Bonum Certa Men Certa

[Video] 3 Major Issues in Nationwide, Including (Potentially) a Major Data Breach

posted by Roy Schestowitz on May 23, 2024

Video download link | md5sum 41588754d32c7c1fb9291cffb1f2d70c
Nationwide Security Blunder or More?
Creative Commons Attribution-No Derivative Works 4.0

Preview for Nationwide Security Blunder or More?

BANKING "online" or 'electronic-bank' security has become the joke of the town. Many "modern" banks use inadequate systems and there are new reports this week regarding famous banks cautioning customers about advanced phishing scams (see Daily Links), as usual blaming buzzwords and straw men like "AI" (chatbots or "HEY HI", which doesn't accurately describe LLMs).

In our case, it seems plausible or likely to be much worse than phishing. It looks like Nationwide has suffered a data breach because a highly sophisticated scam, not "HEY HI" chatbot, apparently uses people's names and postcodes to seem legitimate. If those messages are in fact legitimate, that's worrying for a number of other reasons.

So I phoned them up. And they refuse to take a report about this. Or rather, they make it unnecessarily hard. This has become rather typical, as businesses are good at taking money but rather reluctant to take complaints.

In my case, to make matters worse, the complaints number gets through to a person who deals with mortgages! No kidding, I even double-checked while on the line. She tried to blame this on me, but I assured her I phoned the correct number, so it seems like an IT issue (again). Lines crossed?

As they do not let customers talk to IT or to managers (but put them on hold and speak to some unspecified party), maybe they are contracting all this stuff (and staff) outwards.

Towards the end of the call we were comparing the link in her legitimate E-mail to mine, as it goes not to the same domain at our end (unless there's a misunderstanding). Suffice to say, a bank linking to some dodgy third-party domain with extensive tracking in the URL is a terrible security practice, which in itself constitutes a reportable issue. Whoever is responsible should/can/might be sacked on the spot if this was a deliberate design issue. But who knows... they try to not even talk about this issue and refuse to let you speak to the most suitable person. "Nobody else has this problem" would likely be the go-to excuse. "You're only a customer... who are you to care about our IT systems failing...?" (Like Sainsbury's [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]). I recorded the call (didn't plan to publish it; it's crude), so nobody can say I take it out of context. It's totally unedited, so there are some bits there that could be cropped out (albeit it would require further processing).

In the name of "cost-savings" (high profits, temporarily, so some managers bag bonuses) many banks nowadays want to reduce themselves to (just/at most) some overseas AWS ("clown computing") account. Instead of branches they want to herd customers into skinnerboxes with "apps" (or Web sites). This is a worrying trend, akin to some scenes from I, Daniel Blake.

Other Recent Techrights' Posts

Not Only Windows, Surface, and "Hey Hi" PCs; Microsoft's Hardware Ventures Are a Dumpster Fire; HoloLens Mixed Reality Hardware Now Axed Altogether and Staff is Miserable
Microsoft is in a terrible state
Links 15/02/2025: University Price Hikes and Copyright Action Against Slop Companies
Links for the day
Slopwatch: All Those New 'Articles' Are Fake and Crafted by Chatbots (LLM Slop)
Google News is promoting these as "Linux" news; they're not even made by humans
They Will Never Leave Linus Torvalds Alone, Rust is Just Another Way to Cause Instability and Infighting in Linux
We already identified the Rust "community" as troublemakers more than 5 years ago and we wrote about the evidence
 
Python and Microsoft: Pandas Should Have Known OpenDocument Format (ODF) and Microsoft Excel Are Different and Competing Things
now we're meant to think that in order to open ODF files we need some functions with "Excel" in their name
Richard Stallman on RISC-V and Free Hardware
Invidious is under attack by Google
Certificate Authority (CA) Let's Encrypt Now Down to TEN (0.3% of the Whole) in Geminispace
The number of capsules that use Let's Encrypt is, according to Lupa, about to fall to single-digit figures
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, February 14, 2025
IRC logs for Friday, February 14, 2025
Gemini Links 14/02/2025: Mysterious Friend and "Eight by Eight"
Links for the day
Apple: Social Justice or Social Nationalism?
Remember to buy Apple, folks
Links 14/02/2025: Mass Layoffs at Sophos, Chatbots Failing Very Badly, "DOGE as a National Cyberattack"
Links for the day
Moving Away From Certificate Authorities (CAs) Like Let's Encrypt Means Taking Away From the US Government the Power to 'Censor' Sites by Revoking Certificates
Gemini capsule is cheap to run and easy (easier than a Web site) to maintain. More people disillusioned and frustrated with social control media flock to it.
BetaNews' Managing Editor Wayne William Took Charge of GNU/Linux Articles and His Articles Are Real (He Actually Wrote Them)
We are frankly relieved to see that Wayne William recognised the problem and did something about it
Links 14/02/2025: Publicity Rights Violated (ByteDance), Bribes to Trump Passed via Social Control Media 'Settlements' Again
Links for the day
Gemini Links 14/02/2025: Constitution, Cosmic DE, and More
Links for the day
Slopwatch: Anti-Linux Articles Published by Bots, Dominating Google News
So a lot of the Web is Microsoft chatbot-generated anti-Linux FUD
Links 14/02/2025: Measles Outbreak in Texas, Zelensky Warns Russia Will Attack a NATO Country
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, February 13, 2025
IRC logs for Thursday, February 13, 2025
Gemini Links 13/02/2025: gwit and Restart
Links for the day
Links 13/02/2025: Algorithm Bots and 'Teleport' Breakthrough
Links for the day
EPO Staff Representatives Confront the President Who Says 'F--king' in Front of Female Workers Over Measurable Discrimination Against Female Colleagues
Central Staff Committee versus Lukashenko's sponsor
IBM Layoffs in 'RTO' Clothing Reported by Thomas Claburn
This "hey hi" (AI) nonsense is just a go-to excuse that IBM and GAFAM (and many others) use
Still Waiting for the EU to Abolish the Illegal and Unconstitutional Court Linked to EPO Corruption and Lobbyism by the Patent Litigation Industry
Sadly, all the blogs that used to talk about those issues have been infiltrated and then completely hijacked by the very perpetrators of the illegality
Social Engineering of the Free Software Movement is a Corporate Takeover With Code of Conduct (CoC) to Drive Out or Expel Dissent
Richard Stallman (RMS) covered "cancel culture"
Links 13/02/2025: Mass Layoffs at Google (Disguised as "Buyouts"), Telecoms Price Hikes as Collusion/Price-Fixing
Links for the day
[Video] Richard Stallman Questions and Answers Session in Google's YouTube or Invidious
From last night
Gemini Links 13/02/2025: Broken Watches and Naming Types
Links for the day
Corrupt Bill Gates Worming His Way Into Richard Stallman Videos in Google's YouTube
Reputation laundering riding other people's names?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 12, 2025
IRC logs for Wednesday, February 12, 2025