Bank Fraud - how do they do it?

  HighTower 08:39 21 Nov 2007

A friend of mine was called by his bank after suspicious activity on his account. Turned out that over two grand was withdrawn from his account, more than likely by someone who logged in, set up a bill payment and transferred the money.

Question is how? I don't know a lot about this, but he's scanned his system and the worst that popped up was a couple of ad tracking cookies and a BHO which displays pop-up ads. He's been using Avast which updates daily so there were no viruses in there, and has the Windows Firewall and a router firewall on. He's scanned with Spy Sweeper and Adaware and nothing particularly sinister was detected.

Would the hacker have to have the results from a key logger before they can get the required passcodes for access to his bank? His codes are not written down anywhere and is unique for that bank account.

Or are there other ways? Going through his bins perhaps? I'm curious because he's now reluctant to use his computer but I'm not convinced that it was the source of the problem.

By the way, I'm not after a step by step instruction set as to how you hack bank accounts - I'd like to spend my time on the right side of bars, and preferably ones that serve fine wines.

  interzone55 08:55 21 Nov 2007

I would say that it's very unlikely that the crims have used his computer or anything on it.

Has he checked whether any new payments have been set up? I would say that one of the easiest ways of getting money from an account is to clone a debit card.

Can the bank give any details of where the money went? That would be the easiest way of tracking who took it.

  mymate 09:04 21 Nov 2007

Hasnt the bank posted him those card reader things ? you can only transfer cash around if you got one of those .

  mymate 09:06 21 Nov 2007

Just to add you have to put in your pin number to access your account on those card readers. I cant see how they could have transfered money out from his account that way.

  HighTower 09:26 21 Nov 2007

It was done by the hacker logging into his online banking account and setting up a bill payment, and then transferring the money to another account. The bank therefore know to which bank it has gone to (it's another UK bank), so I would have thought that in theory they could trace it?

The hacker must have therefore known his user ID, password and security question / answer.

And surely you can't just waltz in to a high street bank and set up a fake account? Can you? Maybe I'm being a bit naive!

  Si_L 10:39 21 Nov 2007

"And surely you can't just waltz in to a high street bank and set up a fake account? Can you? Maybe I'm being a bit naive!"

I went into Halfords to pick up my very expensive new bike, and I forgot the paperwork, and ID. The guy just asked me "Are you so and so" and I said "Yeah, thats me", and he gave me the bike. I ordered online, and he had never seen me before. A random person could have just walked in for it!

  jack 14:51 21 Nov 2007

The simple secure remedy to banking online is


I FE and all you others with a blind faith in technology will now be writing reams.

But if a clever guy can invent a 'secure' system another clever guy will bust it.

  Pine Man 15:29 21 Nov 2007

Spot on.
Stick it under your mattress, nobody will find it there!
Interest rate is a bit naff though;-)

  Bingalau 15:39 21 Nov 2007

I'm always a bit wary of people in the vicinity when buying from a supermarket. If you use your card, make sure no one can watch you as you put your pin number in. I've stood away from the cash desk in the supermarket I use and watched how other people do it. Some of them don't attempt to shield their number as they put it in. I think a lot of customers are getting used to doing it now and have forgotten basic security. I know the crooks need other details as well but they are "crafty" crooks after all.

  griffon56 17:07 21 Nov 2007

I, too, would like to know how it's done, not in specific detail with real data but as a train of real actions which would have to be carried out, and with an explanation of where and how the data could come from to make the technique work. I currently don't know a thing about such things and feel that it would be useful knowledge - any offers?

Is it possible that your friend is not telling you the truth and the whole truth? There must be a measure of shame in admitting that someone has drained your account, especially if, at the back of your mind, you've got an idea that it was some mistake you had made. Perhaps a Debit Card was allowed to leave the dinner table and got cloned, or a Bank statement thrown away carelessly.

  HighTower 17:25 21 Nov 2007

I'm 100% sure that what he says is how it is, and the bank will be getting back to him in due course so it will be interesting to hear what they say. I don't think that these days there is any stigma attached to anyone who has a card cloned, as the criminals are so bloody sneaky and more innovative every day.

I spoke to someone else today who told me that they had £25,000 taken from their account a few years ago by the now well known scam of emails arriving which look like they are from your bank. He says he felt really stupid, but it looked so authentic and they were relatively unknown then. He got the money back thank God! Luckily I don't need to worry about this as I have nothing like £25,000 hidden away!

But yes, back to the thread - if it's as he says it is, which I believe it is, then I would like to know how it's done so I can protect myself against it. If it's a key logger how did it get past his security software. If it was a wireless hijack how did they get through his router security?

Lots of questions here that I would love to know the answers for, regardless of whether people think internet banking is a good or bad thing.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 hack: How secure is your Wi-Fi?

Add Depth Of Field to a photo using Tilt Shift Blur in Photoshop

iPhone tips & tricks

Les meilleures tablettes 2017