A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Scam internet banking users...



 
 
Thread Tools Display Modes
  #1  
Old July 1st 12, 07:55 PM posted to uk.telecom.mobile,uk.telecom.broadband
CJB
external usenet poster
 
Posts: 127
Default Scam internet banking users...

This from another forum:

If your mobile phone suddenly stops working with the error "Sim
registration failure" or similar and it is the number associated with
your internet banking account check what's happening on your bank
account.

My mobile was barred last Friday at 10:44 am after someone phoned
Vodafone to report it missing. By 11:09 some lowlife ba$tard had
extracted almost 3k from my current account. (it was an unusually
high balance due to having imminent bills for a boiler and some double
glazing).

It appears that said lowlife reports your mobile stolen, hoping to get
calls diverted to a number of their choice in case the bank rings
about the unusual transaction activity on your account. Luckily
Vodafone will only apply a divert if the caller can prove they are the
mobile account holder. In this case, Halifax spotted the unusual
account activity by the 4th transaction and locked the bank account.

They then assured me that the missing money will be replaced by
tomorrow now that I have scanned my IT equipment for nasties and the
account has been re-activated with new security information. So, the
moral of the story is, don't be complacent when your phone stops
working - I was originally going to wait until I could get to a Voda-
shop to get the SIM checked but after
not being able to access my bank account, I rang them to sort the
phone out
and discovered the link.

XXXXXX
  #2  
Old July 2nd 12, 05:37 AM posted to uk.telecom.mobile,uk.telecom.broadband
Chris Blunt
external usenet poster
 
Posts: 45
Default Scam internet banking users...

On Sun, 1 Jul 2012 10:55:01 -0700 (PDT), CJB
wrote:

This from another forum:

If your mobile phone suddenly stops working with the error "Sim
registration failure" or similar and it is the number associated with
your internet banking account check what's happening on your bank
account.

My mobile was barred last Friday at 10:44 am after someone phoned
Vodafone to report it missing. By 11:09 some lowlife ba$tard had
extracted almost 3k from my current account. (it was an unusually
high balance due to having imminent bills for a boiler and some double
glazing).

It appears that said lowlife reports your mobile stolen, hoping to get
calls diverted to a number of their choice in case the bank rings
about the unusual transaction activity on your account. Luckily
Vodafone will only apply a divert if the caller can prove they are the
mobile account holder. In this case, Halifax spotted the unusual
account activity by the 4th transaction and locked the bank account.

They then assured me that the missing money will be replaced by
tomorrow now that I have scanned my IT equipment for nasties and the
account has been re-activated with new security information. So, the
moral of the story is, don't be complacent when your phone stops
working - I was originally going to wait until I could get to a Voda-
shop to get the SIM checked but after
not being able to access my bank account, I rang them to sort the
phone out
and discovered the link.


I understand the bit about them trying to divert your phone, but I
still don't see how the person was able to access your internet
banking account. How were they able to do that?

Chris
  #3  
Old July 2nd 12, 11:15 AM posted to uk.telecom.mobile,uk.telecom.broadband
Harry Stottle
external usenet poster
 
Posts: 5
Default Scam internet banking users...

"Chris Blunt" wrote in message
...
On Sun, 1 Jul 2012 10:55:01 -0700 (PDT), CJB
wrote:

This from another forum:

If your mobile phone suddenly stops working with the error "Sim
registration failure" or similar and it is the number associated with
your internet banking account check what's happening on your bank
account.

My mobile was barred last Friday at 10:44 am after someone phoned
Vodafone to report it missing. By 11:09 some lowlife ba$tard had
extracted almost 3k from my current account. (it was an unusually
high balance due to having imminent bills for a boiler and some double
glazing).

It appears that said lowlife reports your mobile stolen, hoping to get
calls diverted to a number of their choice in case the bank rings
about the unusual transaction activity on your account. Luckily
Vodafone will only apply a divert if the caller can prove they are the
mobile account holder. In this case, Halifax spotted the unusual
account activity by the 4th transaction and locked the bank account.

They then assured me that the missing money will be replaced by
tomorrow now that I have scanned my IT equipment for nasties and the
account has been re-activated with new security information. So, the
moral of the story is, don't be complacent when your phone stops
working - I was originally going to wait until I could get to a Voda-
shop to get the SIM checked but after
not being able to access my bank account, I rang them to sort the
phone out
and discovered the link.


I understand the bit about them trying to divert your phone, but I
still don't see how the person was able to access your internet
banking account. How were they able to do that?


Ther clue might be in the first line "This from another forum:"
So this does not appear to have happened to CJB, it is just a copy from
another source, same as the other scare stories he posts from the 'Daily
Mail'.

  #4  
Old July 2nd 12, 11:21 AM posted to uk.telecom.mobile,uk.telecom.broadband
Davey
external usenet poster
 
Posts: 586
Default Scam internet banking users...

On Mon, 2 Jul 2012 10:15:44 +0100
"Harry Stottle" wrote:

"Chris Blunt" wrote in message
...
On Sun, 1 Jul 2012 10:55:01 -0700 (PDT), CJB
wrote:

This from another forum:

If your mobile phone suddenly stops working with the error "Sim
registration failure" or similar and it is the number associated
with your internet banking account check what's happening on your
bank account.

My mobile was barred last Friday at 10:44 am after someone phoned
Vodafone to report it missing. By 11:09 some lowlife ba$tard had
extracted almost 3k from my current account. (it was an unusually
high balance due to having imminent bills for a boiler and some
double glazing).

It appears that said lowlife reports your mobile stolen, hoping to
get calls diverted to a number of their choice in case the bank
rings about the unusual transaction activity on your account.
Luckily Vodafone will only apply a divert if the caller can prove
they are the mobile account holder. In this case, Halifax spotted
the unusual account activity by the 4th transaction and locked the
bank account.

They then assured me that the missing money will be replaced by
tomorrow now that I have scanned my IT equipment for nasties and the
account has been re-activated with new security information. So, the
moral of the story is, don't be complacent when your phone stops
working - I was originally going to wait until I could get to a
Voda- shop to get the SIM checked but after
not being able to access my bank account, I rang them to sort the
phone out
and discovered the link.


I understand the bit about them trying to divert your phone, but I
still don't see how the person was able to access your internet
banking account. How were they able to do that?


Ther clue might be in the first line "This from another forum:"
So this does not appear to have happened to CJB, it is just a copy
from another source, same as the other scare stories he posts from
the 'Daily Mail'.


And of course, any time you use your mobile 'phone to talk directly to
your bank account, you are risking somebody snooping.
--
Davey.

  #5  
Old July 2nd 12, 02:37 PM posted to uk.telecom.mobile,uk.telecom.broadband
Mark Carver
external usenet poster
 
Posts: 461
Default Scam internet banking users...

On 02/07/2012 10:21, Davey wrote:


And of course, any time you use your mobile 'phone to talk directly to
your bank account, you are risking somebody snooping.


It's not easy to 'snoop' on a GSM phone call, is it ?

Landline calls however are a piece of ****, just two croc-clips are
required.


--
Mark
Please replace invalid and invalid with gmx and net to reply.

www.paras.org.uk
  #6  
Old July 2nd 12, 10:11 PM posted to uk.telecom.mobile,uk.telecom.broadband
alexd
external usenet poster
 
Posts: 1,765
Default Scam internet banking users...

Harry Stottle (for it is he) wrote:

So this does not appear to have happened to CJB, it is just a copy from
another source, same as the other scare stories he posts from the 'Daily
Mail'.


It may be a 'scare story' but that doesn't mean it's not true. A friend of
mine had his business account depleted by some 20k by con artists, and
convincing the bank to change the contact phone number was part of it.
Another part of the problem was that the bank weren't deterred by the fact
that the person answering the contact number couldn't answer the security
questions. He got his money back in the end, and moved banks.

--
http://ale.cx/ (AIM:troffasky) )
21:04:16 up 172 days, 23:37, 6 users, load average: 0.21, 0.51, 0.54
Qua illic est reprehendit, illic est a vindicatum

  #7  
Old July 3rd 12, 12:35 AM posted to uk.telecom.mobile,uk.telecom.broadband
Theo Markettos
external usenet poster
 
Posts: 539
Default Scam internet banking users...

In uk.telecom.mobile Chris Blunt wrote:
I understand the bit about them trying to divert your phone, but I
still don't see how the person was able to access your internet
banking account. How were they able to do that?


Lloyds Group internet banking (Lloyds, Halifax, Bank of Scotland) uses a
username, a password, and a memorable word for login purposes. Once you've
logged in, setting up a new payee involves an automated call to a number
registered by you and entering a 4 digit code displayed on the web page.

The username and password are easy to phish. The memorable word is harder,
because it's a '3 letters out of N' code, and if you get it wrong it keeps
asking for the same 3 letters. However, if you have malware on your PC it
can record the username, password and enough logins to get most of the
letters in the memorable word. That means the only barrier is then the
confirmation call. However it's not as simple as that, because the internet
banking doesn't display the full mobile number. Which means that number
needs to be keylogged from elsewhere (eg login to your mobile account, or
from an email). There then only remains the issue of finding out what
mobile network it's on (feasible with access to the HLR but otherwise
tricky).

Theo
  #8  
Old July 4th 12, 09:21 PM posted to uk.telecom.mobile,uk.telecom.broadband
Anthony R. Gold
external usenet poster
 
Posts: 362
Default Scam internet banking users...

On 02 Jul 2012 23:35:04 +0100 (BST), Theo Markettos
wrote:

In uk.telecom.mobile Chris Blunt wrote:
I understand the bit about them trying to divert your phone, but I
still don't see how the person was able to access your internet
banking account. How were they able to do that?


Lloyds Group internet banking (Lloyds, Halifax, Bank of Scotland) uses a
username, a password, and a memorable word for login purposes. Once you've
logged in, setting up a new payee involves an automated call to a number
registered by you and entering a 4 digit code displayed on the web page.

The username and password are easy to phish. The memorable word is harder,
because it's a '3 letters out of N' code, and if you get it wrong it keeps
asking for the same 3 letters. However, if you have malware on your PC it
can record the username, password and enough logins to get most of the
letters in the memorable word.


A Lloyds TSB customer never types in any of those letters, he just clicks
some up/down keys to scroll through the alphabet and numerals.

That means the only barrier is then the
confirmation call. However it's not as simple as that, because the internet
banking doesn't display the full mobile number. Which means that number
needs to be keylogged from elsewhere (eg login to your mobile account, or
from an email). There then only remains the issue of finding out what
mobile network it's on (feasible with access to the HLR but otherwise
tricky).


Buy a tin foil hat and then sit inside a freezer until your demons have left.
  #9  
Old July 26th 12, 03:06 AM posted to uk.telecom.mobile,uk.telecom.broadband
Gordon Freeman
external usenet poster
 
Posts: 39
Default Scam internet banking users...

Theo Markettos wrote:
Once you've
logged in, setting up a new payee involves an automated call to a
number registered by you and entering a 4 digit code displayed on the
web page.

....
That means the only barrier is then the
confirmation call. However it's not as simple as that, because the
internet banking doesn't display the full mobile number. Which means
that number needs to be keylogged from elsewhere (eg login to your
mobile account, or from an email). There then only remains the issue
of finding out what mobile network it's on (feasible with access to
the HLR but otherwise tricky).


This model is being used by a number of banks but has a major flaw:

Thanks to smart phones being capable of using the internet and online
banking, it is likely that the phone numner they send the code to is the
very device the fraudster is using to do the banking transaction, having
found or stolen the phone (which might also have your bank's webpage
bookmarked and the username and password details stored).

In security terms, the idea is that you must have possession of some
object as well as knowledge of something, e.g. software that needs a
dongle as well as a licence number, a safe that needs a key as well as a
combination, or a banking machine which needs a plastic card as well as
a PIN. In this case, having physical possession of a specific phone is
the idea, and is proven by the fact you can receive a text message with
a code number in it. But this extra dimension of security is easily
lost, e.g. if the PIN is written on the cash card, or the phone is your
means of accessing the internet banking.


--
__________________________________________________ _____

If you think education is expensive, try ignorance. -- Paddy Ashdown MP
__________________________________________________ _____
  #10  
Old July 26th 12, 09:36 PM posted to uk.telecom.mobile,uk.telecom.broadband
alexd
external usenet poster
 
Posts: 1,765
Default Scam internet banking users...

Gordon Freeman (for it is he) wrote:

Thanks to smart phones being capable of using the internet and online
banking, it is likely that the phone numner they send the code to is the
very device the fraudster is using to do the banking transaction, having
found or stolen the phone


Or stolen the number:

http://www.scmagazine.com.au/News/28...phone-porting-
scam.aspx/0


--
http://ale.cx/ (AIM:troffasky) )
20:35:04 up 196 days, 23:08, 6 users, load average: 0.14, 0.25, 0.31
Qua illic est reprehendit, illic est a vindicatum

 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Brighton internet users criticise Virgin Media Dave uk.telecom.broadband (UK broadband) 0 February 17th 10 10:06 PM
Sharing Users Folders Over Internet Graham Sims uk.comp.home-networking (UK home networking) 2 October 5th 07 08:20 AM
LowRateVoip Scam [email protected] uk.telecom.voip (UK VOIP) 6 March 9th 07 09:53 PM
0709 Scam Edward Cowling London UK uk.telecom.broadband (UK broadband) 36 November 4th 06 03:30 AM
Can't get Haliax Online Banking website Mutley uk.telecom.broadband (UK broadband) 27 September 25th 04 07:41 PM


All times are GMT +1. The time now is 06:36 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.