Bank account fraud

It always happens to Suity....

Well, that's 2 months of starvation for the family even after handouts from the food bank !


Has the wife been using it recently?

There always has to be someone gullible around.

Though to be fair one of my credit cards numbers has recently been stolen.

As the use follows the pattern of one of my family members with the same issuer whose card was kept in a drawer and was used abroad first, it's either a good guess or an inside job.

Changing to Kaspersky. It was arranged using the mobile app. The scrote got my phone cancelled, then re-registered the app on his phone. The fact that his was able to register the app to a phone number that wasn't on my account record seems like a gaping hole in their security. Although the mobile phone company handing out new SIMs like smarties doesn't help either.

I'm piecing this together and I think I have established the attack vector as being DNS poisoning attack at my new digs in Bolton.

Precisely what happened. The scrote got my phone cancelled. I imagine by telling the mobile phone company that the phone was lost or stolen and they already had a spare handset. Remember the don't know the password on my account, but they do know my bank details, dates of direct debits, amounts etc. So the mobile phone company may have taken this knowledge as proof of identity, but I'm assured they need to know the password as well, so how this was bypassed is still a mystery. Going to the meeja does seem like a logical next step.




Actually I'm taking some further precautionary measures. Changing mobile phone number, ultimately changing provider. Changing banks. Installing a packet logger on my laptop, and looking into some way of detecting dns poisoning attacks. I am installing a VPN at Suity Towers, so if I'm away and need to do banking I can tunnel in securely, to a virtual machine that is dedicated for only online banking.

It is. They do recommend rapport. I don't use it as it's not very good. That said the attack vector wasn't malware, and the machine is clean.

It does seem to, doesn't it.


I don't think I've been gullible, I think I've been unlucky. I shall of course now take extreme measures to make my own luck in future.

I'd suggest getting a 4G wifi dongle thingy rather than relying on the wifi at places you stay - as you've discovered, there can be serious risks associated with using open wifi for anything beyond trivial browsing, and even that can open you to attack against your device's network stack.

The downside is that you then have yet another mobile device over which you have to wrestle with a useless mobile operator

But it's also useful at clients that allow personal devices, as you can use your own kit to post to CUK all day long without it showing up in their gateway logs

EDIT: I got a Onetouch Link Y800 on EE 4G (hardware suggested by SimonMac - ta SM!) a year or so ago, and apart from EE being somewhat unreliable from time to time, the device itself has been fine. I would assume there are later models available now, or there's always tethering to your phone.

Agree with all of that, and thanks for the advice. The place I stay is residential, and the broadband is BT Home Hub. It is starting to look like one of their DNS servers was poisoned, although I have no way of proving it.

So glad I'm a complete mobile phone luddite - It avoids such a lot of complications like this

In Feb my contract ends and I am going to upgrade to an iphone5s. No way I am installing banking on there. And I might remove banking apps from my ipad.

Thanks for sharing suity. Very difficult for you - hopefully we can learn from your misfortune.

I am amazed you only got 1 nasty comment here. It shows you are well liked! I would have got far more than 1...

It shows everyone has a cracking hangover after Black Friday and can't be arsed to dish some out.

Further updates for those who may follow this thread in the future.

I have reported this to Action Fraud. Action Fraud.

Also I have registered me n her indoors for the cifas service. https://www.cifas.org.uk/

Edit : Also bought one of these http://www.currys.co.uk/gbuk/computi...19995-pdt.html which does VPN.