E90Post
 


 
BMW 3-Series (E90 E92) Forum > BMW E90/E92/E93 3-series General Forums > Regional Forums > UK > UK Off-Topic Discussions > just been a victiom of online banking fraud



Reply
 
Thread Tools Search this Thread
      11-04-2011, 07:45 AM   #1
bimmaguy
Private
 
Drives: BMW 330
Join Date: Nov 2010
Location: UK

Posts: 60
iTrader: (0)

just been a victiom of online banking fraud

just realised this morning someone thas aken 600 from my account.

I was on the net last night and signed into my online halifax banking as normal but after passwords entered it asked for extra security steps, which involved them ringing me to authorise a test payment and asked me to put in a 4 digit pincode the screen showed.

did this and the process completed...everything seemed fine, then checked my account online today and it showed a FPO FAST PAYMENT ORDER of nearly 600 has been sent to another account.

have been on phone with my bank (halifax) and its under fraud investigation and they have informed it is fraud but luckily they will be reimbursing me with the money within 24 hrs.

I'm pretty clued up with IT stuff so was very shocked to see it was fraud .

the fact it asked for security measures after i signed in and then gave me the option to receive an automated call to either a lanndline or mobile, both of which showed up on screen made me think its for real so i followed the process!

so just be careful is what i say with online banking

anyone else been a victim like this??
bimmaguy is offline  
0
Reply With Quote
      11-04-2011, 07:56 AM   #2
E902717
Colonel
 
E902717's Avatar
 
Drives: E91 335d M-Sport
Join Date: Sep 2008
Location: uk

Posts: 2,399
iTrader: (0)

Robbing shit heads!! Are you sure it was the official bank page? When you logged in you must have given them your passwords etc.. never heard of the last bit though sounds very clever.

Look on the bright side you're getting the cash back which you can blow on hookers
__________________
Car: 2011 BMW E91 335D M-Sport
Previous: 2010 BMW E70 X5 3.0D M-Sport - last seen going backwards in a hedge

E902717 is offline   England
0
Reply With Quote
      11-04-2011, 10:07 AM   #3
rogerxp
Major General
 
rogerxp's Avatar
 
Drives: M3 Comp Pack / QQ+2 Tekna
Join Date: May 2008
Location: Stockport, Cheshire

Posts: 5,900
iTrader: (1)

Garage List
I had similar with my work account, about 6k went walkies, but was quickly returned.

I remember logging into the online system as normal (using my bookmark) and logging in with the usual ID, 3 randon digits, etc, then could see all our accounts. Everything seemed normal. Went to make a payment and it asked me to type in my entire password to complete the transaction (which went through correctly).

Now, you may say, NEVER TYPE IN YOUR ENTIRE PASSWORD, but I was already at ease so let my guard down. I accessed the site of my own accord (not prompted by some dodgy e-mail), I'd logged in as normal, could see my own accounts, made a transaction as normal. I just presumed, as I was half way through a normal transaction, they'd changed the security measures to just proceeded to follow the instructions. They must have somehow overlaced an invisible page over the page I was looking at and the box I typed the password into was on their page as opposed to the bank's page behind it. I don't know whether this is even possible but can't understand how it could happen otherwise.

To be fair - very bloody clever!!!
__________________
Current -: MW E92 M3 Competition Pack / Qashqai+2 Tekna 1.6dci
Gone -: 370Z GT Roadster; BMW X3 3.0d xdrive M Sport; E46 330i M Sport Coupe; Mazda RX8 231; Nissan 350Z GT Roadster; BMW E90 330d M Sport; BMW E92 335i SE; Maserati 4200; Nissan 350Z; Honda S2000; Astra Coupe Turbo; Ford Probe
rogerxp is offline   United Kingdom
0
Reply With Quote
      11-04-2011, 10:35 AM   #4
Kerr
Brigadier General
 
Drives: 08' 335i Coupe
Join Date: Dec 2010
Location: Aberdeen

Posts: 3,451
iTrader: (0)

I know a few people who have been caught out including my dad.

He reported it to the police but as the bank returned the money there was no crime in their eyes.

Policeman says only the bank can report it but will not as that would highlight how vast banking fruad is.
Kerr is offline   Scotland
0
Reply With Quote
      11-04-2011, 11:06 AM   #5
briers
Ben
 
briers's Avatar
 
Drives: XFR
Join Date: May 2010
Location: Midlands,UK

Posts: 1,964
iTrader: (0)

This could be spy wear fraud or what they call DNS poisoning

They infect your computer with what they call DNS entries which point to a carbon copy of the barclays web site but the site is hosted on the fraudsters server.

When you login as normal it records the passwords and codes you use and then they can use them to steal the cash.
briers is offline   United Kingdom
0
Reply With Quote
      11-04-2011, 01:27 PM   #6
Darkeeboy
Private First Class
 
Darkeeboy's Avatar
 
Drives: 520d
Join Date: Nov 2008
Location: Worcestershire

Posts: 134
iTrader: (0)

Suffered the same thing as Rogerxp on my hsbc account a month or two ago... normal page, but the bit where it normally says "enter third, fourth and fifth" bit was missing, ergo you think you need to type the entire password.... sneaky and I dont know how they did it as you were actually entering the correct hsbc account pages!
Darkeeboy is offline  
0
Reply With Quote
      11-04-2011, 07:08 PM   #7
briers
Ben
 
briers's Avatar
 
Drives: XFR
Join Date: May 2010
Location: Midlands,UK

Posts: 1,964
iTrader: (0)

They poison the dns

So it all appears to be HSBC but its actually their site.

Or spyware in the browser changes the page in realtime but this doesn't work well in ie
briers is offline   United Kingdom
0
Reply With Quote
      11-05-2011, 04:25 AM   #8
rich1068
has left the building
 
Drives: F30 330d M Sport
Join Date: Oct 2010
Location: UK

Posts: 3,363
iTrader: (0)

All this is a new one on me. Is it something you have to download and install? Surely it is? ie AV software not up to the job?
rich1068 is offline   United Kingdom
0
Reply With Quote
      11-06-2011, 03:04 PM   #9
neil@JuicedUpTuning
 
neil@JuicedUpTuning's Avatar
 
Drives: BMW 135i
Join Date: Aug 2010
Location: UK

Posts: 691
iTrader: (1)

I normally don't venture into the off topics that often but this area is a particular interest to me as we are an online business...

Quote:
Originally Posted by briers View Post
This could be spy wear fraud or what they call DNS poisoning

They infect your computer with what they call DNS entries which point to a carbon copy of the barclays web site but the site is hosted on the fraudsters server.

When you login as normal it records the passwords and codes you use and then they can use them to steal the cash.
Not so long ago the IT industry scrambled to fix DNS. A security researcher revealed DNS to have a significant security flaw that would undermine how the internet works. DNS is the big Yellow Pages of the internet that matches a website address to the website servers.

Whilst the big players of the IT world moved to fix the security hole a number of internet service providers failed to address the problem and were compromised by hackers using the technique. This meant people were redirected to fake sites instead of the real website.

As briers if you computer is infected you can be redirected to fake sites using a similar method but rather than the internet DNS system being poisoned its done locally on your computer.

For those who have been defrauded and your not sure if you visited the real site or a fake site then you should take the view that your computer has been compromised.

Fake Website Banking kits can be purchased for a few 's of various sites and setup in minutes. Some are rubbish and some are unbelievable in how good they are.

Really you should have your computer wiped clean and rebuilt from scratch to ensure your machine is 100% free of infection. Scanning with latest AV and Anti-spy ware will not provide 100% confidence that all is removed.

You should also as a matter of course change all of your sensitive information entered onto your computer. Including user names and passwords of email accounts, website logon information and another information.

Quote:
Originally Posted by rich1068 View Post
All this is a new one on me. Is it something you have to download and install? Surely it is? ie AV software not up to the job?
There are many ways you can be infected with spyware and virus's. Simply visiting a website that is infected can allow a hacker to infect your PC. There are methods that hackers use to infect a legit website with malicious code. A comments page for example can allow a hacker to add a comment that when viewed on your computer who attempt to infect your computer without the legit website owners knowledge.

Many of these exploits work because your computer is not up to date with all the security patches, AV definitions. Website browsers have flaws and the hackers target those weaknesses/security holes.


Quote:
Originally Posted by briers View Post
They poison the dns

So it all appears to be HSBC but its actually their site.

Or spyware in the browser changes the page in realtime but this doesn't work well in ie
Another simple method is key logging and screen grabbing spyware. This method captures all the keys you entered whilst taking screen shots of whats appearing on your monitor. This information is then sent to a hacker.

Banks use a combination of usernames, passwords and a secret code. The bank website only asks for part of the code each time. This makes makes it harder to bypass. However screen grabs will show what you have selected and is only a matter of time before a hacker would have enough information to build up your secret code from multiple screen grabs and key logging.

Many banks offer security fobs that provide "One time password authentication" meaning that a code can only be used once and once only. This renders key loggers useless when comes to reusing the code. Sadly it seems its not a standard practice in the UK to issue these to the masses.

A rarely used method of checking the legitimacy of a website is via its certificate. By checking the certificate and knowing what to look for will show if the site is legit or not. DNS poisoning can redirect you to a fake site, the fake site does not have the correct certificate. A fake certificate can be created but knowing what to look for will identify a real or fake site. Google "How to check a website certificate"

Shame banks don't spend money advertising on TV and radio how to spot fraud. Not everyone reads the small statements on their websites.

What I also done understand is why banks call you up unsolicited then ask you to confirm who you are by providing security information. Ask them to confirm who they are and they tell me they cant due to the "Data protection act"

Further reading is on "Man in the middle attacks".

my 2p

Last edited by neil@JuicedUpTuning; 11-06-2011 at 03:15 PM.
neil@JuicedUpTuning is offline   United Kingdom
0
Reply With Quote
      11-06-2011, 03:56 PM   #10
rich1068
has left the building
 
Drives: F30 330d M Sport
Join Date: Oct 2010
Location: UK

Posts: 3,363
iTrader: (0)

Quote:
Originally Posted by neil@JuicedUpTuning View Post
Many of these exploits work because your computer is not up to date with all the security patches, AV definitions. Website browsers have flaws and the hackers target those weaknesses/security holes.
So it's that old chestnut again basically?
rich1068 is offline   United Kingdom
0
Reply With Quote
      11-06-2011, 05:09 PM   #11
neil@JuicedUpTuning
 
neil@JuicedUpTuning's Avatar
 
Drives: BMW 135i
Join Date: Aug 2010
Location: UK

Posts: 691
iTrader: (1)

Quote:
Originally Posted by rich1068 View Post
So it's that old chestnut again basically?
Yeah, same old.

There are "Zero day exploits" which are previously unknown security holes/weaknesses that a hacker finds and uses before the IT Security research industry does. Only when the exploit is used publicly (in the "Wild") do they identify it and produce virus/spyware definitions or security patches to stop it.
neil@JuicedUpTuning is offline   United Kingdom
0
Reply With Quote
      11-06-2011, 05:24 PM   #12
zltm089
Major General
 
zltm089's Avatar
 
Drives: 335i SE Coupe Space Grey
Join Date: Nov 2008
Location: LONDON

Posts: 7,311
iTrader: (0)

Garage List
2006 BMW 335i  [5.00]
bloody hell!!! ....

I received an email from "halifax" a few weeks ago....looked very genuine...but then i spotted their email address....

those dodgy bast*rds... hope they burn in hell!...
__________________

Current Car: E92 335i SE Dream Cars: AMG SL65 Black,GallardoSuperleggera, GTR 2012, Agera R, F430 Scuderia, DBS, EVO X FQ400, Lexus LFA, F10 M5, M4, GT3 RS4.0, Ferrari 458, Ferrari F12, R8 V10 plus, Jaguar F Type V8, Lamborghini LP700-4 Aventador, Chevrolet Camaro ZL1, C63 AMG Coupe Black, Vanquish 2012, Laferrari, GT3 991, McLaren 650s.
zltm089 is offline   United Kingdom
0
Reply With Quote
      11-14-2011, 05:57 PM   #13
rich1068
has left the building
 
Drives: F30 330d M Sport
Join Date: Oct 2010
Location: UK

Posts: 3,363
iTrader: (0)

Interesting

http://www.theregister.co.uk/2011/11...s_dns_changer/
rich1068 is offline   United Kingdom
0
Reply With Quote
      11-15-2011, 04:06 AM   #14
MEGA
Dieseasal
 
MEGA's Avatar
 
Drives: LCI E92 335d M-Sport
Join Date: Jan 2009
Location: Harrow, London

Posts: 6,826
iTrader: (2)

Send a message via MSN to MEGA
NB. DNS changing software simply changes the DNS that your machine uses from the default (your ISP usually) to their own DNS. You then go to what you think is barclays, but it's actually the bank of Mojumbo, Nigeria: Or whatever.

The alternative method which may have affected Roger is using javascript to inject additional code into pages; etc.

The simple fact is though that if you don't click anything dodgy on the net; have proper firewall and antivirus updated regularly: This won't get you. I imagine those affected have either been naughty boys or it's a family computer and someone else in the house has?

The main thing is a GOOD antivirus will catch these issues even if your machine is compromised - although it may take a day or two to catch up with the latest malware unfortunately. It's important that your signatures automatically update and that you enable smart protection or scan weekly.

Lastly; any damage done by a 0-day malware release that's hit your machine may not be undone by the antivirus software. If your software flags up an issue: It will remove the problem but can't be aware of what has been changed. Bringing it back to this example then; If software has changed your DNS settings then you might remove the software but it won't resolve your DNS. You need to be aware of the impact any detected malware may have had. A bit of googling isn't a bad idea.

And of course; if you are running Windows 7 64-bit with the standard UAC settings: Then the issue mentioned above cannot happen; ipconfig is a secured piece of configuration that only an administrator can change.

This is a subject that could run and run obviously. Bringing it back on topic it's good that the bank are refunding the money... It shows that their aware that this is a serious problem and it certainly sounds very sophisticated. I guess the lesson is that any changes to their security policy will be sent to you in writing or be shown in the first page flash screen.. So if something has changed unexpectantly: Give them a call.

__________________
Previously: 2003 Peugeot 206 1.6 8v | 2006 E90 320d M-Sport, 19" BBS CH, Full Ice-cold JL audio install, August 2010 Total BMW 6 page feature car. | 2003 Nissan 350Z GT Coupe 286BHP
Now:2010 E92 LCI 335d M-Sport
MEGA is offline   United Kingdom
0
Reply With Quote
Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 07:12 AM.




e90post
Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST