Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
301 posts

Ultimate Geek
+1 received by user: 43


  Reply # 966157 13-Jan-2014 14:01 Send private message

charsleysa: As for plugins / malicious browser software trapping the details directly from the Web Page, that is very hard to do since browsers such as Chrome alert you to the fact that the plugin will access certain Web pages, though it's not impossible.


http://en.wikipedia.org/wiki/Man-in-the-browser

127 posts

Master Geek
+1 received by user: 25


  Reply # 966195 13-Jan-2014 14:39 Send private message

TSB uses 2 factor, you actually need to reply via the phone with the code onscreen instead of the entering the code that is txtd to you into the webpage.

ASB also uses 2 factor.  I once logged into ASB while inadvertently having the VPN open (using a NZ host).  I did a transfer to a previously registered account (so wasn't required to do the 2 factor authentication) and instantly had a phone call from ASB asking if I'd authorised that transaction as my login was coming from a blacklisted IP address.


1208 posts

Uber Geek
+1 received by user: 77


  Reply # 966221 13-Jan-2014 14:57 Send private message

To the OP, what happened in the end to your daughter's friend? Did he manage to get the money back? Do you know if he had given out his bank account details to anyone? If not, he could probably get the money back from the bank.




563 posts

Ultimate Geek
+1 received by user: 23


  Reply # 966251 13-Jan-2014 15:19 Send private message

When the crims have access to your account one of the most common ways to get the money out and overseas is to buy something from someone on TradeMe and use your bank account to pay.

They "accidentally" over pay the seller and then request the seller return the difference via money transfer because they're on holiday in Nigeria :-)


1208 posts

Uber Geek
+1 received by user: 77


  Reply # 966262 13-Jan-2014 15:40 Send private message

BigMal: When the crims have access to your account one of the most common ways to get the money out and overseas is to buy something from someone on TradeMe and use your bank account to pay.

They "accidentally" over pay the seller and then request the seller return the difference via money transfer because they're on holiday in Nigeria :-)



But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..






52 posts

Master Geek


  Reply # 966265 13-Jan-2014 15:47 Send private message

..just asked her. He's 'got a bit back', she says. Sorry I don't have specifics because I can see (with the interest this Post has driven), that such info would be good.

It's been interesting reading the various ways to deceive; I never knew any of the stuff I've read. And in this security conscious digital world, it's stuff that is good to know to help one try prevent getting stung.

301 posts

Ultimate Geek
+1 received by user: 43


  Reply # 966288 13-Jan-2014 16:21 Send private message

sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


Think less like and individual hacker and more like a criminal enterprise.  You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.

474 posts

Ultimate Geek
+1 received by user: 85


  Reply # 966326 13-Jan-2014 17:24 Send private message

hashbrown:
charsleysa: As for plugins / malicious browser software trapping the details directly from the Web Page, that is very hard to do since browsers such as Chrome alert you to the fact that the plugin will access certain Web pages, though it's not impossible.


http://en.wikipedia.org/wiki/Man-in-the-browser


Please refer to the post you quoted. Very hard but not impossible.
There must exist a vulnerability to take advantage of to perform those kinds of attacks.




Regards
Stefan Andres Charsley

gzt

4448 posts

Uber Geek
+1 received by user: 220

Subscriber

  Reply # 966339 13-Jan-2014 17:45 Send private message

bank account stolen, how to prevent it?


Without details any method might have been used. Maybe they got his date of birth and other personal details off facebook and called the bank and changed the details.

The fix for that once is obvious ; ).

Back on topic. Considering the MITB examples here:

All but one of those known exploits requires a Windows operating system AND Internet Explorer or Firefox as browser.

The obvious conclusions -

a) Use a different browser (Chrome is the most frequently updated)
b) Consider booting a Linux system to use only for Internet banking tasks. It's easy. Simplest method boot a live dvd or usb. No changes are made to your machine.

474 posts

Ultimate Geek
+1 received by user: 85


  Reply # 966346 13-Jan-2014 17:56 Send private message

gzt:
bank account stolen, how to prevent it?


Without details any method might have been used. Maybe they got his date of birth and other personal details off facebook and called the bank and changed the details.

The fix for that once is obvious ; ).

Back on topic. Considering the MITB examples here:

All but one of those known exploits requires a Windows operating system AND Internet Explorer or Firefox as browser.

The obvious conclusions -

a) Use a different browser (Chrome is the most frequently updated)
b) Consider booting a Linux system just for Internet banking tasks. It's easy. Simplest method boot a live dvd or usb. No changes are made to your machine.


Or get update to the latest Interner Explorer (IE11) because a big issue with IE exploits is that too many people are still using an old version of IE that hasn't had the exploits patched.




Regards
Stefan Andres Charsley

1208 posts

Uber Geek
+1 received by user: 77


  Reply # 966365 13-Jan-2014 18:19 Send private message

hashbrown:
sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


Think less like and individual hacker and more like a criminal enterprise.  You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.


But then it will be linked to them, which in turn links back to the criminal enterprise? lol




gzt

4448 posts

Uber Geek
+1 received by user: 220

Subscriber

  Reply # 966375 13-Jan-2014 18:29 Send private message

Well, it hardly matters if they are based in a different country with no extradition treaty and/or limited police cooperation and/or paying off the appropriate people anyway. It is rare to hear of this being operated from a 1st world country. They would not last long.

563 posts

Ultimate Geek
+1 received by user: 23


  Reply # 966392 13-Jan-2014 18:53 Send private message

 But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


The buyer (crim) just opens a fake TradeMe account.  The crim is based overseas, it's not like they care about TradeMe's T's and C's.

Aussie
2209 posts

Uber Geek
+1 received by user: 217

Trusted
Subscriber

  Reply # 966413 13-Jan-2014 19:59 One person supports this post Send private message

All the banks *might* have 2-factor authentication, but how many regular (non-geek) people know about it?
How many know how to use it?
How many have actually set it up?
How many people (that know it exists) don't use it because they find it annoying?
Why is it not mandatory?

301 posts

Ultimate Geek
+1 received by user: 43


  Reply # 966445 13-Jan-2014 21:07 Send private message

sonyxperiageek:
hashbrown:
sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


Think less like and individual hacker and more like a criminal enterprise.  You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.


But then it will be linked to them, which in turn links back to the criminal enterprise? lol


Sorry, I should have been specific.  I was talking about the trade in the stolen credentials of legitimate users.  When your PC is hacked your online life can be carved up and sold to interested parties.  Things like tradme logins are of low value, but packaged up and sold in bulk they can make a few dollars.  More info here.

1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Moment of Truth?
Created by BarTender, last reply by Geektastic on 19-Sep-2014 19:00 (401 replies)
Pages... 25 26 27


Mr. Key to extradite Kim Dotcom?
Created by TimA, last reply by SaltyNZ on 18-Sep-2014 09:20 (126 replies)
Pages... 7 8 9


IOS8 - Network Load
Created by FireEngine, last reply by coffeebaron on 19-Sep-2014 22:05 (40 replies)
Pages... 2 3


New On Account mobile plans - Red+
Created by NikT, last reply by KiwiSurfer on 19-Sep-2014 20:51 (36 replies)
Pages... 2 3


2014 Holden SS (V8) or Ford XR6-T (in-line 6 turbo)
Created by joker97, last reply by ilovemusic on 16-Sep-2014 14:34 (71 replies)
Pages... 3 4 5


6.6Mb/s "in spec" for Torbay, Auckland?
Created by theasset13, last reply by dcole13 on 19-Sep-2014 21:11 (16 replies)
Pages... 2


Computer Lounge's Zen Radical
Created by JayADee, last reply by JayADee on 19-Sep-2014 14:51 (15 replies)

Maybe some politicians should go back to school?
Created by jarledb, last reply by DarthKermit on 18-Sep-2014 18:27 (31 replies)
Pages... 2 3



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.