ali
Member of DD Central
Posts: 313 
Likes: 311
|
Post by ali on Oct 31, 2017 9:46:58 GMT
Tried to log in this morning to find my account had been suspended:
Of course, that's the wrong phone number and when I call them they can't explain why the account has been suspended or do anything about it. Muppets! They'll be getting a letter before action very soon if they can't sort their problems out.
|
|
|
|
Post by Deleted on Oct 31, 2017 10:33:00 GMT
I think you need to take a deep breath first and find out why they've done this.
If its something like they've detected an attempted hack or suspicious access attempt, then you know what? I'd *WANT* them to act fast to suspend my account in those circumstances!!
|
|
|
|
Post by misotu on Oct 31, 2017 11:03:39 GMT
Hard to find out why they''ve done it iif he has phoned and they can't tell him, though! That's ... more than a little disappointing.
|
|
ali
Member of DD Central
Posts: 313
Likes: 311
|
Post by ali on Oct 31, 2017 12:18:06 GMT
I've now had a call from Zopa. After going through all the rigmarole of calling them back via their published number since they say they have to run a security check on me before they can talk to me, I discover that the reason they have suspended my account is to test how well their security systems work. I told them "badly." They hope to have the account unsuspended by the end of today.
As I said, "muppets."
|
|
|
|
Post by Ton ⓉⓞⓃ on Oct 31, 2017 12:51:45 GMT
The reason sounds a little unbelievable to me.
Please be careful giving out your data to sort this out.
|
|
|
|
Post by GSV3MIaC on Oct 31, 2017 13:54:22 GMT
If you call their public number (having ensured it really did dial out) and if they have really managed to suspend your account, then I'd be fairly confident it really was Zopa .. however the excuse is seriously lame. I'd be asking for compensation for the time and trouble they put me to .. i.e. kicking of an official complaint to their compliance officer. £50 or £100 (tax free compensation) ought square my feelings somewhat.
|
|
ali
Member of DD Central
Posts: 313
Likes: 311
|
Post by ali on Oct 31, 2017 14:51:36 GMT
The reason sounds a little unbelievable to me. Please be careful giving out your data to sort this out. Thanks Ton ⓉⓞⓃ. They did ask me for my date of birth when they called me, but to their credit weren't too surprised when I refused to tell them (unlike Barclays, whose fraud team always get very offended when I refuse to). Zopa said they would email me and I could call their main switchboard and get transferred to the relevant person. None of which I had a problem with. I was rather expecting, however, that they would have something useful to tell me. Or even better, actually be able to unsuspend the account. As it was, there was no point in calling me (or in me calling them). If they don't have it sorted in the morning, then as GSV3MIaC says, a formal complaint may well be the next step.
|
|
ali
Member of DD Central
Posts: 313
Likes: 311
|
Post by ali on Oct 31, 2017 17:53:47 GMT
Pleased to say my account is now unsuspended and I'm back in (after a password reset). Still no real idea as to what happened, but I guess it doesn't matter too much. I'm running my account down anyway due to the uncompetitive rates.
|
|
|
|
Post by wyndstryke on Nov 1, 2017 12:14:12 GMT
I'd guess that someone did a password-guessing attack on your account. A pretty common technique is that they buy lists of people's email address and password pairs from an older hack (for example, linkedin's 2012 hack when 117 million emails/passwords were stolen), and try them all on various banking sites etc. If 1 in 1000 leads to a valid account, they are quids in.
|
|
ali
Member of DD Central
Posts: 313
Likes: 311
|
Post by ali on Nov 1, 2017 12:31:10 GMT
I'd guess that someone did a password-guessing attack on your account. A pretty common technique is that they buy lists of people's email address and password pairs from an older hack (for example, linkedin's 2012 hack when 117 million emails/passwords were stolen), and try them all on various banking sites etc. If 1 in 1000 leads to a valid account, they are quids in. Who knows. I'm certain they didn't get into my account that way. I generate my secure passwords (and all accounts that involve money have secure passwords) using Linux's /dev/random, using as many characters as I am allowed and as wide a range of possible characters as is permitted. Passwords are never reused.
|
|
mikeb
Posts: 1,072
Likes: 472
|
Post by mikeb on Nov 5, 2017 21:20:05 GMT
There's no immediate suggestion that anyone did get into your account, I think the point being made is that the (possible) continual banging on the door may have alerted Zopa to suspend the account to stop ANY logins (as you found out to your annoyance!)
One would hope that a concerted, repeated attempt to log in with youremail@yourdomain.com and a series of different and wrong passwords would trip SOME kind of reaction!
|
|
ali
Member of DD Central
Posts: 313
Likes: 311
|
Post by ali on Nov 6, 2017 7:53:40 GMT
There's no immediate suggestion that anyone did get into your account, I think the point being made is that the (possible) continual banging on the door may have alerted Zopa to suspend the account to stop ANY logins (as you found out to your annoyance!) One would hope that a concerted, repeated attempt to log in with youremail@yourdomain.com and a series of different and wrong passwords would trip SOME kind of reaction! Possibly. They could have seen that there were a number of failed attempts from eg., Australia and suspended the account while they put in regional IP blocking, but I would have hoped they would have checked with me first that such a regional block was appropriate. Forcing me to change my password doesn't appear to achieve anything. Whatever level of randomness I used in my current password I am likely to continue to use in any replacement password. Telling me that my account was under attack and suggesting I made sure my password was completely random would potentially achieve something, but they didn't do that. Changing my username would achieve something, but since Zopa (like many organizations) use an email address as a username that's a little difficult for them (as it happens, I have an infinite number of email addresses, but they're not to know that).
|
|
|
|
Post by wyndstryke on Nov 6, 2017 16:31:54 GMT
... but I would have hoped they would have checked with me first that such a regional block was appropriate. Usually the safest thing from their viewpoint is to block first and ask questions later. In the time it takes to get hold of you, someone may have stripped your account. I'd rather they blocked me, than let the account be emptied out. Probably just generic advice. I got one of my credit cards blocked a few years ago by logging into the account from my corporate network (proxy came out in Florida), then logging in from home that evening. It was flagged up by IP geolocation so they blocked the account. Sure it was irritating, but not nearly as irritating as having all your savings taken.
|
|
