E90Post
 


Coby Wheel
 
BMW 3-Series (E90 E92) Forum > BMW E90/E92/E93 3-series General Forums > Regional Forums > UK > UK Off-Topic Discussions > just been a victiom of online banking fraud



Reply
 
Thread Tools Search this Thread
      11-04-2011, 07:45 AM   #1
bimmaguy
Major
83
Rep
1,070
Posts

Drives: BMW F01 730d M Sport
Join Date: Nov 2010
Location: Yorkshire

iTrader: (3)

just been a victiom of online banking fraud

just realised this morning someone thas aken £600 from my account.

I was on the net last night and signed into my online halifax banking as normal but after passwords entered it asked for extra security steps, which involved them ringing me to authorise a test payment and asked me to put in a 4 digit pincode the screen showed.

did this and the process completed...everything seemed fine, then checked my account online today and it showed a FPO FAST PAYMENT ORDER of nearly £600 has been sent to another account.

have been on phone with my bank (halifax) and its under fraud investigation and they have informed it is fraud but luckily they will be reimbursing me with the money within 24 hrs.

I'm pretty clued up with IT stuff so was very shocked to see it was fraud .

the fact it asked for security measures after i signed in and then gave me the option to receive an automated call to either a lanndline or mobile, both of which showed up on screen made me think its for real so i followed the process!

so just be careful is what i say with online banking

anyone else been a victim like this??
Appreciate 0
      11-04-2011, 07:56 AM   #2
E902717
Colonel
E902717's Avatar
England
56
Rep
2,402
Posts

Drives: E91 335d M-Sport
Join Date: Sep 2008
Location: uk

iTrader: (0)

Robbing shit heads!! Are you sure it was the official bank page? When you logged in you must have given them your passwords etc.. never heard of the last bit though sounds very clever.

Look on the bright side you're getting the cash back which you can blow on hookers
__________________
Car: 2011 BMW E91 335D M-Sport
Previous: 2010 BMW E70 X5 3.0D M-Sport - last seen going backwards in a hedge

Appreciate 0
      11-04-2011, 10:07 AM   #3
rogerxp
Major General
rogerxp's Avatar
United Kingdom
164
Rep
5,950
Posts

Drives: M3 Comp Pack / QQ+2 Tekna
Join Date: May 2008
Location: Stockport, Cheshire

iTrader: (1)

Garage List
I had similar with my work account, about £6k went walkies, but was quickly returned.

I remember logging into the online system as normal (using my bookmark) and logging in with the usual ID, 3 randon digits, etc, then could see all our accounts. Everything seemed normal. Went to make a payment and it asked me to type in my entire password to complete the transaction (which went through correctly).

Now, you may say, NEVER TYPE IN YOUR ENTIRE PASSWORD, but I was already at ease so let my guard down. I accessed the site of my own accord (not prompted by some dodgy e-mail), I'd logged in as normal, could see my own accounts, made a transaction as normal. I just presumed, as I was half way through a normal transaction, they'd changed the security measures to just proceeded to follow the instructions. They must have somehow overlaced an invisible page over the page I was looking at and the box I typed the password into was on their page as opposed to the bank's page behind it. I don't know whether this is even possible but can't understand how it could happen otherwise.

To be fair - very bloody clever!!!
__________________
Current -: MW E92 M3 Competition Pack / Qashqai+2 Tekna 1.6dci
Gone -: 370Z GT Roadster; BMW X3 3.0d xdrive M Sport; E46 330i M Sport Coupe; Mazda RX8 231; Nissan 350Z GT Roadster; BMW E90 330d M Sport; BMW E92 335i SE; Maserati 4200; Nissan 350Z; Honda S2000; Astra Coupe Turbo; Ford Probe
Appreciate 0
      11-04-2011, 10:35 AM   #4
Kerr
Brigadier General
Scotland
111
Rep
4,021
Posts

Drives: BMW M235I
Join Date: Dec 2010
Location: Aberdeen

iTrader: (0)

I know a few people who have been caught out including my dad.

He reported it to the police but as the bank returned the money there was no crime in their eyes.

Policeman says only the bank can report it but will not as that would highlight how vast banking fruad is.
Appreciate 0
      11-04-2011, 11:06 AM   #5
briers
Ben
briers's Avatar
United Kingdom
62
Rep
1,992
Posts

Drives: Tesla p85d
Join Date: May 2010
Location: Midlands,UK

iTrader: (0)

This could be spy wear fraud or what they call DNS poisoning

They infect your computer with what they call DNS entries which point to a carbon copy of the barclays web site but the site is hosted on the fraudsters server.

When you login as normal it records the passwords and codes you use and then they can use them to steal the cash.
Appreciate 0
      11-04-2011, 01:27 PM   #6
Darkeeboy
Private First Class
Darkeeboy's Avatar
United Kingdom
24
Rep
168
Posts

Drives: X5M50i
Join Date: Nov 2008
Location: Worcestershire

iTrader: (0)

Suffered the same thing as Rogerxp on my hsbc account a month or two ago... normal page, but the bit where it normally says "enter third, fourth and fifth" bit was missing, ergo you think you need to type the entire password.... sneaky and I dont know how they did it as you were actually entering the correct hsbc account pages!
Appreciate 0
      11-04-2011, 07:08 PM   #7
briers
Ben
briers's Avatar
United Kingdom
62
Rep
1,992
Posts

Drives: Tesla p85d
Join Date: May 2010
Location: Midlands,UK

iTrader: (0)

They poison the dns

So it all appears to be HSBC but its actually their site.

Or spyware in the browser changes the page in realtime but this doesn't work well in ie
Appreciate 0
      11-05-2011, 04:25 AM   #8
rich1068
has left the building
United Kingdom
90
Rep
3,359
Posts

Drives: F30 330d M Sport
Join Date: Oct 2010
Location: UK

iTrader: (0)

All this is a new one on me. Is it something you have to download and install? Surely it is? ie AV software not up to the job?
Appreciate 0
      11-06-2011, 02:04 PM   #9
neil@JuicedUpTuning
neil@JuicedUpTuning's Avatar
United Kingdom
14
Rep
454
Posts

Drives: BMW 135i
Join Date: Aug 2010
Location: UK

iTrader: (1)

I normally don't venture into the off topics that often but this area is a particular interest to me as we are an online business...

Quote:
Originally Posted by briers View Post
This could be spy wear fraud or what they call DNS poisoning

They infect your computer with what they call DNS entries which point to a carbon copy of the barclays web site but the site is hosted on the fraudsters server.

When you login as normal it records the passwords and codes you use and then they can use them to steal the cash.
Not so long ago the IT industry scrambled to fix DNS. A security researcher revealed DNS to have a significant security flaw that would undermine how the internet works. DNS is the big Yellow Pages of the internet that matches a website address to the website servers.

Whilst the big players of the IT world moved to fix the security hole a number of internet service providers failed to address the problem and were compromised by hackers using the technique. This meant people were redirected to fake sites instead of the real website.

As briers if you computer is infected you can be redirected to fake sites using a similar method but rather than the internet DNS system being poisoned its done locally on your computer.

For those who have been defrauded and your not sure if you visited the real site or a fake site then you should take the view that your computer has been compromised.

Fake Website Banking kits can be purchased for a few £'s of various sites and setup in minutes. Some are rubbish and some are unbelievable in how good they are.

Really you should have your computer wiped clean and rebuilt from scratch to ensure your machine is 100% free of infection. Scanning with latest AV and Anti-spy ware will not provide 100% confidence that all is removed.

You should also as a matter of course change all of your sensitive information entered onto your computer. Including user names and passwords of email accounts, website logon information and another information.

Quote:
Originally Posted by rich1068 View Post
All this is a new one on me. Is it something you have to download and install? Surely it is? ie AV software not up to the job?
There are many ways you can be infected with spyware and virus's. Simply visiting a website that is infected can allow a hacker to infect your PC. There are methods that hackers use to infect a legit website with malicious code. A comments page for example can allow a hacker to add a comment that when viewed on your computer who attempt to infect your computer without the legit website owners knowledge.

Many of these exploits work because your computer is not up to date with all the security patches, AV definitions. Website browsers have flaws and the hackers target those weaknesses/security holes.


Quote:
Originally Posted by briers View Post
They poison the dns

So it all appears to be HSBC but its actually their site.

Or spyware in the browser changes the page in realtime but this doesn't work well in ie
Another simple method is key logging and screen grabbing spyware. This method captures all the keys you entered whilst taking screen shots of whats appearing on your monitor. This information is then sent to a hacker.

Banks use a combination of usernames, passwords and a secret code. The bank website only asks for part of the code each time. This makes makes it harder to bypass. However screen grabs will show what you have selected and is only a matter of time before a hacker would have enough information to build up your secret code from multiple screen grabs and key logging.

Many banks offer security fobs that provide "One time password authentication" meaning that a code can only be used once and once only. This renders key loggers useless when comes to reusing the code. Sadly it seems its not a standard practice in the UK to issue these to the masses.

A rarely used method of checking the legitimacy of a website is via its certificate. By checking the certificate and knowing what to look for will show if the site is legit or not. DNS poisoning can redirect you to a fake site, the fake site does not have the correct certificate. A fake certificate can be created but knowing what to look for will identify a real or fake site. Google "How to check a website certificate"

Shame banks don't spend money advertising on TV and radio how to spot fraud. Not everyone reads the small statements on their websites.

What I also done understand is why banks call you up unsolicited then ask you to confirm who you are by providing security information. Ask them to confirm who they are and they tell me they cant due to the "Data protection act"

Further reading is on "Man in the middle attacks".

my 2p

Last edited by neil@JuicedUpTuning; 11-06-2011 at 02:15 PM..
Appreciate 0
      11-06-2011, 02:56 PM   #10
rich1068
has left the building
United Kingdom
90
Rep
3,359
Posts

Drives: F30 330d M Sport
Join Date: Oct 2010
Location: UK

iTrader: (0)

Quote:
Originally Posted by neil@JuicedUpTuning View Post
Many of these exploits work because your computer is not up to date with all the security patches, AV definitions. Website browsers have flaws and the hackers target those weaknesses/security holes.
So it's that old chestnut again basically?
Appreciate 0
      11-06-2011, 04:09 PM   #11
neil@JuicedUpTuning
neil@JuicedUpTuning's Avatar
United Kingdom
14
Rep
454
Posts

Drives: BMW 135i
Join Date: Aug 2010
Location: UK

iTrader: (1)

Quote:
Originally Posted by rich1068 View Post
So it's that old chestnut again basically?
Yeah, same old.

There are "Zero day exploits" which are previously unknown security holes/weaknesses that a hacker finds and uses before the IT Security research industry does. Only when the exploit is used publicly (in the "Wild") do they identify it and produce virus/spyware definitions or security patches to stop it.
Appreciate 0
      11-06-2011, 04:24 PM   #12
zltm089
Banned
zltm089's Avatar
United Kingdom
240
Rep
7,690
Posts

Drives: 335i SE Coupe Space Grey
Join Date: Nov 2008
Location: LONDON

iTrader: (0)

Garage List
2006 BMW 335i  [10.00]
bloody hell!!! ....

I received an email from "halifax" a few weeks ago....looked very genuine...but then i spotted their email address....

those dodgy bast*rds... hope they burn in hell!...
Appreciate 0
      11-14-2011, 04:57 PM   #13
rich1068
has left the building
United Kingdom
90
Rep
3,359
Posts

Drives: F30 330d M Sport
Join Date: Oct 2010
Location: UK

iTrader: (0)

Interesting

http://www.theregister.co.uk/2011/11...s_dns_changer/
Appreciate 0
      11-15-2011, 03:06 AM   #14
MEGA
Dieseasal
MEGA's Avatar
United Kingdom
204
Rep
6,881
Posts

Drives: LCI E92 335d M-Sport
Join Date: Jan 2009
Location: Harrow, London

iTrader: (2)

NB. DNS changing software simply changes the DNS that your machine uses from the default (your ISP usually) to their own DNS. You then go to what you think is barclays, but it's actually the bank of Mojumbo, Nigeria: Or whatever.

The alternative method which may have affected Roger is using javascript to inject additional code into pages; etc.

The simple fact is though that if you don't click anything dodgy on the net; have proper firewall and antivirus updated regularly: This won't get you. I imagine those affected have either been naughty boys or it's a family computer and someone else in the house has?

The main thing is a GOOD antivirus will catch these issues even if your machine is compromised - although it may take a day or two to catch up with the latest malware unfortunately. It's important that your signatures automatically update and that you enable smart protection or scan weekly.

Lastly; any damage done by a 0-day malware release that's hit your machine may not be undone by the antivirus software. If your software flags up an issue: It will remove the problem but can't be aware of what has been changed. Bringing it back to this example then; If software has changed your DNS settings then you might remove the software but it won't resolve your DNS. You need to be aware of the impact any detected malware may have had. A bit of googling isn't a bad idea.

And of course; if you are running Windows 7 64-bit with the standard UAC settings: Then the issue mentioned above cannot happen; ipconfig is a secured piece of configuration that only an administrator can change.

This is a subject that could run and run obviously. Bringing it back on topic it's good that the bank are refunding the money... It shows that their aware that this is a serious problem and it certainly sounds very sophisticated. I guess the lesson is that any changes to their security policy will be sent to you in writing or be shown in the first page flash screen.. So if something has changed unexpectantly: Give them a call.

__________________
Previously: 2003 Peugeot 206 1.6 8v | 2006 E90 320d M-Sport, 19" BBS CH, Full Ice-cold JL audio install, August 2010 Total BMW 6 page feature car. | 2003 Nissan 350Z GT Coupe 286BHP
Now:2010 E92 LCI 335d M-Sport
Appreciate 0
Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 04:39 AM.




e90post
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST