1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Bank account fraud

Collapse
X
41 to 50 of 67 Previous 1 2 3 4 5 6 7 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
41 to 50 of 67 Previous 1 2 3 4 5 6 7 template Next
    #41
    Originally posted by cojak View Post
    The only time I do online banking is when I'm home on my own network (I will be changing bank accounts over this holiday period).
    Bloody Americans!
    "You’re just a bad memory who doesn’t know when to go away" JR

    Comment

      #42
      Suity Towers now has a DMZ, IDS and a dedicated banking VM accessible via VPN.

      It was Natwest and I have written to their Fraud team.
      Knock first as I might be balancing my chakras.

      Comment

        #43
        Originally posted by suityou01 View Post
        Suity Towers now has a DMZ, IDS and a dedicated banking VM accessible via VPN.

        It was Natwest and I have written to their Fraud team.
        They are taking your feedback very seriously.

        Comment

          #44
          Originally posted by suityou01 View Post
          Suity Towers now has a DMZ, IDS and a dedicated banking VM accessible via VPN.

          It was Natwest and I have written to their Fraud team.
          Make a formal complaint, with the title formal complaint then go to the press or financial ombudsman.
          "You’re just a bad memory who doesn’t know when to go away" JR

          Comment

            #45
            Originally posted by suityou01 View Post
            Suity Towers now has a DMZ, IDS and a dedicated banking VM accessible via VPN.

            It was Natwest and I have written to their Fraud team.
            Ahem, see below.

            Two major high street banks will change security procedures after journalists from BBC Radio 4's You and Yours programme broke into an account online and removed money.
            Recently bank customers accounts have been successfully attacked by criminals who divert mobile phone accounts.
            Criminals persuade phone providers to divert mobile phone numbers in what is sometimes called "SIM swap fraud".
            Some banks text security details when customers forget their details.
            The activation codes sent by text to mobile phones also allow payments to be made from an account.
            The scam works by blocking the genuine phone. The owner is unaware of why the phone has been blocked and allows the criminal - who now has control of their phone - to syphon money from their bank account.
            Online break-in forces bank to tighten security - BBC News

            Now I don't want to say I told you so, but I told you so.

            Originally posted by Incognito View Post
            What's happened is that they've contacted your mobile phone provider and ordered a new SIM. This doesn't disconnect you, it's he first time the person pops it in a phone and registers it that disconnects you. What happens at that point as well is that the person in question then has a phone with your mobile number.

            Ask your mobile phone provider when the SIM was ordered, ask them what address they sent it to. Don't say it's because you've been scammed, just say you're double checking they sent it to the correct address, that they haven't got recorded a typo.

            Also, Rapport isn't an AV, it's simply a URL checker that routes your request to their hosted service and ensures you're actually browsing on the site and haven't been redirected to anybank.couk.ru
            So the stuff that you've done, whilst all well and good would have equated to the square root of sweet feck all in preventing it happening again. If you'd done as I said back in Dec you actually might have been able to get the address of where the scroat got the SIM sent to. It's an old trick, it's been around for a few years now.
            "I hope Celtic realise that, if their team is good enough, they will win. If they're not good enough, they'll not win - and they can't look at anybody else, whether it is referees or any other influence." - Walter Smith

            On them! On them! They fail!

            Comment

              #46
              Yeah but Suity doesn't listen to anyone

              Sometimes it's worth embarrassing large companies.

              Suity could have had a nice spread in a broadsheet with IT consultant under his name looking like he's an expert in cyber crime.
              Last edited by SueEllen; 4 March 2016, 01:32.
              "You’re just a bad memory who doesn’t know when to go away" JR

              Comment

                #47
                Originally posted by SueEllen View Post
                Yeah but Suity doesn't listen to anyone

                Sometimes it's worth embarrassing large companies.

                Suity could have had a nice spread in a broadsheet with IT consultant under his name looking like he's an expert in cyber crime.
                Just imagine the damage that might have done if he'd landed a gig on that basis

                Comment

                  #48
                  Originally posted by eek View Post
                  I don't think the issue was mobile banking but online banking done outside a secure environment under which you hopefully have full control.

                  I will happily use my banks mobile app on a mobile device not using Wifi as those dns servers are unlikely to be compromised and the odds of anyone creating a fake site that can slurp the details from that app is minimal.
                  Sorry to hear about your trouble Suity, the complexity of the attack suggest that the bastard that did this would have been within a few hundred yards of you...

                  Eek: You would think that your approach would be a sensible precaution however governments have had devices that can spoof towers and capture traffic for years, but it's starting to get to the hands or abilities of the general population.

                  Hacker Spoofs Cell Phone Tower to Intercept Calls | WIRED

                  An audit of Mobile phone based banking applications slammed their general lack of security:

                  https://nakedsecurity.sophos.com/201...e-banking-app/

                  Its a 2014 article but I doubt much has improved and for those of you that like to use secure ultra long passwords using password1 the sodding thing uses clear text over the loop back interface because they couldn't figure out how to do key exchange/storage properly

                  https://medium.com/@rosshosman/1pass...389#.bl1lwht3y

                  Comment

                    #49
                    Originally posted by Incognito View Post
                    Ahem, see below.



                    Online break-in forces bank to tighten security - BBC News

                    Now I don't want to say I told you so, but I told you so.



                    So the stuff that you've done, whilst all well and good would have equated to the square root of sweet feck all in preventing it happening again. If you'd done as I said back in Dec you actually might have been able to get the address of where the scroat got the SIM sent to. It's an old trick, it's been around for a few years now.
                    Actually, because you explained Trusteer, I installed it on my machine, so ta for that Incognito.
                    "I can put any old tat in my sig, put quotes around it and attribute to someone of whom I've heard, to make it sound true."
                    - Voltaire/Benjamin Franklin/Anne Frank...

                    Comment

                      #50
                      Originally posted by barrydidit View Post
                      Just imagine the damage that might have done if he'd landed a gig on that basis
                      You people are so negative. I would like to wish Suity well at his next gig of PM on building a new power station in Luton for Nuclear Fuels.
                      What happens in General, stays in General.
                      You know what they say about assumptions!

                      Comment

                      Reply to Thread
                      41 to 50 of 67 Previous 1 2 3 4 5 6 7 template Next

                      Advertisers

                      1. Contracting
                        1. General
                          1. Brexit
                        2. Business / Contracts
                          1. Coronavirus Assistance
                        3. Accounting / Legal
                          1. Umbrella Companies
                          2. HMRC Scheme Enquiries
                          3. The Future of Contracting
                          4. IR35 Reform
                        4. Technical
                        5. Welcome / FAQs
                      2. Social
                        1. Light Relief
                        2. Social / Events
                      Working...
                      X