Reply With QuoteI think a lot of people have had their bank accounts emptied by being on TZ-UK...
Dear all
I have just discovered that my Bank Account has been emptied, this happened on 2nd or 3rd Nov. This was when i had problems getting on to TZ Server and it had issues with its Security being compromised. I made purchases while i had the window to TZ. I am not a PC Professional and am not sure if its possible to do that or not but wanted to make you all aware it may be worth checking.
Regards
Ben H
I think a lot of people have had their bank accounts emptied by being on TZ-UK...
Yes but that's in a good day :cry:
There were no security issues with the TZ-UK server being compromised, the issues were with the tidal wave of connect attempts overloading it.
Eddie
Whole chunks of my life come under the heading "it seemed like a good idea at the time".
Eddie
I did not have any financial details on my emails or postings etc, just thought it might be possible to penetrate PC security with a virus or something if you had both tabs/pages open at the same time as TZ and others, while making purchases.
Am not suggesting for a minute this is down to TZ etc, just thought i'd make others aware of what had happened to me and just to check once in a while for Viruses etc.
Regards
Ben H
Oh how I hate internet banking.
I have it, it's a necessity these days, but Oh how I hate it.
Every time I log on It would not surprise me if the account was empty.
Dave
The worrying thing is when you call the Bank or Credit Card Company its accepted as the norm, like an everyday occurrence.
That's not how it should be.
I work in IT security and I have worked for banks in the past.Originally Posted by burnside
Technically - yes, this sort of attack is possible. However, it isn't possible in the context of problems with TZ-UK, it was a completely different method of attack.
In reality, I've never heard of it being done and I've never seen a case of it in the wild. It's theoretical only.
Remember:
Use secure passwords.
Use a different password for every website you use.
Change passwords frequently.
Run antivirus software and use your operating system's built in firewall.
I've just checked mine, and it's empty. All my own doing though, nothing nefarious. :(
Good luck recovering your money - absolute nightmare, I'm sure.
That's why I refuse to have internet banking.
People think I'm from the stone age sometimes but......... :roll:
Cheers,
Neil.
Dear all
Yes it was just a theory, nice to see someone in the know on here though. Will be changing all my passwords and making them more secure and am currently scanning pc's for viruses etc.
Annoying thing is i am very security conscious with these sorts of things normally, anytime i call Banks or make purchases by phone i used a Landline. I never give out personal info and always shred everything at home or take it to work to shred it where due to where i work it is taken away and destroyed.
It is also drummed into us never to give out information without written authority or dpa forms.
One of those things i'm afraid, still a little annoying as the chance of catching these people is i imagine, minimal.
Hope everyone having a good day.
Should anyone receive some tickets, or flowers from interflora or some electrical gear they weren't expecting can you let me know, maybe they got the shipping address wrong :lol:
:lol: True Story.
Very droll :D :lol: :lol:
"I looked with pity not untinged with scorn upon these trivial-minded passers-by"
Why would a landline be more secure than a mobile? Are you scrambling all your calls?
Burnside, i've had my bank account emptied twice in the past, it might be worth looking at what you have purchased lately in shops, and especially petrol stations, has anyone had 'problems' swiping your card, this is something that happens a lot at petrol stations and was the reason i lost 4k out of my account, but thankfully got it back.
As much as people look at the internet as being unsecure, it's actually the real world where a lot of the fraud still occurs, a friend of mine had his account emptied a week after he was at a restaurant, his card was cloned on that day, then bundled in with a hundred or so other peoples details and then sold to criminals who went round and emptied the accounts.
I had my account emptied by phone banking. Best to stick it under the mattress.
The main places i'm led to believe are Petrol Stations, Restaurants.
Re the Landline and Mobile thing it has long been accepted that mobile calls are open to certain methods of abuse as are blue tooth or wire less head sets.
I had payments for Tesco and Amazon so its possible it was with them will be informing them shortly.
No idea about the latter, but aren't digital mobile phones effectively secure unless you're being targeted by someone with a lot of skill and significant resources, i.e. not your average scammer?it has long been accepted that mobile calls are open to certain methods of abuse as are blue tooth or wire less head sets.
I'd go with the dodgy restaurant / petrol station / cash point theory rather than your mobile being tapped.
Petrol stations can be an absolute bugger. When I was younger, and associated with some less than reputable people (not the upstanding pillars of the community here on tz-uk :wink: ), I heard from various sources that card details were regularly stolen at petrol stations. I've never used my card at petrol stations and would recommend eveyone to do the same.
Not always. And the more they become like computers, they more you have to watch out.
Backdoor in top iPhone games.
Best wishes,
Bob
exaclty.
Good luck everybody. Have a good one.
In this regard i wonder sophos (antivirus soft company) has issued a mobile phone antivirus.
I am very happy with it in my computer (i got it free as a student at my university).
:bom:
My wife and kids clear mine on a monthly basis :cry: :evil:
I make sure my card isn't taken away at Restaurants out of my sight. If they don't have portable PDQ machines then I go to the till and watch it all happen.
which is why one should be doubly careful when using debit cards as opposed to credit cards. as debit cards are drawn against your actual funds, it can be a very laborious process to get your money bank, if it is even possible. whereas with credit cards, the major companies are protected by insurance and it's usually not difficult to get the fraudulent charges dropped.
i have an bank-issued ATM card which also is a debit card and only use it for getting cash out of the machines. i never use it for any purchases or charges.
those who have poor credit or no credit may not be eligible for anything other than a debit card, but for those who do have credit cards, consider using them whenever you can in lieu of a debit card.
My understanding was that the original poster was suggesting that calls made over GSM are capable of being intercepted. My point, my understanding, was that it's possible although highly unlikely as whoever wanted to tap or intercept the call would need a high level of both equipment and expertise, certainly beyond the level of expertise and motivation likely of someone who is only interested in scamming random strangers. Surely even if the phone was compromised in some way, the transmission of the encrypted conversation over the network would be effectively secure?Not always. And the more they become like computers, they more you have to watch out.
Backdoor in top iPhone games.
Best wishes,
Bob
It happended to me a couple of years ago. Fortunately I was able to prove I didn't spend the money and I got it back. I believe the law has changed recently and the banks now have to instantly refund any money taken unless/until they can prove the account holder commited fraud. I would also advise anyone this has happened to to register with CIFAS who will prevent any further accounts being opened in your name without your approval.
I agree about not using petrol stations and cash points - I always try to get cash-back from a supermarket.
I very much doubt your bank account empyting was anything to do with a DDoS attack on a server that hosts TZ!
I think you have probably fallen foul of one of two main scams. Either:
(1) Your debit card being skimmed at a cashpoint or petrol station and your pin being compromised by someone watching you or a camera in the cashpoint.
or
(2) You being duped by a phishing scam.
I have had (1) happen to me twice. Both times the bank just asks for the details and refunds you your money. No big deal.
To protect against these scams:
(1) ALWAYS protect your PIN when entering it at the cashpoint or on a card reading device. Be alert to card skimmers placed over the cashpoint.
(2) Never click on a link to your Internet bank account from an email. Use a previously saved bookmark or type the address into the address bar yourself. Never disclose your details by email and make sure payment screens or Internet bank wesites are secure (have the padlock in the bottom right corner of the window).
Yep... I had £368 liberated from my bank account last week :twisted: With 5 or 6 further attempts at gaining funds, that were thankfully rejected...
No idea, how the card became compromised :( But all sorted now
My guess is that you used a cash machine with a card readed attached over the card insertion slot. They can be incredibly difficult to spot. There is also a miniature camera above the keypad. As you enter your card, the skimmer logs your card details from the magnetic strip. The camera records your PIN. The card is then cloned and the criminals use it to withdraw cash or make purchases.
What AV and firewall software were you running on your PC at the time ?
Pete
I only ever get cash at the local village post office.... The machines are inside, so chances of them being fiddled with is pretty remote...
I run a Jeep on LPG, and again cos I get it at a good price its cash only..... 99% of my on line purchases are done with a CC rather than my Debit card...
Obviously its been comprimised somwhere, but I'm really struggling to think where, and when.... :shock: :shock:
to avoid most problems use a Apple MAC
I had £2000 worth of designer goods order on my debit card earlier this year from the US, Shanghai, and Wales :shock:. And before anyone starts, no, I definitely didn't buy them. Phoned the bank up, couple of weeks later all money and overdraft fees returned to my account.which is why one should be doubly careful when using debit cards as opposed to credit cards. as debit cards are drawn against your actual funds, it can be a very laborious process to get your money bank, if it is even possible. whereas with credit cards, the major companies are protected by insurance and it's usually not difficult to get the fraudulent charges dropped.
i have an bank-issued ATM card which also is a debit card and only use it for getting cash out of the machines. i never use it for any purchases or charges.
those who have poor credit or no credit may not be eligible for anything other than a debit card, but for those who do have credit cards, consider using them whenever you can in lieu of a debit card.
Re what AV/Firewalls, i have 2 PC's well Laptops.
One was using Avast and the other AVG, i since changed from AVG to ESET.
I am always careful when I start and close my PC i have it swept by Advanced Windows Care.
I am also running anti malware products such as, Malware Bytes, Spybot and A Squared here and there as my PC got infected a while ago which caused no end of problems.
Regards
Ben
Got some of the money back not all, got to love the banks!
My PC went down soon after the "attack" Some malware that tries to restart the windows. AVG stopped it, but a new download of AVG seems to be struggling. The PC has been in the shop for a week.
KAZIMKENZO is right, get a MAC, my partner just bough a mac book and dumped this laptop to me whilst awaiting repairs. The MAC book is great. No requests to buy AV software either, and no need.
This laptop is so slow...... :(
Yes i had a similar problem with New AVG so i binned it!
Another NOD 32 fan here...
Got 4 PC's all running ESET and never had a virus... A few attacks, but none have got through :) :)
Internet Banking is safe, careless and sloppy use of PINs and cards is the main culprit. :|
How can you say that, I made two purchases online, from 2 reputable companies that i have used before on a number of occasions. I did not use my pin or enter it anywhere so how can you say that use is sloppy?
That happened to me, got the money back as soon as I gave the bank the crime number from the police.
It's quite possible that soemone working for the company you used sold your details or they might have shoddy confidential waste disposal. Nor would they need your pin, just the security number from the back of the card.How can you say that, I made two purchases online, from 2 reputable companies that i have used before on a number of occasions. I did not use my pin or enter it anywhere so how can you say that use is sloppy?
That sounds about right from time to time companies do have the financial details of their customers sold/lost on purpose etc. Yes all you need is the security digits and the card number but i thought usually most companies only sell to the address where the card is listed?
Companies like Amazon and Tesco do not retain your three digit security code (CVV2).
It's the seller's decision if they'll only post to the card holder's address or not. Many choose to accept the risk of posting to a non-cardholder's address even in the case of a first order if the CVV2 is supplied. Most will ship to any address after a successful first transaction to the cardholder's address.
It's also VERY important to remember to press the Logout button on the online banking. If someone has hijacked your session via wifi or cross site scripting this will deny them further access.I work in IT security and I have worked for banks in the past.
Technically - yes, this sort of attack is possible. However, it isn't possible in the context of problems with TZ-UK, it was a completely different method of attack.
In reality, I've never heard of it being done and I've never seen a case of it in the wild. It's theoretical only.
Remember:
Use secure passwords.
Use a different password for every website you use.
Change passwords frequently.
Run antivirus software and use your operating system's built in firewall.
I buy everything with my credit card and then clear it at the end of the month. My debit card only gets used in one cash machine which is the one near my house, other than that it just sits in my wallet being happily ignored. If some money gets stolen from me, it'll only be the bank's money. :)
I check all IP addresses of new forum registrations and got a new one today, the Indian IP address is a recorded "Dictionary Attacker". I don't know exactly how it works but they harvest passwords using a script which runs a list of words to seach for passwords on the basis that many passwords are words contained in the dictionary.
Eddie
Whole chunks of my life come under the heading "it seemed like a good idea at the time".
That's actually pretty worrying.
Pretty common activity to say the least. Have a look at:
http://bsdly.blogspot.com/2009/11/rickr ... -mary.html
For more information.
But only if you use the same password here as you do for banking, which nobody in their right mind should!
Posting Permissions
