‘A hacker contacted Barclays and gained access to my account’

Which? explains what to do if a fraudster steals your details
Tali Ramsey

Do you have an issue you need put right? Which? is here to help get your consumer problems sorted.

Dear Which?

I recently noticed that the address on my Barclays account had been changed to a location I’m unfamiliar with. When I contacted Barclays, I discovered that someone had contacted the bank and pretended to be me. After passing security checks, they changed the address to theirs and requested replacement debit cards.

When I explained that it wasn’t me who made the call, Barclays told me that my account would be reset to block any further fraud attempts.

The following day, I noticed that I could still access my account. I contacted Barclays again, and only then was the account reset. A day or two later, I received a customer survey from Barclays and it still contained the hacker’s address instead of mine.

Barclays eventually changed the address back to mine and sent me replacement debit cards. But I want to know what data the hacker used, so I can secure my other accounts. Barclays has refused to provide this, citing the Data Protection Act 2018.

Barclays' failure to inform me about changes being made to my account has left me concerned about being vulnerable to further fraud attempts. 

How can I secure my accounts without access to the information the hacker used?

Anonymous

Put to Rights

Tali Ramsey, consumer rights expert at Which?, says

It's worrying that a scammer was able to get this far. Unfortunately, there are many ways fraudsters can obtain your personal information.

For example, personal data can be stolen if you click on dodgy links that download malware to your devices, you enter personal details into phishing websites, or you are the victim of Sim swap fraud, where fraudsters hijack your phone number and start to receive calls and texts intended for you.

While these are all plausible explanations for the hack, it’s impossible to know how the scammer accessed your details and exactly what information they have about you.

You can check if any of your passwords have been compromised using Pwned Passwords. You can also find out if your email addresses have been compromised. For added security, you may wish to download antivirus software for your computer (see our reviews for Windows and Mac). 

We contacted Barclays about your experience. It said you were the victim of a targeted attack using information that would have only been known to you. Barclays has now added you to the Cifas register. This offers protection against identity theft for people who might be at risk, and safeguards against future attempts at accessing your accounts.

Need to know

  • If you notice any unusual activity or changes to your personal accounts, contact the account provider immediately.
  • Ensure your new passwords are secure and consider using a password manager to organise and securely store your passwords.
  • Understand how to report and avoid identity theft.

Get in touch. If you've got a consumer rights problem you need put right, email us at yourstory@which.co.uk

Please be aware that we cannot help with, or respond to, every email that we receive. The inbox is monitored periodically during office hours, Monday-Friday 9am-5pm.

More on this

Related articles