View Single Post
      11-04-2011, 11:07 AM   #3
Major General
rogerxp's Avatar
United Kingdom

Drives: M3 Comp Pack / QQ+2 Tekna
Join Date: May 2008
Location: Stockport, Cheshire

iTrader: (1)

Garage List
I had similar with my work account, about 6k went walkies, but was quickly returned.

I remember logging into the online system as normal (using my bookmark) and logging in with the usual ID, 3 randon digits, etc, then could see all our accounts. Everything seemed normal. Went to make a payment and it asked me to type in my entire password to complete the transaction (which went through correctly).

Now, you may say, NEVER TYPE IN YOUR ENTIRE PASSWORD, but I was already at ease so let my guard down. I accessed the site of my own accord (not prompted by some dodgy e-mail), I'd logged in as normal, could see my own accounts, made a transaction as normal. I just presumed, as I was half way through a normal transaction, they'd changed the security measures to just proceeded to follow the instructions. They must have somehow overlaced an invisible page over the page I was looking at and the box I typed the password into was on their page as opposed to the bank's page behind it. I don't know whether this is even possible but can't understand how it could happen otherwise.

To be fair - very bloody clever!!!
Current -: MW E92 M3 Competition Pack / Qashqai+2 Tekna 1.6dci
Gone -: 370Z GT Roadster; BMW X3 3.0d xdrive M Sport; E46 330i M Sport Coupe; Mazda RX8 231; Nissan 350Z GT Roadster; BMW E90 330d M Sport; BMW E92 335i SE; Maserati 4200; Nissan 350Z; Honda S2000; Astra Coupe Turbo; Ford Probe