| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 55600 | 2005-03-15 00:09:00 | internet bank fraud | Adamho (7593) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 334224 | 2005-03-17 05:41:00 | [edit: removed quoted text]Hmm ... any Arabic speakers on the forum who are able to provide a translation of this for me? Please PM me with it. Thanks. :) [edit:] Update: As suspected, this post was offensive. Thanks to the person who supplied me with this information, much appreciated!. :) [further edit - 18/03/05: The person who supplied me with the information that the post was offensive deliberately misled me. I took this person's opinion on that post at face value as they are a well known, and respected member of this forum. However, it turned out they PM'd me as a joke even knowing that it would result in Ayman being banned and their post removed. I've had the original post correctly translated by an Arabic speaker now, and it certainly was not offensive nor deserving of a ban - Jen] |
Jen (38) | ||
| 334225 | 2005-03-17 21:45:00 | One point which is obvious from all the above but needs to be stated is.... Only use a machine you are confident of. I would never access ny bank accouint from a cybercafe or anyone else's computer. Only ever this one which I clean up all the time. And once I've been to the bank site I clear out all temp files, cookies, history and don't keep the site in favourites. I type it in afresh each time. Some people think I'm paranoid. I think I'm careful. ;) |
mark c (247) | ||
| 334226 | 2005-03-17 22:01:00 | Another thing is that not all banks do the same thing here. My wife's bank lets her transfer money to anyone, anytime. My bank are more security concious in their process, at least. At first it annoyed the heck out of me but I've come to vlaue it. For example, where my wife can simply transfer money from her account to any account, by just providing details online, I have to write a letter to the bank, giving any details of an account I want to transfer money to, and they will load it up at there end. Annoying I don't have the freedom, but re-assurring that if someone did get my login details they can't just transfer the money out to another account. |
Biggles (121) | ||
| 334227 | 2005-03-19 20:33:00 | In answer to the original question - 1. No problems with bank fraud, but I have McAfee online virus scanning, automatically updated from their website, zonealarm, various malware cleaners, don't open unknown email attachements etc etc - still vulnerable to keystroke loggers to some extent tho 2. However my bank automatically allows oneoff payments from bank accounts. I've written to them asking if it is possible to disable this feature on my accounts - if we all did the same, they would provide the ability to choose to have this feature available for use or not. No harm done if someone log1s i0n 2777777777777777777777777*(sorry, new kitten helping) logs on and shuffles money between your accounts. If the banks disabled this feature globally or explicitly warned customers of the risk they take using it, the problem would largely go away, at least for the meantime,no? 3. I have seen mention of an 'onscreen keyboard' feature where you use mouseclicks to enter sensitive information - does anyone have any comments on how useful these are? And where a nice free one is available? Ta |
annie (6010) | ||
| 334228 | 2005-03-20 04:34:00 | There is one that comes with Windows which you can use. This only prevents keyloggers though, and if you have a keylogger... well..... Then you also get 'keyloggers' which do more than just log keystrokes, but can also take snapshots of the screen etc. Remote desktop anyone? |
Chilling_Silence (9) | ||
| 334229 | 2005-03-20 15:34:00 | Keyloggers have improved more over time, I remember seeing my description of keyloggers being said in NetGuide. Basically there's two kinds of keyloggers (that I know of), hardware and software. Hardware ones can sit between your keyboard and keyboard connection (ps/2, usb, etc) and logs every keystroke, it is quite effective against collecting keyboard input but that's pretty much it, mainly used to spy on people, especially for emails and things like that, not really passwords but they do get those too. This usually requires the spyer to come back later and grab the device. Harder to detect unless you notice a weird looking object on the end of your computer connected to your keyboard. The software ones are more advanced but easily detectable by softwaree and can be prevented. These are capable of logging keys, logging copied/clipboard items, taking screenshots as Chill mentioned, knowing what Windows are active, what sites you're viewing, knowing where the mouse is currently position, doing register, memory and stack dumps, knowing pretty much everything you do and don't know. They can then email this information collected anywhere they want with their inbuilt SMTP engines or else store the information, open up services to allow computers to connect to it giving them control of your PC, etc. The services opened up too could be allowed and not considered viruses/trojans, things like FTP, etc. How to prevent, make sure you have a Firewall that checks outbound and isn't allowing something you are not certain about, if you're not certain, say NO, you can later configure it if it doesn't work correctly, better saying NO than allowing something that could be harmful. Disable services you don't use/need. Keep your system up to date, Have an Antivirus up to date, Trojan Detector (can do better than Antiviruses when it comes to trojans) as well as being up to date. Spyware/Adware should be cleaned off, they could open up many possibilities that weren't foreseen. As for Internet Banking, a lot of companies go the directline way, basically their connection dials directly to the banks (so I'm told), well I don't know this for sure, currently in the process of accessing it and deciding for the company whether this is a good idea or not. Costs $30 a month and gives you more flexibility over your account because of their lack in Internet options, must be used in conjunction with the provided software (hopes the software is Linux compatible, as I find it'd be safer doing it this way). Basically the idea is, a single, standalone PC, running Linux, firewalled with a localhost DNS server limiting access to only the banks IP and nothing else, pretty much a box wasted on only doing banking. There'll be no form of password manager, so nothing like that could be stored, I'll need to figure out what tools maybe needed etc, but the idea is to have only enough for the banking and that's all. (considering making a LiveCD and not using a hard drive either) In a Windows situation, I guess it doesn't matter how I go about it, I just can't secure a Windows box as tight as Linux, well I could but I'd need to research more into it (there's a lot undocumented) as a standard out of the box Operating Systems, I don't think it's possible. KK |
Kame (312) | ||
| 334230 | 2005-03-20 16:03:00 | Sorry thought I would add more after reading more of the thread . So you can look over someones shoulder to get their pin, which does require getting the card as well . As for looking over at someone typing their password, well good luck if you could get mine, you'd need to be able to see/read 73+ wpm as my typing speed, which is why I'm not bothered when people look at me typing in my password . How banks could improve their security, which probably means making it more of a hassle doing online banking than making it easier . A lot of good ideas already been suggested, Username/Password to access the site, separate codes for transfers/transactions, the number on your EFTPOS/debit card is not shown on the bank site (I think), so they could ask for this as another method of verification or part of it . They should not allow passwords to be stored, Browsers should not allow passwords to be stored . Something else I was thinking was they should collect some personal details from their clients for the purpose of security only, that way, everytime you do a transaction or something, you could be prompted to answer a random question that they came up with from your personal details supplied . The access code being sent via email/sms, although maybe a good idea, it's not necessary, there's other methods that could be better, just thinking that if the services of email/sms is not working, then you'll be delayed even more . Maybe they could start working with having their emails signed, encrpyted, etc that only their public key, could translate . Something that this has brought up is how easy it is to perform fraud, something I've just realised with my ISP, is they are suppose to send an email of your bill on the 23rd, but they are always delayed a few days and never on time, if someone forged a duplicate or copy of the invoice (forged/spoof email address) and sent it out requesting payment, with their bank account instead of my ISP before the actual ISP email the bill, a lot would fall for it . As for me, I don't pay my ISP via the invoice they send out, usually wait till they request it (personal grudge against them) . KK |
Kame (312) | ||
| 334231 | 2005-03-24 00:52:00 | Hey, well even if the banks websites increased the secerity of your log in details it would be almost useless seeing is if you had spy/ad/malware they can see everything you type, so the banks secerity online wouldnt make a difference, espacilly since 9 out of 10 computers connected to the internet are infected with spy/ad/malware, what we could do though is have a bank support chat or something just 1 on 1 and you would be able to ask the banker stuff without filling out forms, although the person who put the ad/spy/malware on your pc would be able to see your keystrokes he wouldnt be able to do anything without your address, name, phone associated with the card, even then some support chats are going through numerous firewalls so it would be "nearly" impossible for the average trojan or virus or warez......... I would highly suggest that you just call the bank instead of using online bank services because i would know that getting your credit card stolen is a bunch of Bull****. i hope that this hasnt been said in any of your posts but i didnt read each one individualy and figured that it had to be said, the internet is not safe, and someone is reading what i type at this exact second. Tiny |
TINY (7596) | ||
| 334232 | 2005-03-24 02:38:00 | Great, Some more half baked TV coverage. Lets see what gets hyped,and what gets missed due to lack of understanding of the subject,and the requirment to make it interesting. If these TV programs had half a clue they could make it informative rather then creating more confusion for the masses. Don't you just hope deep down inside that they'll quote you on air? |
Growly (6) | ||
| 334233 | 2005-03-24 05:54:00 | Frankly, I cringe every time they have "internet advice" on TV . That's the big problem - I assume most of us use computers to at least some extent, yet the coverage of issues involving such technology is rare on the news - and usually it's about viruses and worms having serious and widespread effects (e . g . Blaster) and e-mail scams duping many NZers . When there are items on the news regarding computers, the presenters / newsreaders tend to talk down at us in an overly-simplistic way as if most viewers are stupid, i . e . explaining jargon terms, rather than the hows and whys of the issue and what we should do about it . Yes there are people that don't know much about computers, but it is better to give some details about what firewalls do (for example) in order to give a more complete picture, than to leave some of the important issues and details out, e . g . the difference between malware and viruses - and the issue that anti-virus software will not remove malware . The good thing about the Sunday programme is that it gives decent amounts of time to each article presented . For the online banking security story, it would be worth investing an adequate amount of time explaining the issues and key factors, such as what the issue is, how (without divulging specifics of example software) it is done, how users can defend themselves from these and other attacks (i . e . anti-virus, secure browser (FireFox), firewall, anti-spyware/malware software, etc . ), what each of these measures does and does not do and how (in general terms) the software (e . g . firewalls) works . Then there can be stuff on future predictions, trends, what has so far been done to resolve the issues, etc . The main thing is not to belittle the viewing audience and to provide a more complete picture . |
D. McG (3023) | ||
| 1 2 3 4 5 6 7 8 | |||||