Diesel

Thought we were pretty safe as I have Windows Firewall, McAfee Personal Firewall, Norton antivirus, and all various settings set to high/tight/b well ask me and we do regular scans including AOL's spy zapper too. Still, £600 was taken from missus online bank account yesterday. Luckilly the bank were on it and called us up to let us know something was a bit odd...

Seems to have happened due to a phishing e-mail to the missus requesting personal details 'to update their records'. She clicked the link, but twigged it and didnt send them anything. A 'keyboard presses watching' cookie was prob loaded however and captured her password etc when she later logged on to the account. A later scan using the bank's software caught the trojan and it is now deleted.

Dont really know what do do with it all or how many people get caught by this, as although I'd warned her of such scams before, it still half fooled her...

Be wary!

D

Abdabz

Blimey! I'm glad the bank are helping...
Its the reason why I wont use online banking, Im not savvy enough with the interweb to be able to save myself from situations like this. Its all a bit to clever and techy for me.
So every Saturday I go into my branch and talk to the banking totty about making deposits in their safe places

Brit_in_Japan

Phishing was the weakness, not the security features of your PC. As users we just have to be increasingly sceptical of any email we receive which requests our personal information or which uses a link to direct us to somewhere to enter personal information. Websites can be spoofed, so it's better to not follow any link and search for the proper website directly.

Also I think all financial websites should change their logon policy so that you only enter say 3 random characters from your password. That would prevent keyloggers getting direct access to your passwords and more chance of finding malware before they do real damage.

wrxtankie

LLoyds TSB run this sort of thing matey..

Mitchy260

How do they take money out of your online banking account though?

On lloyds you can only transfer money between the accounts you have opened with them! I was not aware that you can transfer money elsewhere?

P1Fanatic

Eh you being serious? BACS payment to any other account you want to as long as the details match.

Simon

Terminator X

iTrader: (7)

First Direct do this re their on-line banking.

TX.

Mitchy260

Yep my bad, just checked and i was wrong!

Although on lloyds tsb, you need to enter 3 random digits from your password

Diesel

This one does use this policy mate

D

Frosty The Snowman

Well since his missus didn't enter anything and they think it was a keylogger you would hope that the AV software would have picked it up.

I think they are going to have to move to some sort of randomly generated key that is displayed on the screen that lists say 20 letters and numbers including 3 of yours. You then enter the transposed characters and the key logger, or someone just watching the screen wouldn't have a clue

e.g

Displays the following

REAL agae34cksdyhjb
KEY guywovpakf94ni

Please enter your 1st 2rd and 5th character of your password

If your password was abcdef you would enter giw.

judgejules

Is this what the bank told you? Never heard anything so silly. A cookie is a small piece of text, by its nature, it is never executed it is only read from. Unless they dropped a malformed cookie of somesorts that overflowed a buffer somewhere, but we'd have heard about that one by now as everyone and their dog would be doing it.

Sounds to me the machine used was not up to date with its windows update security paches. Its reminder to people that banks never, ever send you emails asking to update their records etc and to always keep your PC up to date.

Dont spose you got the name of the trojan did you? I'd be onto nortons site and looking up why it wasnt detected!

Jules

NotoriousREV

What he said. Cookies aren't executable code. Maybe your browser settings allowed you to download code automatically or your missus clicked "Yes" when a dialogue box popped up.

ricardo

You only need one firewall - if you are running McAfee you can turn the Windows one off, otherwise they'll tread on each others toes...

Whatever it was that ran wasn't a virus, so Norton wouldn't see it, and the firewall(s) wouldn't help because you have already ok'd the browser connection to the Web. It also seems unlikely that it captured the password, since that's exactly why they use the method of asking for certain characters. It may be that they managed to drop some code on your machine so that when the browser connects to the bank it really connects to the bad guy server, it then loads the real bank pages through the bad guy server (so that it was really her connecting to the real bank, with the right credentials, but via the suspect system). Then they could wait until the login was done and add the transfer of 600 squid to the transaction.

If you haven't already got them I'd suggest two particular anti-spyware programs, SpyBot Search & Destroy and AdAware. I'd also suggest not using Internet Explorer. And always watch out for whether the padlock symbol is showing when you connect for financial stuff.

Stephb1986

Ive been getting these "spoof" emails off ebay and pay pal all fake asking to confirm my bank details and alsorts but considering i havent got a ebay account or a pay pal account i know its bollocks so any emails of that type should be reported to ebay and they usually sort it out within 24 hours saying either yes its off them or no its not
just dont click any of the links on the email they send

StickyMicky

i tried to buy something from eBay last week and when it came to paying by paypal it kept asking me to add a credit card to my account.

i was confused by this as there is a card on file, i kept retracing my steps over and over again, looking for anything which would suggest this was not a real paypal site, after 10/15 mins there was nothing i could find that would inform me this was a hoax, but have spent hundreds with paypal, this confused me......

twice i nearly added a card to my account, and kept stopping and rechecking everything, something did not add up, then i relised i had somehow added the wrong email address to my login (new works pc install) i had set this account up to sell with around 2 years back but never actually used it, and i had randomly used the same reversed "1st pets name with 4 digit code" as the password

GC8

Perhaps it was a tricky active-x applet which came with the email?

Diesel

Frustratingly I was away on a recce and the missus had to sort it out...

She wrote down that the bank spy scan spotted '2 malware found hacking cookie win32.trojan.exe'.

Sounds odd to me that any self respecting fraudster would call his work 'trojan'???

What the heck went on?

Whats with Norton? Surely some people have to get infected before they know what exists and can try to counter it???

She swears she didnt fill out the phishing form. Any insight very welcome!

D

+Doc+

A few banks text you after any online transferral, very handy imho.

J4CKO

iTrader: (1)

At this point my missus would remember what she spent the money on, after the Banks, Police, Interpol etc had been notified, she always goes for the complicated version when its usually simple.

It like the time she rang me at work to tell me another Concorde had crashed in France, onto a hotel, full of germans, uncanny, came off the phone stunned and then rang her back to ask if perchance she was watching a video.....