How do hackers do that?

I need some help to understand something: How do hackers empty your bank account? Don't banks demand some sort of proof before they send you a lot of money, I know that my broker does? And wouldn't that money go to your address anyways, don't banks require some sort of proof for an address change? Yet I know that it is being done, folks are losing money; how are the hackers able to get the funds transferred to them?

Thank you,
Acadia

 

If they have your debit or credit card no. they can have the money transfered with the card no. and pin. no questions ask. I have used other peoples credit cards many times(legally) through my ex business to purchase custom comp. parts and have never once been ask for an ID.

bigc

 

I had a client use an Internet Cafe overseas, they either had a camera, or more than likely a Keystroke Logger. They then used his own UN and PW on the banks site to clean out his account and transfer funds into another account...

Cheers

 

This is sort of cool, tech wise...

some ATM's have been tampered with so that the copy the information on the strip. Then they make a duplicate.

I'm not sure of the rest, probably the pin number is not on the card, but they get it anyways, by keylogging, hidden carmera, or by other methods I dont care to expand on.

Anyway, the bottom line is this: Do NOT use private ATM's, like the ones at convenience stores or liquor stores if it is not much harder to get to the banks ATM machines.

I don't know how common this stuff is, but just the same I avoid the small ATM


- handsOff

 

yeah, some people are also victimised by phishing out their entire details. oneday you'll get a mail saying that your bank account is going kaput unless you provide your secret information. the mail comes from a spoofed address ( e.g. support@visa.com ) and also has a webpage!! a lot of people fall for this.

social engineering is the easiest way to hack into something.

 

More information on this technique (including a picture) at MoneySavingExpert: What to watch for when withdrawing cash.

 

Let's see how good you are at anti-phishing, do the following test:

http://survey.mailfrontier.com/survey/quiztest.html

 

The Paranoid and Jeremy links were pretty cool.

in number seven of the test, isn't there a space in am azon.com in the from? sometimes its hard to tell...

I thought it was particularly cool in the ATM article that they showed actual photographs of the phony (modified, I mean) ATM. Even though I read about the problem before i did not know what to look for. Armed with this new knowledge, if I ever see the strip reader, or the spy cams, I will simply tear them off the machine, and turn them in to the police. For all you know the equipment will be withdrawn long before your suspicion is investigated. Think about it? How long would you leave the equipment in place? Just long enough to get a couple numbers, then run. When the heat is off you would install it again...briefly.


- HandsOff

 

I know all about that phishing stuff (famous last words) but that is not what I'm asking. After a hacker already has your passwords how does he get the bank to send him YOUR money?! How does he fool the bank into doing his will?

Acadia

 

Acadia, I think once the hacker has your passwords and logs in.......He is You! The Bank is giving You (Him) the Cash! He makes a big transfer to an account where he can physically go and withdraw it. By the time you realise....hacker and cash are gone!

 

So even if it is a huge amount of money, the bank will not bother to check and see if the other account that the money is going into is legitimate? I believe that brokerage accounts will not do that, but I guess banks are more insecure than brokers.

Acadia

 

My bank allows me to transfer up to £3,000,000 within my own accounts and up to £50,000 to other accounts using the Internet - I wish! I'll need to win the lottery first

 

Yup! As long as it has an account no. Technically all bank accounts are legitimate....otherwise they wouldn't be accounts. I would guess they use disposable accounts in fake names....and probably not use said account again once they have used it.

 

Thanks everyone for the info ... now I feel paranoid than ever ... but I guess that is a good thing.

Acadia

 

Every time someone swipes your driver's license or ID they get a wealth of info off of it! So, showing your ID has become a really watchful thing to do! They do NOT need to swipe it, alot of people will tell you they do, don't believe it!

If I can find the story I will post it here!

Marja

 

Here is the story that started my looking up all this ...stuff.

Wired News: Great Taste, Less Privacy
http://www.wired.com/news/privacy/0,1848,62182-2,00

Then there are these laws you could drive a load of Hummers through .....

Driver's License Information, Scanning or "Swiping" -
Civil Code section 1798.90.1. Prohibits bars, car dealers
and others from collecting by swiping driver's license for
any purposes other than verifying age or authenticity
of the license, check verification or when legally
required.

This is just the start of a California law, so you see what I mean, I just go elsewhere if they aren't satisfied, but how long will that last!

Sorry to make you uneasier, Acadia! You are not alone!!

 

about phising and all that. If banks wanted your details to keep upto date etc or what ever they say in the phising emails. wouldnt they do it through the post to you, the bank I mean or wouldnt they ask you to come into the bank in person. Just wondering.

how safe are you fro thsi type of activity if you dont do online banking I have occasionaly bought off the internet only a few times from sites that had that thawtw security thing. Is it still dangerous?

Michael

 

Hi Michael,
Most Internet banking and even Ebay never ask for personal information by email. The most they would do is ask you to visit their official site and they would not show the site URL in the email. When you login to your account the little lock should show at the bottom of your browser, hover over it and you should see the encryption data such as 128bits.

You can stop keyloggers dead by using a program such as ProcessGuard thus stopping malware from collecting your user info' etc. and sending it back to the cracker.

HTH Pilli

 

I think I'll stick with phone banking for a bit longer yet!

 

Also, I sort of wonder about the idea of having us sign the back of our credit cards...I mean, you loose your card, now the finder has both your card, and a copy of your signature!



- HandsOff

 

A friend of mine said something the other day that worried me a little. He said

I asked him why and he replied because they have to think.

Jimbob

 

That's why some people just write "See ID". But that would mean you'd have to show every store you buy something from your ID. So you can see the dilemma....

 

Bigbuck, I'm starting to rethink that also. Actually, one of the reasons I got my first pc six years ago was so I could do online financial stuff. Now I am seriously considering going back to the old technology, but if I do that, then I've got paper statements sitting in my mailbox all day until I get home.

Acadia

 

And why do you think that phone banking is safer? Ever heard of phone taps? Also if you use a cordless phone the possibilities for collecting your data are almost boundless.
Keep your money under the bed, buy a big dog and have lots of locks ROFL

 

So, how do banks do all that overseas banking and not get hacked - maybe they just aren't telling?

Do any of those encryptions tools help? There must be some thing an on-line banker could use?

I, personally, liked paying bills on-line, quit that for now, seems banks could be the biggest loser if they don't get up off the $$ and find a solution!

There has to be someone belonging to this forum who works in a bank, they aren't doing anything??

I hide my money under the mattress, the dogs chew it up- the cat spends it like it is going out of style. (Oh I forgot, IT IS!!)