Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.




58 posts

Master Geek


Topic # 138667 12-Jan-2014 22:57 Send private message

My daughter was upset tonight that her friend had had his bank account hacked and all his money nicked. She asked how that could be done. We had a good discussion but we didn't have a complete answer as to how this could be done and I wondered if anyone could enlighten me?

I understand phishing and key logging and ways to get an person's details. But what i don't understand is how they get away with the stealing?

Senario1:
I nick a few dollars from someone's bank account. Simply transfer it into my account. But the Police would know it's me since it's gone to my account. Caught red handed.

Senario2:
Same deal. Only the money goes into a spoof bank account. Now how do I set that up since I need my passport, electric bill, a reference and what I had for breakfast as ID before I can set up the account. Can't be done?

Senario3:
I simply use the stolen account details to buy good on-line. 100" TV lands at my place. A few days later the Police arrive too as they have my address from the purchase.

Senario4:
Same deal. Only I have a place I just use for deliveries. Again, how do I set that up and really! - I'd need to establish a different delivery address for my ongoing theft.

I can see there being some controversy with me asking this question, but it just confounds me how people can establish a spoof identity/location and become invisible.

I think I'd fail MI5 trials.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5
2793 posts

Uber Geek
+1 received by user: 424

Trusted
Microsoft NZ

  Reply # 965785 12-Jan-2014 22:58 Send private message

What did the bank say?

what do their statements show?

896 posts

Ultimate Geek
+1 received by user: 301


  Reply # 965786 12-Jan-2014 23:00 One person supports this post Send private message

Transfer the money to an unsuspecting person who you ask to transfer 90% via western union and keep the 10% as commission.

Pretty common, and as a bonus, you get to screw 2 people over in he same transaction.
Once the money's offshore it's pretty hard to follow. 

Another possibility, is the person is known and was "vaguely" given permission. Once there is a suggestion of permission, things get murky.

567 posts

Ultimate Geek
+1 received by user: 114


  Reply # 965801 12-Jan-2014 23:48 Send private message

Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.




Regards
Stefan Andres Charsley

5315 posts

Uber Geek
+1 received by user: 813


  Reply # 965803 12-Jan-2014 23:55 Send private message

charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


westpac doesn't



567 posts

Ultimate Geek
+1 received by user: 114


  Reply # 965805 12-Jan-2014 23:59 Send private message

According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/




Regards
Stefan Andres Charsley

5315 posts

Uber Geek
+1 received by user: 813


  Reply # 965806 13-Jan-2014 00:00 Send private message

charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."

70Mb/s VDSL @ Home
3269 posts

Uber Geek
+1 received by user: 935

Trusted
Subscriber

  Reply # 965807 13-Jan-2014 00:01 Send private message

charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


This guy has been watching too much Sherlock Holmes




 


70Mb/s VDSL @ Home
3269 posts

Uber Geek
+1 received by user: 935

Trusted
Subscriber

  Reply # 965808 13-Jan-2014 00:02 Send private message

NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.




 


567 posts

Ultimate Geek
+1 received by user: 114


  Reply # 965809 13-Jan-2014 00:04 Send private message

TimA:
charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


This guy has been watching too much Sherlock Holmes


Haha Maybe...

I'm a software developer so it's good for me to know about security and a good way to learn about good/bad practices is how to get around security measures that are in place.




Regards
Stefan Andres Charsley

1296 posts

Uber Geek
+1 received by user: 12


  Reply # 965810 13-Jan-2014 00:08 Send private message

TimA:
NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.


Over the last 4 weeks I have logged in from over 6 different countries and never had 2 stage verification to login. 
I do have online guardian setup though as if i try and transfer large amount ($1000+) then I have to verify via txt.

Edit: Just used my VPN to login from Russia and it still let me straight in. 

567 posts

Ultimate Geek
+1 received by user: 114


  Reply # 965811 13-Jan-2014 00:14 Send private message

jbard:
TimA:
NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.


Over the last 4 weeks I have logged in from over 6 different countries and never had 2 stage verification to login. 
I do have online guardian setup though as if i try and transfer large amount ($1000+) then I have to verify via txt.

Edit: Just used my VPN to login from Russia and it still let me straight in. 


It's probably done by cookies, that's how most of the Web does it, and it's quite secure as well if you encrypt the cookie so the client computer can't read the contents of the cookie. And since all banks use HTTPS for their online banking then that's the transit encryption sorted.




Regards
Stefan Andres Charsley

1296 posts

Uber Geek
+1 received by user: 12


  Reply # 965813 13-Jan-2014 00:15 Send private message

charsleysa:
jbard:
TimA:
NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.


Over the last 4 weeks I have logged in from over 6 different countries and never had 2 stage verification to login. 
I do have online guardian setup though as if i try and transfer large amount ($1000+) then I have to verify via txt.

Edit: Just used my VPN to login from Russia and it still let me straight in. 


It's probably done by cookies, that's how most of the Web does it, and it's quite secure as well if you encrypt the cookie so the client computer can't read the contents of the cookie. And since all banks use HTTPS for their online banking then that's the transit encryption sorted.



Yep I thought so as well but I tried the same thing from inside a VM and it still let me through. 


3180 posts

Uber Geek
+1 received by user: 401

Trusted
Subscriber

  Reply # 965814 13-Jan-2014 00:16 Send private message

Same experience here on Westpac. I always wonder why the heck I need to setup those questions if I actually never been asked/challenged.

ANZ bank on the other hand always send a code to the mobile phone to verify your login (I love this).

Edit: after reading this thread, i quickly change my assword. the last time I changed it was in 2012!






567 posts

Ultimate Geek
+1 received by user: 114


  Reply # 965816 13-Jan-2014 00:21 Send private message

Hmm maybe they have a fuzzy logic algorithm that uses multiple parameters to determine a possible fraud.

The parameters could include things like data from cookies, IP address, geo lookup of IP address, frequency of visits from location, browser types, operating system types, platforms, activity while logged in, etc.




Regards
Stefan Andres Charsley

70Mb/s VDSL @ Home
3269 posts

Uber Geek
+1 received by user: 935

Trusted
Subscriber

  Reply # 965817 13-Jan-2014 00:21 Send private message

I think we can conclude this by saying we all need Norton and CCleaner to get rid of cookies in our PC's. We shall not watch pron or play Java based games or download Linux ISO's.




 


 1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Do I have the right to return this?
Created by corksta, last reply by kiwibro111 on 21-Dec-2014 23:54 (45 replies)
Pages... 2 3


Slaughter of Innocents
Created by networkn, last reply by networkn on 19-Dec-2014 17:46 (64 replies)
Pages... 3 4 5


youtube downloader
Created by Ford, last reply by jarledb on 22-Dec-2014 16:57 (18 replies)
Pages... 2


Spray Foam Insulation
Created by AACTech, last reply by timbosan on 19-Dec-2014 16:58 (36 replies)
Pages... 2 3


Crew Drinking on Flights - Why!?
Created by networkn, last reply by Geektastic on 22-Dec-2014 09:35 (34 replies)
Pages... 2 3


Spark, the least secure part of your home network?
Created by NZtechfreak, last reply by NonprayingMantis on 23-Dec-2014 02:02 (31 replies)
Pages... 2 3


Police Camera Van Disguise
Created by Reanalyse, last reply by jackyleunght2002 on 23-Dec-2014 01:10 (76 replies)
Pages... 4 5 6


Some lowlife is using my easy to remember number to commit idiocy
Created by joker97, last reply by joker97 on 22-Dec-2014 15:48 (15 replies)


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.