Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
tdgeek
26503 posts

Uber Geek

Trusted
Lifetime subscriber

  #2153492 2-Jan-2019 20:13
Send private message

gehenna: Friend of a friend stories rarely turn out to be accurate. Even friend stories can be 50/50 lol

 

Friend of a friend stories often are actually about "me"


Affiliate link
 
 
 

Affiliate link: Shop Mighty Ape for electronics, games, computers books and more.
Batman

Mad Scientist
28015 posts

Uber Geek

Trusted
Lifetime subscriber

  #2153499 2-Jan-2019 20:23
Send private message

tdgeek:

 

gehenna: Friend of a friend stories rarely turn out to be accurate. Even friend stories can be 50/50 lol

 

Friend of a friend stories often are actually about "me"

 

 

Nope it's not me, i have no Australian SMS 2FA





Involuntary autocorrect in operation on mobile device. Apologies in advance.


michaelmurfy
/dev/ttys0
11027 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2153515 2-Jan-2019 21:55
Send private message

kyhwana2:

 

Bank phishing and banking trojans are sophisticated enough to get all of this. If there is money involved, SMS 2FA is NOT sufficient, as attackers can port or intercept SMS 2FA token https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoins

 

Ah yes - you're correct here. Totally forgot about that fact. And agree with you on SMS 2FA and furthermore, trust me when I say this is being worked on.

 

Bung:
You saying "don't use POLi" is like whispering into a thunder storm. The Banks are letting it happen what signal does that send?

 

Again - sorta right. If banks downright blocked POLi then many customers would complain - I remember (not too long ago) an IB release of ANZ's broke POLi and many customers phoned up to complain. Our status was "Don't use POLi" however most customers ignored this. POLi had it all fixed later that day. It is easier to allow it, however advise it is breaching the customers T&C's than to block it and deal with the customer complaints. I'm not going to touch any more on this, I've spoken why it is a terrible idea many many times on here to use POLi.

 

blakamin:

 

But if the customer has ever upgraded their limit (which most people with a need to transfer more than $1k will do. For instance, I transfer more than that to my Mrs every fortnight just to pay bills, Would be more if I got paid monthly).

 

What's onlinecode?? I bank with ANZ, have changed phones, and ported about 8 times, in the last 4 years alone and have never heard of it. If they have my number, they have my SMS verification.

 

I transfered/juggled many many thousands when we bought our last house to cover stamp duty and other things when the was some issues with another bank account... Nothing ever triggered any fraud things.

 

ANZ Australia and ANZ NZ are two different systems, different processes and are fully separated in every way. I'm talking about the NZ side of things, not Australia. I honestly have no idea how Australia work things. Onlinecode is SMS verification here in NZ.

 

Oh, and while you're there, tell head office in Oz that i'm seriously unimpressed with them holding my wages hostage overnight (or until tuesday if my pay goes in on a saturday) for them to "clear" from a company that also banks with ANZ. It's a rort and they're bastards.

 

Different technology, different processes, different ways of doing things in Australia vs NZ. There is a reason behind this but it isn't my area to speak on it. Also, I have no say either as I don't work for Australia...

 

That is it from me. It sounds like we're talking about Australia and not NZ and in this place, I can't add any more to this thread as I simply don't know...





Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.




sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2153517 2-Jan-2019 21:57
Send private message

It's worth noting Vodafone have recently restricted DIY SIM swaps which is potentially a result of people having their SIM cards compromised or swapped without their permission.

 

 


Batman

Mad Scientist
28015 posts

Uber Geek

Trusted
Lifetime subscriber

  #2153525 2-Jan-2019 22:14
Send private message

So i guess the solution is don't use SMS 2FA for banking?





Involuntary autocorrect in operation on mobile device. Apologies in advance.


jarledb
Webhead
2847 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2153531 2-Jan-2019 22:47
Send private message

Batman:

 

So i guess the solution is don't use SMS 2FA for banking?

 

 

Its not perfect, but from that to not using it?!

 

By that logic: Passwords can be intercepted, so don't use them?


logo
571 posts

Ultimate Geek

Trusted

  #2153553 3-Jan-2019 08:00
Send private message

jarledb:

 

Batman:

 

So i guess the solution is don't use SMS 2FA for banking?

 

 

Its not perfect, but from that to not using it?!

 

By that logic: Passwords can be intercepted, so don't use them?

 

 

RSA securiID software token - basically an app downloaded to your phone. You enter a PIN and it generates a one time key.

 

That, or a similar system, is used by some banks for their next level up online banking platforms.

 

However the maintenance (initial setup, reinstalls due to changed phones, resets of forgotten PINs etc..) are much, much higher than simple SMS 2FA.

 

 

 

 

 

 

 

 

 

 

 

 




blackjack17
1507 posts

Uber Geek


  #2590020 21-Oct-2020 20:28
Send private message

My co-worker had this happen to her this weekend. 

 

First she knew about it was not receiving phone calls over the weekend (was receiving texts but realised afterwards it was only imessages coming through).  When she contacted vodafone she found out that her number had been ported over to 2 degrees.  Next thing a sum of money had been transferred from savings to chequing and then transferred from her bank to another bank.  Her ird had another bank account added as a primary bank account.  

 

 

 

Her bank has locked her account and won't reinstate internet/phone banking until she can prove her computer / phone has been "cleaned" (her words).  The police are involved.

 

Vodafone at first said they had no record of who instigated the port, but an IT guy at work contacted someone higher up and they are working on it.

 

 

 

So believe it or not this is a thing.





kiwifidget
"Cookie"
2649 posts

Uber Geek

Lifetime subscriber

  #2590023 21-Oct-2020 20:35
Send private message

so how can you protect yourself from it?





Delete cookies?! Are you insane?!


alasta
5743 posts

Uber Geek

Trusted
Subscriber

  #2590025 21-Oct-2020 20:40
Send private message

kiwifidget:

 

so how can you protect yourself from it?

 

 

It sounds like it's a matter of ensuring that you've got a two factor authentication solution that is not tied to your phone number.

 

I know that BNZ offer app based 2FA as well as the old 'battleships' Netguard card, and Rabodirect provide a seperate physical device with rolling codes.


kiwifidget
"Cookie"
2649 posts

Uber Geek

Lifetime subscriber

  #2590027 21-Oct-2020 20:45
Send private message

...something like Authy?

 

Even though its on my phone, its tied to my email address I think, and not my phone number.





Delete cookies?! Are you insane?!


Batman

Mad Scientist
28015 posts

Uber Geek

Trusted
Lifetime subscriber

  #2590033 21-Oct-2020 20:55
Send private message

kiwifidget:

so how can you protect yourself from it?



Don't use 2FA with sms




Involuntary autocorrect in operation on mobile device. Apologies in advance.


michaelmurfy
/dev/ttys0
11027 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2590035 21-Oct-2020 20:57
Send private message

blackjack17:

 

So believe it or not this is a thing.

 

Oh I know it is a thing. The crazy thing here is the amount of information that is required to do a port, login to IB and do the transfers. The criminals would have had to get this somehow too and you've got to wonder how they did this. It could even be as simple as password reuse (very common) so a good opportunity to teach your colleague about a password manager like lastpass, 2 factor on emails and online services (Authy) as well as ensuring this password or passwords like it are never used again. Also get your colleague to look at https://haveibeenpwned.com and look at pwned passwords too.

 

The sad thing is the person who received the money is the one that will be affected - the money will get reversed to the victims in most cases putting the mules account into an overdraft (if it is caught early-on). The mules normally believe they've signed up to a "work from home" job and this is their paycheck however often the scammers will say to them "we've sent you too much - transfer it here or convert it to Bitcoin".

 

Read more here: https://cffc.govt.nz/building-wealthy-lives/frauds-and-scams/are-you-a-money-mule-for-criminals/

 

Banks have to protect themselves and the customer - they will in most cases put a stop to all accounts depending on when the fraud was picked up and ensure the customer is not going to get compromised again before unlocking them again. Every time one of these fraud cases occur it costs customers and the bank and this is why banks are very big on getting staff members (like myself) out to places like retirement villages to give talks on fraud and security in an attempt to make the NZ market less appealing to scammers.





Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.


michaelmurfy
/dev/ttys0
11027 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2590036 21-Oct-2020 21:01
Send private message

Batman:
kiwifidget:

 

so how can you protect yourself from it?

 



Don't use 2FA with sms

 

Don't reuse passwords.

2FA is fine with SMS (it is not the best but it helps if you don't have any other option) but also ensure that you've got app-based 2FA on your email and other online services that may have information about yourself, bank accounts, mobile providers etc.





Michael Murphy | https://murfy.nz | https://keybase.io/michaelmurfy - Referral Links: Sharesies | Electric Kiwi
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation.


jjnz1
1293 posts

Uber Geek


  #2590042 21-Oct-2020 21:16
Send private message

Hmm thinking out loud here.

I port my staff all the time to Vodafone. All I need is their phone number and their account number. Done.

Sim swapping was awesome with VF:
Log into my Vodafone (still no bloody 2fa!!)
Click sim swap
Enter phone number
Enter new sim card number
Activated in 5 mins!
(Vodafone have since disabled this feature for good reason)

Access to my bank:
Need username and pass and access to text message to activate new device. (This can't be changed I think) then there is no limit to what I can do IMO.

I DONT have $1000 limits on my accounts, 10x that seem to go fine (on the very odd occasion I have done that).

What's not easy about this?

1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Belkin Screenforce Tempered Glass Screen Protector and Bumper - Apple Watch
Posted 15-Aug-2022 17:20


Samsung Introducing Galaxy Z Flip4 and Galaxy Z Fold4
Posted 11-Aug-2022 01:00


Samsung Unveils Health Innovations with Galaxy Watch5 and Galaxy Watch5 Pro
Posted 11-Aug-2022 01:00


Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51


ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28


GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41


Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48


NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06


New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14


Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac