Becoming invisible: bank account stolen, how to prevent it?

Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.

Forums › Finance and wealth management › Becoming invisible: bank account stolen, how to prevent it?

1 | 2 | 3 | 4 | 5

463 posts

Ultimate Geek

#966157 13-Jan-2014 14:01

charsleysa: As for plugins / malicious browser software trapping the details directly from the Web Page, that is very hard to do since browsers such as Chrome alert you to the fact that the plugin will access certain Web pages, though it's not impossible.

http://en.wikipedia.org/wiki/Man-in-the-browser

Amosnz

567 posts

Ultimate Geek

Lifetime subscriber

#966195 13-Jan-2014 14:39

TSB uses 2 factor, you actually need to reply via the phone with the code onscreen instead of the entering the code that is txtd to you into the webpage.

ASB also uses 2 factor. I once logged into ASB while inadvertently having the VPN open (using a NZ host). I did a transfer to a previously registered account (so wasn't required to do the 2 factor authentication) and instantly had a phone call from ASB asking if I'd authorised that transaction as my login was coming from a blacklisted IP address.

Speedtest

sonyxperiageek

2959 posts

Uber Geek

Trusted

#966221 13-Jan-2014 14:57

To the OP, what happened in the end to your daughter's friend? Did he manage to get the money back? Do you know if he had given out his bank account details to anyone? If not, he could probably get the money back from the bank.

Sony

BigMal

996 posts

Ultimate Geek

ID Verified

Trusted

#966251 13-Jan-2014 15:19

When the crims have access to your account one of the most common ways to get the money out and overseas is to buy something from someone on TradeMe and use your bank account to pay.

They "accidentally" over pay the seller and then request the seller return the difference via money transfer because they're on holiday in Nigeria :-)

sonyxperiageek

2959 posts

Uber Geek

Trusted

#966262 13-Jan-2014 15:40

BigMal: When the crims have access to your account one of the most common ways to get the money out and overseas is to buy something from someone on TradeMe and use your bank account to pay.

They "accidentally" over pay the seller and then request the seller return the difference via money transfer because they're on holiday in Nigeria :-)

But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..

Sony

Yorkshirekid

193 posts

Master Geek

#966265 13-Jan-2014 15:47

..just asked her. He's 'got a bit back', she says. Sorry I don't have specifics because I can see (with the interest this Post has driven), that such info would be good.

It's been interesting reading the various ways to deceive; I never knew any of the stuff I've read. And in this security conscious digital world, it's stuff that is good to know to help one try prevent getting stung.

hashbrown

463 posts

Ultimate Geek

#966288 13-Jan-2014 16:21

sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..

Think less like and individual hacker and more like a criminal enterprise. You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

charsleysa

597 posts

Ultimate Geek

#966326 13-Jan-2014 17:24

hashbrown:
charsleysa: As for plugins / malicious browser software trapping the details directly from the Web Page, that is very hard to do since browsers such as Chrome alert you to the fact that the plugin will access certain Web pages, though it's not impossible.

http://en.wikipedia.org/wiki/Man-in-the-browser

Please refer to the post you quoted. Very hard but not impossible.
There must exist a vulnerability to take advantage of to perform those kinds of attacks.

Regards
Stefan Andres Charsley

gzt

17151 posts

Uber Geek

Lifetime subscriber

#966339 13-Jan-2014 17:45

bank account stolen, how to prevent it?

Without details any method might have been used. Maybe they got his date of birth and other personal details off facebook and called the bank and changed the details.

The fix for that once is obvious ; ).

Back on topic. Considering the MITB examples here:

All but one of those known exploits requires a Windows operating system AND Internet Explorer or Firefox as browser.

The obvious conclusions -

a) Use a different browser (Chrome is the most frequently updated)
b) Consider booting a Linux system to use only for Internet banking tasks. It's easy. Simplest method boot a live dvd or usb. No changes are made to your machine.

charsleysa

597 posts

Ultimate Geek

#966346 13-Jan-2014 17:56

gzt:
bank account stolen, how to prevent it?

Without details any method might have been used. Maybe they got his date of birth and other personal details off facebook and called the bank and changed the details.

The fix for that once is obvious ; ).

Back on topic. Considering the MITB examples here:

All but one of those known exploits requires a Windows operating system AND Internet Explorer or Firefox as browser.

The obvious conclusions -

a) Use a different browser (Chrome is the most frequently updated)
b) Consider booting a Linux system just for Internet banking tasks. It's easy. Simplest method boot a live dvd or usb. No changes are made to your machine.

Or get update to the latest Interner Explorer (IE11) because a big issue with IE exploits is that too many people are still using an old version of IE that hasn't had the exploits patched.

Regards
Stefan Andres Charsley

sonyxperiageek

2959 posts

Uber Geek

Trusted

#966365 13-Jan-2014 18:19

hashbrown:
sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..

Think less like and individual hacker and more like a criminal enterprise. You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.

But then it will be linked to them, which in turn links back to the criminal enterprise? lol

Sony

gzt

17151 posts

Uber Geek

Lifetime subscriber

#966375 13-Jan-2014 18:29

Well, it hardly matters if they are based in a different country with no extradition treaty and/or limited police cooperation and/or paying off the appropriate people anyway. It is rare to hear of this being operated from a 1st world country. They would not last long.

BigMal

996 posts

Ultimate Geek

ID Verified

Trusted

#966392 13-Jan-2014 18:53

But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..

The buyer (crim) just opens a fake TradeMe account. The crim is based overseas, it's not like they care about TradeMe's T's and C's.

blakamin

4431 posts

Uber Geek
Inactive user

#966413 13-Jan-2014 19:59

All the banks *might* have 2-factor authentication, but how many regular (non-geek) people know about it?
How many know how to use it?
How many have actually set it up?
How many people (that know it exists) don't use it because they find it annoying?
Why is it not mandatory?

hashbrown

463 posts

Ultimate Geek

#966445 13-Jan-2014 21:07

sonyxperiageek:
hashbrown:
sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..

Think less like and individual hacker and more like a criminal enterprise. You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.

But then it will be linked to them, which in turn links back to the criminal enterprise? lol

Sorry, I should have been specific. I was talking about the trade in the stolen credentials of legitimate users. When your PC is hacked your online life can be carved up and sold to interested parties. Things like tradme logins are of low value, but packaged up and sold in bulk they can make a few dollars. More info here.

1 | 2 | 3 | 4 | 5