Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




149 posts

Master Geek
+1 received by user: 6


# 138667 12-Jan-2014 22:57
Send private message

My daughter was upset tonight that her friend had had his bank account hacked and all his money nicked. She asked how that could be done. We had a good discussion but we didn't have a complete answer as to how this could be done and I wondered if anyone could enlighten me?

I understand phishing and key logging and ways to get an person's details. But what i don't understand is how they get away with the stealing?

Senario1:
I nick a few dollars from someone's bank account. Simply transfer it into my account. But the Police would know it's me since it's gone to my account. Caught red handed.

Senario2:
Same deal. Only the money goes into a spoof bank account. Now how do I set that up since I need my passport, electric bill, a reference and what I had for breakfast as ID before I can set up the account. Can't be done?

Senario3:
I simply use the stolen account details to buy good on-line. 100" TV lands at my place. A few days later the Police arrive too as they have my address from the purchase.

Senario4:
Same deal. Only I have a place I just use for deliveries. Again, how do I set that up and really! - I'd need to establish a different delivery address for my ongoing theft.

I can see there being some controversy with me asking this question, but it just confounds me how people can establish a spoof identity/location and become invisible.

I think I'd fail MI5 trials.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5
5124 posts

Uber Geek
+1 received by user: 1431

Trusted
Microsoft

  # 965785 12-Jan-2014 22:58
Send private message

What did the bank say?

what do their statements show?

2115 posts

Uber Geek
+1 received by user: 1191


  # 965786 12-Jan-2014 23:00
One person supports this post
Send private message

Transfer the money to an unsuspecting person who you ask to transfer 90% via western union and keep the 10% as commission.

Pretty common, and as a bonus, you get to screw 2 people over in he same transaction.
Once the money's offshore it's pretty hard to follow. 

Another possibility, is the person is known and was "vaguely" given permission. Once there is a suggestion of permission, things get murky.




Location: Dunedin

 


 
 
 
 


597 posts

Ultimate Geek
+1 received by user: 132


  # 965801 12-Jan-2014 23:48
Send private message

Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.




Regards
Stefan Andres Charsley

6434 posts

Uber Geek
+1 received by user: 1571


  # 965803 12-Jan-2014 23:55
Send private message

charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


westpac doesn't



597 posts

Ultimate Geek
+1 received by user: 132


  # 965805 12-Jan-2014 23:59
Send private message

According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/




Regards
Stefan Andres Charsley

6434 posts

Uber Geek
+1 received by user: 1571


  # 965806 13-Jan-2014 00:00
Send private message

charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt.

 

These challenges will be fairly rare, but important."

6615 posts

Uber Geek
+1 received by user: 2293
Inactive user


  # 965807 13-Jan-2014 00:01
Send private message

charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


This guy has been watching too much Sherlock Holmes

 
 
 
 


6615 posts

Uber Geek
+1 received by user: 2293
Inactive user


  # 965808 13-Jan-2014 00:02
Send private message

NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.

597 posts

Ultimate Geek
+1 received by user: 132


  # 965809 13-Jan-2014 00:04
Send private message

TimA:
charsleysa: Well off the top of my head a good way to do it would be to create a temporary PayPal account with spoof details with an anonymous email address, then transfer the money from the bank account to PayPal.

From there I find a few BitCoin trading centres and trade the currency in for BitCoin, then flush it through a few trading centres splitting it up to create some false trails sending them through the black markets.

After that I consolidate them all together again, then transfer it to another fake PayPal account, and from there into my real bank account.

As for a bank account being hacked... Bull. ****.
Can't be done by an amateur, even pros.

As for key logging that doesn't work as NZ banks use 2 stage login in which the second stage can't be key logged.

It's more likely that whoever stole the money knew the victim well enough to guess the password and answer the 2nd stage question.


This guy has been watching too much Sherlock Holmes


Haha Maybe...

I'm a software developer so it's good for me to know about security and a good way to learn about good/bad practices is how to get around security measures that are in place.




Regards
Stefan Andres Charsley

1370 posts

Uber Geek
+1 received by user: 17


  # 965810 13-Jan-2014 00:08
Send private message

TimA:
NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.


Over the last 4 weeks I have logged in from over 6 different countries and never had 2 stage verification to login. 
I do have online guardian setup though as if i try and transfer large amount ($1000+) then I have to verify via txt.

Edit: Just used my VPN to login from Russia and it still let me straight in. 

597 posts

Ultimate Geek
+1 received by user: 132


  # 965811 13-Jan-2014 00:14
Send private message

jbard:
TimA:
NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.


Over the last 4 weeks I have logged in from over 6 different countries and never had 2 stage verification to login. 
I do have online guardian setup though as if i try and transfer large amount ($1000+) then I have to verify via txt.

Edit: Just used my VPN to login from Russia and it still let me straight in. 


It's probably done by cookies, that's how most of the Web does it, and it's quite secure as well if you encrypt the cookie so the client computer can't read the contents of the cookie. And since all banks use HTTPS for their online banking then that's the transit encryption sorted.




Regards
Stefan Andres Charsley

1370 posts

Uber Geek
+1 received by user: 17


  # 965813 13-Jan-2014 00:15
Send private message

charsleysa:
jbard:
TimA:
NonprayingMantis:
charsleysa: According to the Westpac website they do, maybe you haven't set yours up.

http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/how-we-keep-you-safe-online/


sorry yes, but they don't always ask you the second stage.  In fact they rarely seem to ask me.

because:

"Online Guardian is a fraud detection system that will learn your normal Online Banking activity, and will only ask to check your identity if something changes dramatically (like logging on from a different country or making a large payment to someone you haven’t paid before). Almost all of these checks will be in the form of one of your challenge questions, but a very small number will need a one time verification code that we will send to your registered mobile number by txt. These challenges will be fairly rare, but important."


Maybe its done via IP address. If you IP is the same each time maybe not?
I always have a code sent to my phone.


Over the last 4 weeks I have logged in from over 6 different countries and never had 2 stage verification to login. 
I do have online guardian setup though as if i try and transfer large amount ($1000+) then I have to verify via txt.

Edit: Just used my VPN to login from Russia and it still let me straight in. 


It's probably done by cookies, that's how most of the Web does it, and it's quite secure as well if you encrypt the cookie so the client computer can't read the contents of the cookie. And since all banks use HTTPS for their online banking then that's the transit encryption sorted.



Yep I thought so as well but I tried the same thing from inside a VM and it still let me through. 


4524 posts

Uber Geek
+1 received by user: 880

Trusted
Lifetime subscriber

  # 965814 13-Jan-2014 00:16
Send private message

Same experience here on Westpac. I always wonder why the heck I need to setup those questions if I actually never been asked/challenged.

ANZ bank on the other hand always send a code to the mobile phone to verify your login (I love this).

Edit: after reading this thread, i quickly change my assword. the last time I changed it was in 2012!






597 posts

Ultimate Geek
+1 received by user: 132


  # 965816 13-Jan-2014 00:21
Send private message

Hmm maybe they have a fuzzy logic algorithm that uses multiple parameters to determine a possible fraud.

The parameters could include things like data from cookies, IP address, geo lookup of IP address, frequency of visits from location, browser types, operating system types, platforms, activity while logged in, etc.




Regards
Stefan Andres Charsley

6615 posts

Uber Geek
+1 received by user: 2293
Inactive user


  # 965817 13-Jan-2014 00:21
Send private message

I think we can conclude this by saying we all need Norton and CCleaner to get rid of cookies in our PC's. We shall not watch pron or play Java based games or download Linux ISO's.

 1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01


Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24


Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24


Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10


Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32


Epson launches new 4K Pro-UHD projector technology
Posted 1-Jun-2019 15:26


Lenovo and Qualcomm unveil first 5G PC called Project Limitless
Posted 28-May-2019 20:23


Intel introduces new 10th Gen Intel Core Processors and Project Athena
Posted 28-May-2019 19:28


Orcon first to trial residential 10Gbps broadband
Posted 28-May-2019 11:20



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.