Warning about Internet Banking Fraud

[M&S]

Sorry if this isn't appropriate or in the wrong section.

This is from me as it has just happened to me this weekend. I have found out this-morning when checking the bank balance. It is not a forwaded email etc.

I know some of you will say "yeah, but, you should have" etc, and that's fione, you are aware and will never be affected by such a problem. Well done.

To those others that think that they are carefull, I hope this casts some doubt and prevents it happening to you.

Now that I am aware that this is even possible I am NEVER using the internet for banking again.

A WARNING TO ANYONE USING INTERNET BANKING

We have had our bank account emptied. Well almost, they left us £5.

It turns out that you can have a virus on your computer that you don't know about. It monitors your internet banking and picks up your password by changing the text on the screen. It is the genuine bank site, it has all of the security certificates etc. It doesn't monitor key strokes, it actually uses the banks own website and takes the information from that.

The firewall and virus checkers didn't spot it. The page looks exactly like your banks page BECAUSE IT IS!

The bank has told me that it is their webpage that has been "hijacked" by a virus on my computer.

I'm very cautious with my internet, I don't open any emails that have been forwarded, I don't open any emails where I don't recognise the sender, I check every link before I click on it. I typed in the banks web address as normal, so it wasn't even a shortcut or link I used. My virus checker is up-to-date, etc, and I had run a check earlier that week.

I know there's loads of scams and viruses and thought I was doing everything that I could not to get one. This has made mne realise just how hopeless it is. If a genuine site can be hijacked I don't see how you can prevent that? How do I know my email account, Amazon account, etc have not been done???

To top it off my computer won't start now as it's deleted some of the system files. So I need a complete reinstall (which I'll have to do to remove the virus).

So, if your banking asks you for an extra digit of your password, or even the full password, or if you log in and it says anything along the lines of "log-in error, please try again" etc then shut it down.

I've been using internet banking for many years now, for transferring funds and checking balances. I pay everything by cheque or cash, so my account activity is minimal. I have now had my internet banking frozen and closed and will not be using it again. I'm also going to use a different computer to change my email passwords etc etc, but how do I know THAT computer isn't doing the same?

I hope this might save someone else from having this happen to them, even if it just flags up a doubt in one persons mind as they log in.

[landroversforever]

My internet banking, now needs my card & reader for any transaction other than between my own accounts.

On a simmilar note, in the last week I have had a wave of spam banking emails, 'details needed' 'account closing' etc etc.

[maxtherotti]

mine also needs the reader to generate a pass key to allow any transfers etc

but im sorry it happened to you chap and are the bank refunding your money?

rob

[martifers]

Sorry to hear that. What have the bank said? I take it they have accepted it as fraud and are re-emberssing your account? Just out of interest, which bank was it and what antivirus software are you currently running? The anti-virus companies are always playing cath up, that is the only way they can do it, but that sounds like a new form of worm with some complicated coding, hopefully the anti-virus companies are throwing everything they have at it. I'll be checking for updates for mine on a dialy basis for a while.

Tom

[rtbarton]

Mine texts a pass code to my mobile phone for transfers.

[M&S]

I didn't mention the name of the bank because, well, I figure the less folk that know my bank info the better It is one of the largest high street banks. No fancy card reader though.

Apparantly they will be refunding my money in 7 days. I have 1/4 tank of diesel and a tenner in my wallet until then so that's ok I'll be making sure any expenses incurred are refunded also (ie cheques not clearing).

Oh, and all I have to do is pop in to the branch and they will reset my internet banking. Erm right, like I'm going to do that Especially as I don't know how or what got on my computer. Reset my banking, get money back, get bank emptied again. No thanks!

I use AVG plus the usual microsoft stuff, latest updates of explorer etc. SWMBO is talking to the IT security dept at the university today, so hopefully we should have a name of the virus or some other information of what to look for. I will pass it on of course.

Thanks all - stay aware (and keep a stash of cash under the matress just in case!)

[Aragorn]

I'd be avoiding Internet Exploder completely in future if i was you. Its thru bugs in that once piece of software that most of the viruses etc manage to get into your computer in the first place, unless you've introduced them yourself via an email attachment or some infected warez etc.

I use firefox, but there are other options such as google chrome and opera that you can try. Same with your email software, junk Outlook Express or Outlook if you use it, and switch to thunderbird or something similar.

I used to rave about AVG, but recently i've had a few infections on work machines (Running a fully licenced version of AVG 8.5 Business), and its dented my confidence in it a bit. I've heard good things about Avast, so might be worth giving that a go.

[FridgeFreezer]

IE is so insecure that Google have dropped support for it and the German & French governments now officially advise against its use. Of course the UK government have "found no problems" with it, so that's OK then.

AVG is a good start, "all the usual MS stuff" is less great. I'd check out Spybot Search & Destroy as that finds most IE "helper" objects (usually viruses or trackers).

[Retroanaconda]

IE is a lot better than it used to be, but it's still a lot less secure than the other (free) options out there.

Sorry to hear of your trouble, I thought all banks were using some sort of non-online means of transfer verification nowadays? Card readers etc.

[BogMonster]

Mine don't, not that I have any problems, I can't see how a virus would pick up anything useful as it asks for a different combination of numbers from the security code each time so it wouldn't be any use next time around.

[maxtherotti]

at least your getting your money back tho chap so small bonus there

rob

[reb78]

Mine don't, not that I have any problems, I can't see how a virus would pick up anything useful as it asks for a different combination of numbers from the security code each time so it wouldn't be any use next time around.

Some of these systems appear quite basic. On of my accounts will ask for number in the same order more than once in a day, so its probably not hard for chancers to get in there if the software has recorded the numbers entered and the screenshot asking for set digits in the passnumber.

[LR90]

Set up a secure minimal OS and browser on a memory stick and use that to run an in ram image. Alternatively the minimal quick boot OSs found on some netbooks are a good out of the box solution.

[tweetyduck]

I'm sorry to hear that you've be hijacked. At least you get your money back. Its unlikely to affect you again and its a lot less hassle than suffering identity theft. Just make sure you change all your passwords if you use the common theme to them on sites (even this one).

I do doubt what you say is possible though. The bank help staff just talk rubbish most of the time as most people wouldn't understand the real reason why. Theres something more to it than what you say. Plus i've not heard of your issue and would certainly have done.

Logging keystrokes is certainly possible with a trojan and thus stealing a password. Doing what you explain is essentially a man in the middle attack and its not possible (not at all likely is more accurate). So its likely you weren't at the site you thought you were and were redirected to a Pharming site impersonating your bank and complete with SSL certificate that you didn't check (clicking the padlock icon and checking its a valid issued ssl certificate). You entred you details and they then logged into your account and emptied it. I bet when you logged in you didin't get in and then tried again on the legitimate site url.

Anyhow. Your advice is good. People should be carefull. Might be worth while getting a better AV package and scanning your PC more often. My advice is ESet NOD or GData. GData is the better one in the latest tests. http://www.gdatasoftware.com/

I must point out although that AVG is excellent and would have almost certainly picked up a trojan. What it would not pick up is the redirection the the fake bank site. Only an Internet Security suite would do that. Depending on bank the green address bar in Firefox easily show your at the correct site by just one click. I have noted however that due to certificate issues alot of the major banks remain "blue" and thus not trusted as the legitimate site. They should sort this out. See the caps below. One is green a perfect site and the other is blue and so not perfect.