Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
438 posts

Ultimate Geek
+1 received by user: 123

Subscriber

  Reply # 966157 13-Jan-2014 14:01
Send private message

charsleysa: As for plugins / malicious browser software trapping the details directly from the Web Page, that is very hard to do since browsers such as Chrome alert you to the fact that the plugin will access certain Web pages, though it's not impossible.


http://en.wikipedia.org/wiki/Man-in-the-browser

370 posts

Ultimate Geek
+1 received by user: 75

Subscriber

  Reply # 966195 13-Jan-2014 14:39
Send private message

TSB uses 2 factor, you actually need to reply via the phone with the code onscreen instead of the entering the code that is txtd to you into the webpage.

ASB also uses 2 factor.  I once logged into ASB while inadvertently having the VPN open (using a NZ host).  I did a transfer to a previously registered account (so wasn't required to do the 2 factor authentication) and instantly had a phone call from ASB asking if I'd authorised that transaction as my login was coming from a blacklisted IP address.





Speedtest

 
 
 
 


2178 posts

Uber Geek
+1 received by user: 240

Trusted

  Reply # 966221 13-Jan-2014 14:57
Send private message

To the OP, what happened in the end to your daughter's friend? Did he manage to get the money back? Do you know if he had given out his bank account details to anyone? If not, he could probably get the money back from the bank.




Sony

 

--

 

NZ TechBlog | A bit about me | Follow me on Twitter | My Geekzone blog

 

Use coupon code: eats-17atx for $10 off your first UberEATS experience!


826 posts

Ultimate Geek
+1 received by user: 113


  Reply # 966251 13-Jan-2014 15:19
Send private message

When the crims have access to your account one of the most common ways to get the money out and overseas is to buy something from someone on TradeMe and use your bank account to pay.

They "accidentally" over pay the seller and then request the seller return the difference via money transfer because they're on holiday in Nigeria :-)


2178 posts

Uber Geek
+1 received by user: 240

Trusted

  Reply # 966262 13-Jan-2014 15:40
Send private message

BigMal: When the crims have access to your account one of the most common ways to get the money out and overseas is to buy something from someone on TradeMe and use your bank account to pay.

They "accidentally" over pay the seller and then request the seller return the difference via money transfer because they're on holiday in Nigeria :-)



But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..




Sony

 

--

 

NZ TechBlog | A bit about me | Follow me on Twitter | My Geekzone blog

 

Use coupon code: eats-17atx for $10 off your first UberEATS experience!




122 posts

Master Geek
+1 received by user: 3


  Reply # 966265 13-Jan-2014 15:47
Send private message

..just asked her. He's 'got a bit back', she says. Sorry I don't have specifics because I can see (with the interest this Post has driven), that such info would be good.

It's been interesting reading the various ways to deceive; I never knew any of the stuff I've read. And in this security conscious digital world, it's stuff that is good to know to help one try prevent getting stung.

438 posts

Ultimate Geek
+1 received by user: 123

Subscriber

  Reply # 966288 13-Jan-2014 16:21
Send private message

sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


Think less like and individual hacker and more like a criminal enterprise.  You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.

597 posts

Ultimate Geek
+1 received by user: 132


  Reply # 966326 13-Jan-2014 17:24
Send private message

hashbrown:
charsleysa: As for plugins / malicious browser software trapping the details directly from the Web Page, that is very hard to do since browsers such as Chrome alert you to the fact that the plugin will access certain Web pages, though it's not impossible.


http://en.wikipedia.org/wiki/Man-in-the-browser


Please refer to the post you quoted. Very hard but not impossible.
There must exist a vulnerability to take advantage of to perform those kinds of attacks.




Regards
Stefan Andres Charsley

gzt

9150 posts

Uber Geek
+1 received by user: 1290


  Reply # 966339 13-Jan-2014 17:45
Send private message

bank account stolen, how to prevent it?


Without details any method might have been used. Maybe they got his date of birth and other personal details off facebook and called the bank and changed the details.

The fix for that once is obvious ; ).

Back on topic. Considering the MITB examples here:

All but one of those known exploits requires a Windows operating system AND Internet Explorer or Firefox as browser.

The obvious conclusions -

a) Use a different browser (Chrome is the most frequently updated)
b) Consider booting a Linux system to use only for Internet banking tasks. It's easy. Simplest method boot a live dvd or usb. No changes are made to your machine.

597 posts

Ultimate Geek
+1 received by user: 132


  Reply # 966346 13-Jan-2014 17:56
Send private message

gzt:
bank account stolen, how to prevent it?


Without details any method might have been used. Maybe they got his date of birth and other personal details off facebook and called the bank and changed the details.

The fix for that once is obvious ; ).

Back on topic. Considering the MITB examples here:

All but one of those known exploits requires a Windows operating system AND Internet Explorer or Firefox as browser.

The obvious conclusions -

a) Use a different browser (Chrome is the most frequently updated)
b) Consider booting a Linux system just for Internet banking tasks. It's easy. Simplest method boot a live dvd or usb. No changes are made to your machine.


Or get update to the latest Interner Explorer (IE11) because a big issue with IE exploits is that too many people are still using an old version of IE that hasn't had the exploits patched.




Regards
Stefan Andres Charsley

2178 posts

Uber Geek
+1 received by user: 240

Trusted

  Reply # 966365 13-Jan-2014 18:19
Send private message

hashbrown:
sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


Think less like and individual hacker and more like a criminal enterprise.  You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.


But then it will be linked to them, which in turn links back to the criminal enterprise? lol




Sony

 

--

 

NZ TechBlog | A bit about me | Follow me on Twitter | My Geekzone blog

 

Use coupon code: eats-17atx for $10 off your first UberEATS experience!


gzt

9150 posts

Uber Geek
+1 received by user: 1290


  Reply # 966375 13-Jan-2014 18:29
Send private message

Well, it hardly matters if they are based in a different country with no extradition treaty and/or limited police cooperation and/or paying off the appropriate people anyway. It is rare to hear of this being operated from a 1st world country. They would not last long.

826 posts

Ultimate Geek
+1 received by user: 113


  Reply # 966392 13-Jan-2014 18:53
Send private message

 But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


The buyer (crim) just opens a fake TradeMe account.  The crim is based overseas, it's not like they care about TradeMe's T's and C's.

Aussie
3918 posts

Uber Geek
+1 received by user: 1026

Trusted
Subscriber

  Reply # 966413 13-Jan-2014 19:59
One person supports this post
Send private message

All the banks *might* have 2-factor authentication, but how many regular (non-geek) people know about it?
How many know how to use it?
How many have actually set it up?
How many people (that know it exists) don't use it because they find it annoying?
Why is it not mandatory?

438 posts

Ultimate Geek
+1 received by user: 123

Subscriber

  Reply # 966445 13-Jan-2014 21:07
Send private message

sonyxperiageek:
hashbrown:
sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


Think less like and individual hacker and more like a criminal enterprise.  You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.


But then it will be linked to them, which in turn links back to the criminal enterprise? lol


Sorry, I should have been specific.  I was talking about the trade in the stolen credentials of legitimate users.  When your PC is hacked your online life can be carved up and sold to interested parties.  Things like tradme logins are of low value, but packaged up and sold in bulk they can make a few dollars.  More info here.

1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UFB killer app: Speed
Posted 17-Nov-2017 17:01


The case for RSS — MacSparky
Posted 13-Nov-2017 14:35


WordPress and Indieweb: Take control of your online presence — 6:30 GridAKL Nov 30
Posted 11-Nov-2017 13:43


Chorus reveals technology upgrade for schools, students
Posted 10-Nov-2017 10:28


Vodafone says Internet of Things (IoT) crucial for digital transformation
Posted 10-Nov-2017 10:06


Police and Facebook launch AMBER Alerts system in NZ
Posted 9-Nov-2017 10:49


Amazon debuts Fire TV Stick Basic Edition in over 100 new countries
Posted 8-Nov-2017 05:34


Vodafone VoIP transition to start this month
Posted 7-Nov-2017 12:33


Spark enhances IoT network capability
Posted 7-Nov-2017 11:33


Vocus NZ sale and broadband competition
Posted 6-Nov-2017 14:36


Hawaiki reaches key milestone in landmark deep-sea fibre project
Posted 4-Nov-2017 13:53


Countdown launches new proximity online shopping app
Posted 4-Nov-2017 13:50


Nokia 3310 to be available through Spark New Zealand
Posted 4-Nov-2017 13:31


Nest launches in New Zealand
Posted 4-Nov-2017 12:31


Active wholesale as Chorus tackles wireless challenge
Posted 3-Nov-2017 10:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.