Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.



ForumsFinance and wealth managementBecoming invisible: bank account stolen, how to prevent it?
Yorkshirekid

193 posts

Master Geek


#138667 12-Jan-2014 22:57
Send private message

My daughter was upset tonight that her friend had had his bank account hacked and all his money nicked. She asked how that could be done. We had a good discussion but we didn't have a complete answer as to how this could be done and I wondered if anyone could enlighten me?

I understand phishing and key logging and ways to get an person's details. But what i don't understand is how they get away with the stealing?

Senario1:
I nick a few dollars from someone's bank account. Simply transfer it into my account. But the Police would know it's me since it's gone to my account. Caught red handed.

Senario2:
Same deal. Only the money goes into a spoof bank account. Now how do I set that up since I need my passport, electric bill, a reference and what I had for breakfast as ID before I can set up the account. Can't be done?

Senario3:
I simply use the stolen account details to buy good on-line. 100" TV lands at my place. A few days later the Police arrive too as they have my address from the purchase.

Senario4:
Same deal. Only I have a place I just use for deliveries. Again, how do I set that up and really! - I'd need to establish a different delivery address for my ongoing theft.

I can see there being some controversy with me asking this question, but it just confounds me how people can establish a spoof identity/location and become invisible.

I think I'd fail MI5 trials.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5
nathan
5695 posts

Uber Geek
Inactive user


  #965785 12-Jan-2014 22:58
Send private message

What did the bank say?

what do their statements show?



andrewNZ
2487 posts

Uber Geek
Inactive user


  #965786 12-Jan-2014 23:00
Send private message

Transfer the money to an unsuspecting person who you ask to transfer 90% via western union and keep the 10% as commission.

Pretty common, and as a bonus, you get to screw 2 people over in he same transaction.
Once the money's offshore it's pretty hard to follow. 

Another possibility, is the person is known and was "vaguely" given permission. Once there is a suggestion of permission, things get murky.

charsleysa
597 posts

Ultimate Geek


  #965801 12-Jan-2014 23:48
Send private message

Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.




Regards
Stefan Andres Charsley



NonprayingMantis
6434 posts

Uber Geek


  #965803 12-Jan-2014 23:55
Send private message

charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


westpac doesn't

charsleysa
597 posts

Ultimate Geek


  #965805 12-Jan-2014 23:59
Send private message

According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/




Regards
Stefan Andres Charsley

NonprayingMantis
6434 posts

Uber Geek


  #965806 13-Jan-2014 00:00
Send private message

charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt.

 

These challenges will be fairly rare, but important."

Coil
6614 posts

Uber Geek
Inactive user


  #965807 13-Jan-2014 00:01
Send private message

charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


This guy has been watching too much Sherlock Holmes

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
Coil
6614 posts

Uber Geek
Inactive user


  #965808 13-Jan-2014 00:02
Send private message

NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.

charsleysa
597 posts

Ultimate Geek


  #965809 13-Jan-2014 00:04
Send private message

TimA:
charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


This guy has been watching too much Sherlock Holmes


Haha Maybe...

I'm a software developer so it's good for me to know about security and a good way to learn about good/bad practices is how to get around security measures that are in place.




Regards
Stefan Andres Charsley

jbard
1377 posts

Uber Geek


  #965810 13-Jan-2014 00:08
Send private message

TimA:
NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.


Over the last 4 weeks I have logged in from over 6 different countries and never had 2 stage verification to login. 
I do have online guardian setup though as if i try and transfer large amount ($1000+) then I have to verify via txt.

Edit: Just used my VPN to login from Russia and it still let me straight in. 

charsleysa
597 posts

Ultimate Geek


  #965811 13-Jan-2014 00:14
Send private message

jbard:
TimA:
NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.


Over the last 4 weeks I have logged in from over 6 different countries and never had 2 stage verification to login. 
I do have online guardian setup though as if i try and transfer large amount ($1000+) then I have to verify via txt.

Edit: Just used my VPN to login from Russia and it still let me straight in. 


It's probably done by cookies, that's how most of the Web does it, and it's quite secure as well if you encrypt the cookie so the client computer can't read the contents of the cookie. And since all banks use HTTPS for their online banking then that's the transit encryption sorted.




Regards
Stefan Andres Charsley

jbard
1377 posts

Uber Geek


  #965813 13-Jan-2014 00:15
Send private message

charsleysa:
jbard:
TimA:
NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.


Over the last 4 weeks I have logged in from over 6 different countries and never had 2 stage verification to login. 
I do have online guardian setup though as if i try and transfer large amount ($1000+) then I have to verify via txt.

Edit: Just used my VPN to login from Russia and it still let me straight in. 


It's probably done by cookies, that's how most of the Web does it, and it's quite secure as well if you encrypt the cookie so the client computer can't read the contents of the cookie. And since all banks use HTTPS for their online banking then that's the transit encryption sorted.



Yep I thought so as well but I tried the same thing from inside a VM and it still let me through. 

nakedmolerat
4629 posts

Uber Geek

Trusted
Lifetime subscriber

  #965814 13-Jan-2014 00:16
Send private message

Same experience here on Westpac. I always wonder why the heck I need to setup those questions if I actually never been asked/challenged.

ANZ bank on the other hand always send a code to the mobile phone to verify your login (I love this).

Edit: after reading this thread, i quickly change my assword. the last time I changed it was in 2012!

charsleysa
597 posts

Ultimate Geek


  #965816 13-Jan-2014 00:21
Send private message

Hmm maybe they have a fuzzy logic algorithm that uses multiple parameters to determine a possible fraud.

The parameters could include things like data from cookies, IP address, geo lookup of IP address, frequency of visits from location, browser types, operating system types, platforms, activity while logged in, etc.




Regards
Stefan Andres Charsley

Coil
6614 posts

Uber Geek
Inactive user


  #965817 13-Jan-2014 00:21
Send private message

I think we can conclude this by saying we all need Norton and CCleaner to get rid of cookies in our PC's. We shall not watch pron or play Java based games or download Linux ISO's.

 1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright