  • This post is deleted!

  • Impossible Mission Players - A

    @PJH said in In which the banks encourage people not to click on links in unexpected emails:

    your balance is £0.00

    IIRC my accounts start incurring a fee if it's below a certain amount past the end of the month cycle.
    I wonder how that would pan out...

    :bank: : Your balance is 0.00 at the end of the billing cycle, this will incur a $25 penalty.
    :bank: : Wait, you don't have >= $25, this means you attempted to overdraft the account, which is a $18 penalty.
    :bank: : :smiley: You now owe us $43.98!



  • @Tsaukpaetra said in In which the banks encourage people not to click on links in unexpected emails:

    IIRC my accounts start incurring a fee if it's below a certain amount past the end of the month cycle.

    My only (current) relationship with Barclays is a credit card. In the UK, the only CC I've had that's incurred a 'fee' for not being used is AMEX - they got dropped shortly after they did that.

    My current bank account (Lloyds, for those that care) incurs a £5 fee per month, unless you deposit £$MINAMOUNT which my salary covers.

    For whatever god-forsaken reason, this appears on my statement as a withdrawl of £5, followed by a £5 credit.


  • SockDev

    @PJH said in In which the banks encourage people not to click on links in unexpected emails:

    For whatever god-forsaken reason, this appears on my statement as a withdrawl of £5, followed by a £5 credit.

    that's a very weird implemetation of that business rule..... i can only assume it's a leftover from a job security measure enacted by a beancounter.



  • The only weirdness I'm aware of with my bank is that they've got account plans with prerequisites - like a teenager plan which requires you being below 18 - but they never verify if it still applies. So I didn't switch out of the teenager plan until I had need for a credit card at 20 or so, and I'm still on the student plan.


  • Discourse touched me in a no-no place

    @PleegWat They compensate usually by giving you bad rates of return on savings while charging high rates on loans anyway. They want you to stay for decades, sending them little slivers of pure profit each month…



  • @dkf Probably. But I'm not allowed to overdraw on this plan, the only allowed payment plan on the credit card is 'full outstanding balance at the end of each month', and savings account interest at or above 1% is not something that exists in the current economic climate around here.


  • Discourse touched me in a no-no place

    @PleegWat said in In which the banks encourage people not to click on links in unexpected emails:

    But I'm not allowed to overdraw on this plan

    So if you do go overdrawn, it's automatically an unauthorised overdraft. Banks like those (provided you eventually pay at all). You probably want to avoid them.



  • @PleegWat said in In which the banks encourage people not to click on links in unexpected emails:

    they've got account plans with prerequisites - like a teenager plan which requires you being below 18 - but they never verify if it still applies. So I didn't switch out of the teenager plan until I had need for a credit card at 20 or so, and I'm still on the student plan.

    It's probably not worth it for them to have to deal with the unhappy customers whose accounts changed unexpectedly to a completely different type with completely different terms and conditions.



  • @accalia said in In which the banks encourage people not to click on links in unexpected emails:

    that's a very weird implemetation of that business rule..... i can only assume it's a leftover from a job security measure enacted by a beancounter.

    On the surface, unlikely - the specific account (i.e. you put in $X, you get Y, Z and θ) has only been around for < 2 years.

    Deeper down, they're probably running the accounts on washing machines that require those hoops to be jumped through.



  • From: Me
    To: internetsecurity@barclays.com
    Date: Fri, 24 June 2016 10:13:24 +0100
    Subject: Re: PJH, we help keep your account safe
    
    A month ago, I forwarded this email purporting to come from Barclay's (in fact I know it did,)
    but I have yet to have the courtesy of a response with an explanation. Would someone there
    be so kind to supply one?
    

  • Impossible Mission Players - A

    @PJH said in In which the banks encourage people not to click on links in unexpected emails:

    A month ago

    Getting close on mine! I doubt they will respond though.
    0_1466787226060_upload-2ce6b7ff-4f3c-4249-b90e-32532906c3f3


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.