View Single Post
      11-06-2011, 04:04 PM   #9
neil@JuicedUpTuning's Avatar
United Kingdom

Drives: BMW 135i
Join Date: Aug 2010
Location: UK

iTrader: (1)

I normally don't venture into the off topics that often but this area is a particular interest to me as we are an online business...

Originally Posted by briers View Post
This could be spy wear fraud or what they call DNS poisoning

They infect your computer with what they call DNS entries which point to a carbon copy of the barclays web site but the site is hosted on the fraudsters server.

When you login as normal it records the passwords and codes you use and then they can use them to steal the cash.
Not so long ago the IT industry scrambled to fix DNS. A security researcher revealed DNS to have a significant security flaw that would undermine how the internet works. DNS is the big Yellow Pages of the internet that matches a website address to the website servers.

Whilst the big players of the IT world moved to fix the security hole a number of internet service providers failed to address the problem and were compromised by hackers using the technique. This meant people were redirected to fake sites instead of the real website.

As briers if you computer is infected you can be redirected to fake sites using a similar method but rather than the internet DNS system being poisoned its done locally on your computer.

For those who have been defrauded and your not sure if you visited the real site or a fake site then you should take the view that your computer has been compromised.

Fake Website Banking kits can be purchased for a few 's of various sites and setup in minutes. Some are rubbish and some are unbelievable in how good they are.

Really you should have your computer wiped clean and rebuilt from scratch to ensure your machine is 100% free of infection. Scanning with latest AV and Anti-spy ware will not provide 100% confidence that all is removed.

You should also as a matter of course change all of your sensitive information entered onto your computer. Including user names and passwords of email accounts, website logon information and another information.

Originally Posted by rich1068 View Post
All this is a new one on me. Is it something you have to download and install? Surely it is? ie AV software not up to the job?
There are many ways you can be infected with spyware and virus's. Simply visiting a website that is infected can allow a hacker to infect your PC. There are methods that hackers use to infect a legit website with malicious code. A comments page for example can allow a hacker to add a comment that when viewed on your computer who attempt to infect your computer without the legit website owners knowledge.

Many of these exploits work because your computer is not up to date with all the security patches, AV definitions. Website browsers have flaws and the hackers target those weaknesses/security holes.

Originally Posted by briers View Post
They poison the dns

So it all appears to be HSBC but its actually their site.

Or spyware in the browser changes the page in realtime but this doesn't work well in ie
Another simple method is key logging and screen grabbing spyware. This method captures all the keys you entered whilst taking screen shots of whats appearing on your monitor. This information is then sent to a hacker.

Banks use a combination of usernames, passwords and a secret code. The bank website only asks for part of the code each time. This makes makes it harder to bypass. However screen grabs will show what you have selected and is only a matter of time before a hacker would have enough information to build up your secret code from multiple screen grabs and key logging.

Many banks offer security fobs that provide "One time password authentication" meaning that a code can only be used once and once only. This renders key loggers useless when comes to reusing the code. Sadly it seems its not a standard practice in the UK to issue these to the masses.

A rarely used method of checking the legitimacy of a website is via its certificate. By checking the certificate and knowing what to look for will show if the site is legit or not. DNS poisoning can redirect you to a fake site, the fake site does not have the correct certificate. A fake certificate can be created but knowing what to look for will identify a real or fake site. Google "How to check a website certificate"

Shame banks don't spend money advertising on TV and radio how to spot fraud. Not everyone reads the small statements on their websites.

What I also done understand is why banks call you up unsolicited then ask you to confirm who you are by providing security information. Ask them to confirm who they are and they tell me they cant due to the "Data protection act"

Further reading is on "Man in the middle attacks".

my 2p

Last edited by neil@JuicedUpTuning; 11-06-2011 at 04:15 PM.