Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
463 posts

Ultimate Geek


  #966157 13-Jan-2014 14:01
Send private message

charsleysa: As for plugins / malicious browser software trapping the details directly from the Web Page, that is very hard to do since browsers such as Chrome alert you to the fact that the plugin will access certain Web pages, though it's not impossible.


http://en.wikipedia.org/wiki/Man-in-the-browser

500 posts

Ultimate Geek

Lifetime subscriber

  #966195 13-Jan-2014 14:39
Send private message

TSB uses 2 factor, you actually need to reply via the phone with the code onscreen instead of the entering the code that is txtd to you into the webpage.

ASB also uses 2 factor.  I once logged into ASB while inadvertently having the VPN open (using a NZ host).  I did a transfer to a previously registered account (so wasn't required to do the 2 factor authentication) and instantly had a phone call from ASB asking if I'd authorised that transaction as my login was coming from a blacklisted IP address.





Speedtest


 
 
 
 


2731 posts

Uber Geek

Trusted

  #966221 13-Jan-2014 14:57
Send private message

To the OP, what happened in the end to your daughter's friend? Did he manage to get the money back? Do you know if he had given out his bank account details to anyone? If not, he could probably get the money back from the bank.




Sony

 

--

 

NZ TechBlog Follow me on Twitter | My Geekzone blog | Sharesies Referral | Electric Kiwi Referral | UberEats Referral Code: eats-17atx


942 posts

Ultimate Geek

Trusted

  #966251 13-Jan-2014 15:19
Send private message

When the crims have access to your account one of the most common ways to get the money out and overseas is to buy something from someone on TradeMe and use your bank account to pay.

They "accidentally" over pay the seller and then request the seller return the difference via money transfer because they're on holiday in Nigeria :-)


2731 posts

Uber Geek

Trusted

  #966262 13-Jan-2014 15:40
Send private message

BigMal: When the crims have access to your account one of the most common ways to get the money out and overseas is to buy something from someone on TradeMe and use your bank account to pay.

They "accidentally" over pay the seller and then request the seller return the difference via money transfer because they're on holiday in Nigeria :-)



But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..




Sony

 

--

 

NZ TechBlog Follow me on Twitter | My Geekzone blog | Sharesies Referral | Electric Kiwi Referral | UberEats Referral Code: eats-17atx




159 posts

Master Geek


  #966265 13-Jan-2014 15:47
Send private message

..just asked her. He's 'got a bit back', she says. Sorry I don't have specifics because I can see (with the interest this Post has driven), that such info would be good.

It's been interesting reading the various ways to deceive; I never knew any of the stuff I've read. And in this security conscious digital world, it's stuff that is good to know to help one try prevent getting stung.

463 posts

Ultimate Geek


  #966288 13-Jan-2014 16:21
Send private message

sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


Think less like and individual hacker and more like a criminal enterprise.  You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.

 
 
 
 


597 posts

Ultimate Geek


  #966326 13-Jan-2014 17:24
Send private message

hashbrown:
charsleysa: As for plugins / malicious browser software trapping the details directly from the Web Page, that is very hard to do since browsers such as Chrome alert you to the fact that the plugin will access certain Web pages, though it's not impossible.


http://en.wikipedia.org/wiki/Man-in-the-browser


Please refer to the post you quoted. Very hard but not impossible.
There must exist a vulnerability to take advantage of to perform those kinds of attacks.




Regards
Stefan Andres Charsley

gzt

11334 posts

Uber Geek

Lifetime subscriber

  #966339 13-Jan-2014 17:45
Send private message

bank account stolen, how to prevent it?


Without details any method might have been used. Maybe they got his date of birth and other personal details off facebook and called the bank and changed the details.

The fix for that once is obvious ; ).

Back on topic. Considering the MITB examples here:

All but one of those known exploits requires a Windows operating system AND Internet Explorer or Firefox as browser.

The obvious conclusions -

a) Use a different browser (Chrome is the most frequently updated)
b) Consider booting a Linux system to use only for Internet banking tasks. It's easy. Simplest method boot a live dvd or usb. No changes are made to your machine.

597 posts

Ultimate Geek


  #966346 13-Jan-2014 17:56
Send private message

gzt:
bank account stolen, how to prevent it?


Without details any method might have been used. Maybe they got his date of birth and other personal details off facebook and called the bank and changed the details.

The fix for that once is obvious ; ).

Back on topic. Considering the MITB examples here:

All but one of those known exploits requires a Windows operating system AND Internet Explorer or Firefox as browser.

The obvious conclusions -

a) Use a different browser (Chrome is the most frequently updated)
b) Consider booting a Linux system just for Internet banking tasks. It's easy. Simplest method boot a live dvd or usb. No changes are made to your machine.


Or get update to the latest Interner Explorer (IE11) because a big issue with IE exploits is that too many people are still using an old version of IE that hasn't had the exploits patched.




Regards
Stefan Andres Charsley

2731 posts

Uber Geek

Trusted

  #966365 13-Jan-2014 18:19
Send private message

hashbrown:
sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


Think less like and individual hacker and more like a criminal enterprise.  You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.


But then it will be linked to them, which in turn links back to the criminal enterprise? lol




Sony

 

--

 

NZ TechBlog Follow me on Twitter | My Geekzone blog | Sharesies Referral | Electric Kiwi Referral | UberEats Referral Code: eats-17atx


gzt

11334 posts

Uber Geek

Lifetime subscriber

  #966375 13-Jan-2014 18:29
Send private message

Well, it hardly matters if they are based in a different country with no extradition treaty and/or limited police cooperation and/or paying off the appropriate people anyway. It is rare to hear of this being operated from a 1st world country. They would not last long.

942 posts

Ultimate Geek

Trusted

  #966392 13-Jan-2014 18:53
Send private message

 But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


The buyer (crim) just opens a fake TradeMe account.  The crim is based overseas, it's not like they care about TradeMe's T's and C's.

4431 posts

Uber Geek
Inactive user


  #966413 13-Jan-2014 19:59
Send private message

All the banks *might* have 2-factor authentication, but how many regular (non-geek) people know about it?
How many know how to use it?
How many have actually set it up?
How many people (that know it exists) don't use it because they find it annoying?
Why is it not mandatory?

463 posts

Ultimate Geek


  #966445 13-Jan-2014 21:07
Send private message

sonyxperiageek:
hashbrown:
sonyxperiageek: But then it's linked to your Trade Me account.... unless you go and steal a Trade Me account..


Think less like and individual hacker and more like a criminal enterprise.  You don't steal a trademe account, you advertise on the right forum and buy them by the thousand from someone else.


But then it will be linked to them, which in turn links back to the criminal enterprise? lol


Sorry, I should have been specific.  I was talking about the trade in the stolen credentials of legitimate users.  When your PC is hacked your online life can be carved up and sold to interested parties.  Things like tradme logins are of low value, but packaged up and sold in bulk they can make a few dollars.  More info here.

1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

OPPO Find X2 Lite brings flagship features to mid-range 5G smartphone
Posted 29-May-2020 12:52


Sony introduces the digital camera ZV-1 for content creators
Posted 27-May-2020 12:47


Samsung Announces 2020 QLED TV Range
Posted 20-May-2020 16:29


D-Link A/NZ launches AI-Powered body temperature measuring system
Posted 20-May-2020 16:22


NortonLifeLock Online Banking Protection now available for New Zealand banks
Posted 20-May-2020 16:14


SD Express delivers new gigabyte speeds for SD memory cards
Posted 20-May-2020 15:00


D-Link A/NZ launches Nuclias cloud managed network solution hosted in Australia
Posted 11-May-2020 17:53


Logitech introduces new video streaming solution for home studios
Posted 11-May-2020 17:48


Next generation Volvo cars to be powered by Luminar LiDAR technology
Posted 7-May-2020 13:56


D-Link A/NZ launches Wi-Fi Certified EasyMesh system
Posted 7-May-2020 13:51


Spark teams up with Microsoft to bring Xbox All Access to New Zealand
Posted 7-May-2020 13:01


Microsoft plans to establish its first datacenter region in New Zealand
Posted 6-May-2020 11:35


Genesis School-gen has joined forces with Mind Lab Kids
Posted 1-May-2020 12:53


Malwarebytes expands into privacy with fast, frictionless VPN
Posted 30-Apr-2020 16:06


Kordia to donate TV airtime on Channel 200 to community groups
Posted 30-Apr-2020 16:00



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.