Appreciate the reply. Thanks.
I'll get onto CIFAS shortly.
The police basically said the investigation is in action frauds hands, as its police run I can accept that.
And my account will remain closed.
Everything I've said regarding virgin and the tactics they used is 100% correct, as I've said if I hadn't contacted them personally when I found the fraud how long would this of lasted for?.
They won't take one bit of ownership for the attack on my account, they insist it's because my password was weak.
They say it wasn't strange for multiple deposit attempts from different unregistered cards, even the 4 cards they accepted deposits from and even a neteller attempted withdrawal when I've never owned a ewallet in my life.
As for the funds being allowed to be just gambled away, I just played down to zero as I was instructed to do so, I was told they where not at a financial loss and neither was I at virgin, and they can't be withdrawn as they need to go back to original deposit method which was impossible because the deposits never came from a card or cards I've ever known.
I'll await the action fraud response.
Thanks again for your input.
Not yet, but that money was stolen from somewhere, and if not from you, from someone else or a bank. Eventually, the rightful owner or the bank will want it back, and may take it back via "chargeback".
Of course it's possible for Virgin to return the money to it's source regardless of who owns this source.
The whole thing comes under "money laundering", and it seems Virgin are rather laid back about this whole affair even though this is what made it so relatively easy for some laundering to take place, even if the rest was blocked.
Part of the problem of "lack of action" is that this is driven largely by the banks, who are the ultimate victims of this kind of fraud. Banks tend to downplay the extent of such fraud as it would be bad PR if customers realised just how widespread and easy it is, and so tend to refund victims and not bother the police too much with investigating.
Action Fraud often use reports for "intelligence gathering" about the problem, not necessarily intending to investigate each case.
It seems the hack had nothing to do with "weak passwords", but was a vulnerability in another Virgin business, one which supplies a very large number of UK broadband connections. The supplied routers have a security flaw that allows them to be hacked, and once hacked it's possible to get into email accounts, and here no amount of password security is going to help because the weakness is the "reset password" facility that assumes that the account holder's email inbox is secure.
The security approach as a whole is fundamentally flawed as no human has the capability of remembering dozens of different and very secure passwords, hence people default to passwords that they find they can remember. The fact that so much use is made of the "reset password" feature is a demonstration of this flawed approach based on the ability of human memory.
If anything, having the passwords written down on a piece of paper kept at home is probably more secure that all these online password stores or local password memory software, which can all be hacked.
As for routers, the best approach is to ditch wireless and lay Ethernet about the house. It would then be necessary to drill the wall and plug a cable in to access the network, rather than sit outside trying to connect over the wifi.