Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
319 posts

Ultimate Geek
+1 received by user: 47


  Reply # 966157 13-Jan-2014 14:01 Send private message

charsleysa: As for plugins / malicious browser software trapping the details directly from the Web Page, that is very hard to do since browsers such as Chrome alert you to the fact that the plugin will access certain Web pages, though it's not impossible.


http://en.wikipedia.org/wiki/Man-in-the-browser

160 posts

Master Geek
+1 received by user: 27


  Reply # 966195 13-Jan-2014 14:39 Send private message

TSB uses 2 factor, you actually need to reply via the phone with the code onscreen instead of the entering the code that is txtd to you into the webpage.

ASB also uses 2 factor.  I once logged into ASB while inadvertently having the VPN open (using a NZ host).  I did a transfer to a previously registered account (so wasn't required to do the 2 factor authentication) and instantly had a phone call from ASB asking if I'd authorised that transaction as my login was coming from a blacklisted IP address.


1317 posts

Uber Geek
+1 received by user: 88


  Reply # 966221 13-Jan-2014 14:57 Send private message

To the OP, what happened in the end to your daughter's friend? Did he manage to get the money back? Do you know if he had given out his bank account details to anyone? If not, he could probably get the money back from the bank.




581 posts

Ultimate Geek
+1 received by user: 27


  Reply # 966251 13-Jan-2014 15:19 Send private message

When the crims have access to your account one of the most common ways to get the money out and overseas is to buy something from someone on TradeMe and use your bank account to pay.

They "accidentally" over pay the seller and then request the seller return the difference via money transfer because they're on holiday in Nigeria :-)


1317 posts

Uber Geek
+1 received by user: 88


  Reply # 966262 13-Jan-2014 15:40 Send private message

BigMal: When the crims have access to your account one of the most common ways to get the money out and overseas is to buy something from someone on TradeMe and use your bank account to pay.

They "accidentally" over pay the seller and then request the seller return the difference via money transfer because they're on holiday in Nigeria :-)



But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..






58 posts

Master Geek


  Reply # 966265 13-Jan-2014 15:47 Send private message

..just asked her. He's 'got a bit back', she says. Sorry I don't have specifics because I can see (with the interest this Post has driven), that such info would be good.

It's been interesting reading the various ways to deceive; I never knew any of the stuff I've read. And in this security conscious digital world, it's stuff that is good to know to help one try prevent getting stung.

319 posts

Ultimate Geek
+1 received by user: 47


  Reply # 966288 13-Jan-2014 16:21 Send private message

sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


Think less like and individual hacker and more like a criminal enterprise.  You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.

567 posts

Ultimate Geek
+1 received by user: 114


  Reply # 966326 13-Jan-2014 17:24 Send private message

hashbrown:
charsleysa: As for plugins / malicious browser software trapping the details directly from the Web Page, that is very hard to do since browsers such as Chrome alert you to the fact that the plugin will access certain Web pages, though it's not impossible.


http://en.wikipedia.org/wiki/Man-in-the-browser


Please refer to the post you quoted. Very hard but not impossible.
There must exist a vulnerability to take advantage of to perform those kinds of attacks.




Regards
Stefan Andres Charsley

gzt

4751 posts

Uber Geek
+1 received by user: 278


  Reply # 966339 13-Jan-2014 17:45 Send private message

bank account stolen, how to prevent it?


Without details any method might have been used. Maybe they got his date of birth and other personal details off facebook and called the bank and changed the details.

The fix for that once is obvious ; ).

Back on topic. Considering the MITB examples here:

All but one of those known exploits requires a Windows operating system AND Internet Explorer or Firefox as browser.

The obvious conclusions -

a) Use a different browser (Chrome is the most frequently updated)
b) Consider booting a Linux system to use only for Internet banking tasks. It's easy. Simplest method boot a live dvd or usb. No changes are made to your machine.

567 posts

Ultimate Geek
+1 received by user: 114


  Reply # 966346 13-Jan-2014 17:56 Send private message

gzt:
bank account stolen, how to prevent it?


Without details any method might have been used. Maybe they got his date of birth and other personal details off facebook and called the bank and changed the details.

The fix for that once is obvious ; ).

Back on topic. Considering the MITB examples here:

All but one of those known exploits requires a Windows operating system AND Internet Explorer or Firefox as browser.

The obvious conclusions -

a) Use a different browser (Chrome is the most frequently updated)
b) Consider booting a Linux system just for Internet banking tasks. It's easy. Simplest method boot a live dvd or usb. No changes are made to your machine.


Or get update to the latest Interner Explorer (IE11) because a big issue with IE exploits is that too many people are still using an old version of IE that hasn't had the exploits patched.




Regards
Stefan Andres Charsley

1317 posts

Uber Geek
+1 received by user: 88


  Reply # 966365 13-Jan-2014 18:19 Send private message

hashbrown:
sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


Think less like and individual hacker and more like a criminal enterprise.  You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.


But then it will be linked to them, which in turn links back to the criminal enterprise? lol




gzt

4751 posts

Uber Geek
+1 received by user: 278


  Reply # 966375 13-Jan-2014 18:29 Send private message

Well, it hardly matters if they are based in a different country with no extradition treaty and/or limited police cooperation and/or paying off the appropriate people anyway. It is rare to hear of this being operated from a 1st world country. They would not last long.

581 posts

Ultimate Geek
+1 received by user: 27


  Reply # 966392 13-Jan-2014 18:53 Send private message

 But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


The buyer (crim) just opens a fake TradeMe account.  The crim is based overseas, it's not like they care about TradeMe's T's and C's.

Aussie
2261 posts

Uber Geek
+1 received by user: 251

Trusted
Subscriber

  Reply # 966413 13-Jan-2014 19:59 One person supports this post Send private message

All the banks *might* have 2-factor authentication, but how many regular (non-geek) people know about it?
How many know how to use it?
How many have actually set it up?
How many people (that know it exists) don't use it because they find it annoying?
Why is it not mandatory?

319 posts

Ultimate Geek
+1 received by user: 47


  Reply # 966445 13-Jan-2014 21:07 Send private message

sonyxperiageek:
hashbrown:
sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


Think less like and individual hacker and more like a criminal enterprise.  You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.


But then it will be linked to them, which in turn links back to the criminal enterprise? lol


Sorry, I should have been specific.  I was talking about the trade in the stolen credentials of legitimate users.  When your PC is hacked your online life can be carved up and sold to interested parties.  Things like tradme logins are of low value, but packaged up and sold in bulk they can make a few dollars.  More info here.

1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Crew Drinking on Flights - Why!?
Created by networkn, last reply by Dratsab on 21-Dec-2014 22:04 (27 replies)
Pages... 2


Police Camera Van Disguise
Created by Reanalyse, last reply by lNomNoml on 21-Dec-2014 23:33 (75 replies)
Pages... 3 4 5


Do I have the right to return this?
Created by corksta, last reply by kiwibro111 on 21-Dec-2014 23:54 (45 replies)
Pages... 2 3


Slaughter of Innocents
Created by networkn, last reply by networkn on 19-Dec-2014 17:46 (64 replies)
Pages... 3 4 5


Spray Foam Insulation
Created by AACTech, last reply by timbosan on 19-Dec-2014 16:58 (36 replies)
Pages... 2 3


Couriers starting to charge for redelivery
Created by mattwnz, last reply by rendezvous on 19-Dec-2014 11:45 (78 replies)
Pages... 4 5 6


Google Chromecast now available in New Zealand
Created by freitasm, last reply by michelangelonz on 20-Dec-2014 10:38 (155 replies)
Pages... 9 10 11


forgot how to unlock a car door
Created by joker97, last reply by joker97 on 21-Dec-2014 07:34 (53 replies)
Pages... 2 3 4



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.