I’m iOS. I’m wondering if I simply clicked a link I shouldn’t have done. I guess I’ll never know, but I shan’t be clicking anything anytime soon.
And I’m doing a proper tidy-up as well. Overdue.
1 Like
I’m assuming you also know about this site…
As it turns out, an old Hotmail email account I previously used has been leaked in a data breach. I don’t use it anymore and I’ve cleared it out. It’s not had any hits for a long time to be fair. Last time I got identity thefted, was almost 12 years ago.
I’m now constantly updating my operating systems as and when revisions are released. I got rid of my Gmail account because that was an absolute nightmare, I’m more than happy paying a subscription to protonmail.
We can only do what we can do 
If you freeze your card you can’t use Apple Pay or Google Pay with that card. That’s with all most banks AFAIK.
Have I been Pwned is pretty limited. Emails in dumps only.
The attack vector here sounds to me like it was something else. I generally suggest folks keep an eye on Dehashed. It’s far more thorough than just checking email dumps. There are other thorough tools out there too, but this has been my go to for years. You do need to pay for this service, however. 1 week access is usually sufficient for most victims, to find and clean up your leaked data from any data breaches.
An attacker simply finding Graham’s email in a data breach won’t by itself allow them to pull off an attack like this, unless Graham is careless with password reuse and handing out his personal data in any old online form, which I very much doubt is the case. On an iPhone too, so it’s not going to be some kind of malware that android devices are susceptible to.
What medium was used for the OTP?
I’ve just looked at the manage my cards section of both TSB and Nationwide and it states on both that freezing you card doesn’t affect Apple and Google Pay
Same with Amex as above. I froze my Wise card and that says it can’t be used for digital wallet payment when frozen.
Spent hours today and yesterday doing the password change chore. Effort not wasted, though. 
1 Like
TSB I’m not familiar with, and their website doesn’t say one way or the other.
Nationwide aren’t a bank 
Although that must be a fairly new thing from them. Last I used properly used Nationwide, freezing your card did indeed disable Apple Pay too. They bundled it with regular old contactless settings.
From Lloyds Banking Group:
Freezing your debit card also stops contactless payments with Apple Pay and Google Pay
From Natwest Group:
Freezing your debit card temporarily stops it working:
…
- with Apple and Google Pay
Barclays have nothing on their website for me to copy and paste, but as a customer I can say freezing your Barclays cards, including Barclaycard just disabled them in Apple Pay on my phone.
From HSBC group:
Freezing your card will affect:
…
- Digital wallet transactions and recurring automatic payments using a debit card
From Monzo:
When you freeze your card, we’ll block all payments that we can – so you won’t be able to use your card in most situations. That includes anything through Google or Apple Pay.
From Starling:
Card Locked/Unlocked - the first control you’ll see when you head into the card screen. This one stops all payments on your card and overrides all the other controls.
And last but not least, Chase:
Just so you know, Apple Pay and Google Pay will still work if you freeze your card and/or card details.
So I’m not totally losing the plot in my recollection ability! 
But having checked after the fact I’ll amend my statement from all to most As some have since changed their approach (Nationwide), and two banks I’d never checked previously don’t actually block Apple Pay (Chase and TSB which I’ll take at your word as I can’t find any information one way or the other).
I’ve updated my own personal wiki on the back of this too, which was pretty old since I last updated it (2019). Did I miss any banks? Aside from TSB and Chase which were missing, those are all the ones in my wiki. I’m not extending it to fintechs or credit cards.
That says Chase won’t block mobile wallets if you block your card, the opposite of the other statements above.
Oh no, I know! If you read the second sentence afterwards, I say as much.
I was just pasting the explanations from banks who offered them on their websites. Not just the ones who say it disables Apple Pay. I wasn’t looking for bias to back up my statement, just information to update my knowledge.
Starling has a separate option to block wallet payments.
1 Like
RBS says freezing chip & PIN doesn’t stop g/apay or ATM.
Freezing the card does seem to stop everything though.
Yes, some banks have started to offer granularity to their card controls, letting you switch off just specific functions. Starling’s are the most impressive suite, if a tad overzealous.
I was only looking at the general freeze feature though as that is what was referenced, and in both cases, if you freeze your card it switches off everything. Or as Starling like to put it, freezing your card overrides and turns off all those granular card controls in a single switch.
Why am I sat here sarcastically laughing 
Anyway, my point earlier was, card freezing doesn’t always prevent payments for mobile wallets across all card providers.
1 Like
Not sure if that’s the reaction I was going for, but I’ll take it! 
1 Like
Nationwide can state all they like that they are a building society, which of course technically they are, but to to mere mortals like me, they’re nothing more than a bog standard bank. I’m happy to be a customer however and I’m sure they help keep me safe from scams and fraud. Indeed, I transferred a significant amount of money to my own sister recently and I had a plethora of warnings from Nationwide that according to their own checks, my sister’s account might not be safe to transfer money to. Well as you can imagine, we both gave that a good ignoring 
1 Like
Source for this, please?
Just because you say you personally believe this to be true and contribute with this opinion dressed as fact ad-nauseam that doesn’t make it so.
I had a bit of time on my hands yesterday afternoon and following your post, I sat down and reviewed the security on both my iOS and Android phones and Tablet. More 2FA implemented on accounts I’d previously not activated 2FA. Email checks done again. There’s little more I can do.
I even have the Land Registry alert set up on the house as I mentioned in a much earlier post. It seems however, that the whole scam thing surrounding scammers registering businesses with Companies House to whatever private address they wish, still as yet can’t be stopped. The first unsuspecting homeowners know about this type of scam, is when Companies House send them a congratulations letter and then come the HMRC letters.
I doubt if most of the public actually know what a building society is, and they probably care even less.
Nationwide’s legal structure is as a building society, but they operate under a banking licence, so for all intents and purposes they are a bank.
1 Like
I agree and I shouldn’t have inserted that into the current thread as it absolutely is off topic
1 Like
As a closing comment from me on this particular event of mine, I’ve since learned quite why I was caught.
Most of the assembled will already be conscious of this threat but for those not……
A text message announcing a new device had been registered to my Santander account was received. Because I’d recently changed phone models I gave it no second thought !!!
I had the opportunity to query it then but considered it unnecessary. That message concealed the fact that someone had hacked me and changed the phone number on the account.
There it is. Lesson learned or wot !!
2 Likes