Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



52 posts

Master Geek


Topic # 138667 12-Jan-2014 22:57 Send private message

My daughter was upset tonight that her friend had had his bank account hacked and all his money nicked. She asked how that could be done. We had a good discussion but we didn't have a complete answer as to how this could be done and I wondered if anyone could enlighten me?

I understand phishing and key logging and ways to get an person's details. But what i don't understand is how they get away with the stealing?

Senario1:
I nick a few dollars from someone's bank account. Simply transfer it into my account. But the Police would know it's me since it's gone to my account. Caught red handed.

Senario2:
Same deal. Only the money goes into a spoof bank account. Now how do I set that up since I need my passport, electric bill, a reference and what I had for breakfast as ID before I can set up the account. Can't be done?

Senario3:
I simply use the stolen account details to buy good on-line. 100" TV lands at my place. A few days later the Police arrive too as they have my address from the purchase.

Senario4:
Same deal. Only I have a place I just use for deliveries. Again, how do I set that up and really! - I'd need to establish a different delivery address for my ongoing theft.

I can see there being some controversy with me asking this question, but it just confounds me how people can establish a spoof identity/location and become invisible.

I think I'd fail MI5 trials.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5
2316 posts

Uber Geek
+1 received by user: 264

Trusted
Microsoft NZ

  Reply # 965785 12-Jan-2014 22:58 Send private message

What did the bank say?

what do their statements show?

785 posts

Ultimate Geek
+1 received by user: 227

Subscriber

  Reply # 965786 12-Jan-2014 23:00 One person supports this post Send private message

Transfer the money to an unsuspecting person who you ask to transfer 90% via western union and keep the 10% as commission.

Pretty common, and as a bonus, you get to screw 2 people over in he same transaction.
Once the money's offshore it's pretty hard to follow. 

Another possibility, is the person is known and was "vaguely" given permission. Once there is a suggestion of permission, things get murky.

349 posts

Ultimate Geek
+1 received by user: 59


  Reply # 965801 12-Jan-2014 23:48 Send private message

Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.




Regards
Stefan Andres Charsley

5085 posts

Uber Geek
+1 received by user: 697


  Reply # 965803 12-Jan-2014 23:55 Send private message

charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


westpac doesn't



349 posts

Ultimate Geek
+1 received by user: 59


  Reply # 965805 12-Jan-2014 23:59 Send private message

According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/




Regards
Stefan Andres Charsley

5085 posts

Uber Geek
+1 received by user: 697


  Reply # 965806 13-Jan-2014 00:00 Send private message

charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."

2475 posts

Uber Geek
+1 received by user: 515

Trusted
Vodafone NZ
Subscriber

  Reply # 965807 13-Jan-2014 00:01 Send private message

charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


This guy has been watching too much Sherlock Holmes




Unless otherwise stated, any views or opinions expressed are solely those of myself and do not represent those of Vodafone New Zealand Limited. If you need help related to a Vodafone product or service feel free to message me and ill do my best to assist you.
  


2475 posts

Uber Geek
+1 received by user: 515

Trusted
Vodafone NZ
Subscriber

  Reply # 965808 13-Jan-2014 00:02 Send private message

NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.




Unless otherwise stated, any views or opinions expressed are solely those of myself and do not represent those of Vodafone New Zealand Limited. If you need help related to a Vodafone product or service feel free to message me and ill do my best to assist you.
  


349 posts

Ultimate Geek
+1 received by user: 59


  Reply # 965809 13-Jan-2014 00:04 Send private message

TimA:
charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


This guy has been watching too much Sherlock Holmes


Haha Maybe...

I'm a software developer so it's good for me to know about security and a good way to learn about good/bad practices is how to get around security measures that are in place.




Regards
Stefan Andres Charsley

1282 posts

Uber Geek
+1 received by user: 8


  Reply # 965810 13-Jan-2014 00:08 Send private message

TimA:
NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.


Over the last 4 weeks I have logged in from over 6 different countries and never had 2 stage verification to login. 
I do have online guardian setup though as if i try and transfer large amount ($1000+) then I have to verify via txt.

Edit: Just used my VPN to login from Russia and it still let me straight in. 

349 posts

Ultimate Geek
+1 received by user: 59


  Reply # 965811 13-Jan-2014 00:14 Send private message

jbard:
TimA:
NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.


Over the last 4 weeks I have logged in from over 6 different countries and never had 2 stage verification to login. 
I do have online guardian setup though as if i try and transfer large amount ($1000+) then I have to verify via txt.

Edit: Just used my VPN to login from Russia and it still let me straight in. 


It's probably done by cookies, that's how most of the Web does it, and it's quite secure as well if you encrypt the cookie so the client computer can't read the contents of the cookie. And since all banks use HTTPS for their online banking then that's the transit encryption sorted.




Regards
Stefan Andres Charsley

1282 posts

Uber Geek
+1 received by user: 8


  Reply # 965813 13-Jan-2014 00:15 Send private message

charsleysa:
jbard:
TimA:
NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.


Over the last 4 weeks I have logged in from over 6 different countries and never had 2 stage verification to login. 
I do have online guardian setup though as if i try and transfer large amount ($1000+) then I have to verify via txt.

Edit: Just used my VPN to login from Russia and it still let me straight in. 


It's probably done by cookies, that's how most of the Web does it, and it's quite secure as well if you encrypt the cookie so the client computer can't read the contents of the cookie. And since all banks use HTTPS for their online banking then that's the transit encryption sorted.



Yep I thought so as well but I tried the same thing from inside a VM and it still let me through. 


2916 posts

Uber Geek
+1 received by user: 267

Trusted
Subscriber

  Reply # 965814 13-Jan-2014 00:16 Send private message

Same experience here on Westpac. I always wonder why the heck I need to setup those questions if I actually never been asked/challenged.

ANZ bank on the other hand always send a code to the mobile phone to verify your login (I love this).

Edit: after reading this thread, i quickly change my assword. the last time I changed it was in 2012!






349 posts

Ultimate Geek
+1 received by user: 59


  Reply # 965816 13-Jan-2014 00:21 Send private message

Hmm maybe they have a fuzzy logic algorithm that uses multiple parameters to determine a possible fraud.

The parameters could include things like data from cookies, IP address, geo lookup of IP address, frequency of visits from location, browser types, operating system types, platforms, activity while logged in, etc.




Regards
Stefan Andres Charsley

2475 posts

Uber Geek
+1 received by user: 515

Trusted
Vodafone NZ
Subscriber

  Reply # 965817 13-Jan-2014 00:21 Send private message

I think we can conclude this by saying we all need Norton and CCleaner to get rid of cookies in our PC's. We shall not watch pron or play Java based games or download Linux ISO's.




Unless otherwise stated, any views or opinions expressed are solely those of myself and do not represent those of Vodafone New Zealand Limited. If you need help related to a Vodafone product or service feel free to message me and ill do my best to assist you.
  


 1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Logitech K400r HTPC Cordless Keyboard Half Price
Created by Dynamic, last reply by Blanch on 28-Jul-2014 22:16 (25 replies)
Pages... 2


Dick Smith in Continual Sale Mode
Created by Dynamic, last reply by DarrenJ on 29-Jul-2014 12:40 (63 replies)
Pages... 3 4 5


Checking UHF aerial is working
Created by OnceBitten, last reply by B1GGLZ on 28-Jul-2014 21:49 (21 replies)
Pages... 2


2 x PS4s to give away. Geekzone members only.
Created by BigPipeNZ, last reply by hangon on 29-Jul-2014 12:41 (39 replies)
Pages... 2 3


Is chorus going to deliberately slow adsl internet down
Created by rugrat, last reply by juha on 26-Jul-2014 14:25 (54 replies)
Pages... 2 3 4


What Size iphone 6 will you be buying?
Created by mattbush, last reply by myopinion on 26-Jul-2014 20:19 (35 replies)
Pages... 2 3


VF, why you lie to me?
Created by kenkeniff, last reply by TimA on 29-Jul-2014 12:42 (33 replies)
Pages... 2 3


2010 Honda Jazz, Suzuki Swift - which has higher maintenance cost?
Created by joker97, last reply by joker97 on 29-Jul-2014 12:08 (33 replies)
Pages... 2 3



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.