Banking security
 

How often do you change PIN #s and passwords etc on your accounts? Bank accounts, email accounts, Facebook, Britishexpats...

Somehow today a fraudster helped himself to $480 of my money. They managed to set up an interac payment from my account to somebody who had a name very similar to a friend of mine but not to his email address.

The bank is investigating. During that time I cannot use the account. It has been frozen! I can't even log in. They've told me it can take as much as 10 working days! I'm just hoping I get the money back!

So a word to the wise. At the very least change your passwords and PIN numbers regularly. Not just on your bank accounts but email, Facebook and anywhere else. Also use PIN #s that are not a memorable date.

These fraudsters are clever! You need to stay one step ahead of them.

Re: Banking security
 

So they did this via online banking you say ? Not thru using a copied bank card.

Chances are they hacked your PC computer or lap top. If you use your computer to buy stuff and then use a dodgy site there is a good chance you will get hacked and any passwords will be phished

Change everything else asap

Re: Banking security
 

And check you don't have a keylogger on your computer.. maybe use the on-screen keyboard for a while until you are certain?

Hope you get the money refunded asap.

Re: Banking security
 

But I only ever log in to my bank through my phone.
They have to have hacked in to my phone for any chance of finding the answers to the banks questions and the pin. That's assuming that somewhere on my phone there's a trace of the answers from when I've logged in before.
It's only an interac account, no debit so I can't buy online with it.
They also must have logged in to my email to "find" my friends name. Not that they were able to remember how to spell it!

Come to think of it I've been getting a lot of spam recently. Wonder if there's any connection?

Re: Banking security
 

As I said to magnumpi I only use my phone to log in to my account.
Busy changing passwords now!

Re: Banking security
 

Just out of interest is it an Android or IPhone

I wonder how often u use open wifi ? Like McDonalds or Tims. This type of wifi connection is unsecured and info on your phone can be stolen quite easily

Also just to add, make sure Bluetooth is off, as that is another way hackers can gain entry into your phone

Re: Banking security
 

There are keyloggers that can be placed on phones too, via an app or similar.

Re: Banking security
 

This is true, usually via a dodgy email link that needs clicking on or a free game with a nasty add on surprise!!

It's Important you remember where u have used your cell, that may well be where u got hacked. then u know not to go there or do the same thing again :@)

Re: Banking security
 

Well coincidentally over the last few days I was getting lots of spam. Maybe 6 or 7 spam emails every day. Maybe not a coincidence?
I use my phone in Tims sometimes using their wifi. That's the only place.
I downloaded Candy Crush (yes I'm embarrassed!) about 10 days ago...
Otherwise nothing new.

Re: Banking security
 

Too many passwords to change. I don't know how much can actually be "done" to prevent this kind of crime. It seems as though if you are unlucky enough to be targeted by a hacker, then whatever steps you have been taken will be inadequate anyway. Perhaps not using your device in a public place decreases vulnerability somewhat, but then what's the point of having mobile access in the first place. At one point the banks (in the UK at least) were using those calculator style PIN entry devices to enhance banking security, but now even that seems to be sacrificed to the convenience of just being able to bank on your phone.

Re: Banking security
 

It seems a bit like bicycle thefts. The person determined to have your bike will get it and the best you can do is to deter the opportunist who will go for the easier target (someone else's bike) instead.

I wonder about password managers. Don't they just put your passwords in one convenient place for a hacking expert?

Someone clever enough to hack into a computer - possibly having some knowledge of the victim to begin with - how does a password manager prevent that? Don't you need a password to access the manager?

Mine stopped that a few years ago but I think that was more to do with me making the same 'bill payment' and nothing else. From something I vaguely recall seeing more recently, I think if I were to set up a new payment, it might be needed again.

So there's more risk if using a phone or public wi-fi? I'll continue to avoid that.

Many moons ago (pre-internet) I had a renewal credit card intercepted - back when you had those tear open slips that obviously announced to anyone seeing it that it contained a PIN and was, thus, an announcement that a card would follow :rolleyes: - and several purchases (mostly out of town) were made before the bank phoned me.

Early internet days (for me :o) something I subscribed to and then cancelled...I found once that the monthly payment was taken. I checked previous statements and saw it three times over about 8 months. I would probably have noticed had it been every month.

Small amounts but added up with other victims I suppose it adds up.

$480? Big enough to be easily noticed but why stop at that?

I like to think one look at my bank account and a hacker won't bother.

Re: Banking security
 

What irritates the most - apart from the obvious missing $480 - is that the bank emailed me at 4:15pm yesterday stating "orange alert - did you generate this interac to this person"?.... At 4:16 another email came through saying the person had accepted the money. Surely if the bank suspected something they should have stopped the transaction until I had called them to authorize/decline!

Re: Banking security
 

This seems very much dependent on the bank I think. There's much more of a delay with some banks than others between the timing of something actually happening and the time of an email notice.

I've seen differences as much as a couple of hours apart, so that 4.16 email may have been delayed and the acceptance could have been an hour earlier.

Having said that, if an orange alert is triggered, surely they need to have some procedure whereby that's accounted for before the recipient is even notified.

Re: Banking security
 

You have clearly been hacked, if someone can generate the transfer and also accept it.

Re: Banking security
 

Really sorry to read that & I'm sure it happens to many folks & trust that you get it sorted ASAP.

We don't do on-line banking, we don't have a 'smart phone' & I know since we've been told many times 'we are in the dark ages'. Someone on BE has mentioned a few times "who goes inside a bank these days to do banking" - well that's what we do.

Inconvenient, no not in the least, its just us

My wife doesn't have a bank card or credit card, just her bank book.

I have a bank card from when they first came into use & used it to withdraw money when I needed it when I was working.

Since being retired I do not use that card ever in any ATM or at the named bank kiosk other than when I go to the bank to withdraw cash from the teller.

On a day to day basis, we both pay cash for everything

I have one credit card that usually gets used once per year for a flight to the UK (never ever an on line, only with a live agent) or big ticket items above $1000 in a store, otherwise its always cash. No on line purchases ever

On the PIN, I worked with someone that was in banking that advised to change the PIN at least once per year & if someone had a credit card to call in that it was lost as frequent as once per year, even though it was still in your possession.

To keep any cards that have electronic strips on them that you have in your pocket, wallet, purse should always be in a metal sleeve so they cannot be iced.

How many of you change you social media passwords at least once per year?

Re: Banking security
 

Don't use the open wifi from that Tims anymore

And we're did u download Candy from? Was it Facebook or from ITunes or Google play store or what ever Android call it now? Candy Crush is known to have mirror copies with malware !!! :ohmy:

So i did I little more digging and it don't matter were u get these popular apps from, they still get you, the Android phones are more prone to the hack IOS less so

In case any Indian Android user downloaded Plants vs Zombies, Candy Crush or Super Hero Adventure from Google Playstore between November 24-30, 2013 and on November 22, 2014; then there is upto 74% chance that their Android OS has been infected with a virus.

This new, scary fact was revealed by ESet, which is an IT security firm based in Bratislava, Slovak Republic. As per their analysis and research, ESet discovered that hackers were able to install backdoor Trojan virus, malwares and other deadly ingredients directly into the ignorant victim’s smartphone using the official Google Playstore platform.

So if they did it back then then they can do it now !!!!

More reading

https://www.google.ca/amp/s/www.expr...?client=safari

So.... My wild guess is you are using a Galaxy Note or 7 running Android, the spam is add ware infecting your cell.! Good chance it's from the Candy App. If it was my cell I guess I would format it and start again. Malware is almost impossible to get rid of. Also ask friends if they have had any weird emails from you, if so, ask them to delete the emails

Re: Banking security
 

Top tips for not getting hacked:

1 - Use long easy to remember passwords everywhere (e.g. "cheese_and_pickle_sandwiches") or something. Don't bother trying to be clever with number/letter substitutions.

2 - Don't use a password in more than one place (this is how most people are hacked, their ashleymadison password is the same one as they use for banking)

3 - Enable 2 factor authentication wherever it is offered.

Re: Banking security
 

Man, I like your posts, but after reading the ones in this thread maybe you aren't the best person to be giving out IT security advice yeah?

Re: Banking security
 

Take all internet advise as is. And use open wifi if you like, to download all your free games, I don't mind, it was just my take on cyber crime.

I seen Mr Robot you know !! ;)

https://www.google.ca/amp/www.howtog...?client=safari

Quote: “Don’t do your online banking or anything sensitive on a public Wi-Fi network.” The advice is out there, but why can using a public Wi-Fi network actually be dangerous? And wouldn’t online banking be secure, as it’s encrypted?

There are a few big problems with using a public Wi-Fi network. The open nature of the network allows for snooping, the network could be full of compromised machines, or — most worryingly — the hotspot itself could be malicious.

Re: Banking security
 

Maybe if your posts on the subject didn't read like you've just googled some random IT buzzwords.

Re: Banking security
 

Perhaps you have some words of wisdom for the OP regarding the potential for hacking when using free wifi and downloading keyloggers etc., as you seem to have knowledge of IT security?

:confused:

Re: Banking security
 

I'm not. But i can tell when people are acting like man down the pub experts.

Re: Banking security
 

This week I was contacted by someone I used to work with. We soon established that that was thirty years ago. A joke about her name is still my password for most things.

The problem with using a different one is that I will forget it, I can write it on the wall or email it to myself, neither of which are very secure, or I can deal layer upon layer of captcha when I try to log on. That typically results in me deciding that whatever I'm trying to access isn't that important anyway.

Rather than try to be secure, it makes sense to me to check for hacking reasonably often and, when there's an issue, to rely on the bank or credit card company's insurance.

Re: Banking security
 

Has it not occurred to you that they are just trying to help the OP?

Unless an IT expert, most of us would need to google.

There's really no need for mud slinging.

:frown:

Re: Banking security
 

Sometimes bad advice is worse than no advice.

Without knowing the details of OP's situation it is impossible to give advice that is not generic and basically common sense. This doesn't involve scaring people with random stuff about trojans, viruses, malware, keyloggers etc.

If this was a medical question everyone would be telling OP to go to a doctor. They wouldn't be diagnosing AIDS.

Re: Banking security
 

Sorry magnum, nothing against you, but i'm with Alan here. To specifically refute, however:

Honestly, this is good advice, don't use your banking app on open wi-fi. If you just want to check your balances or whatever, wait until you're at home or work or use your data. Its very easy for someone to sit across from you at the tims and siphon your data off of the non-password protected wifi network.

This isn't anything to worry about so long as you download it from the legit Apple app store or Google play store, there are no "malware" versions of Candy crush on either store. I don't see any reason why DandNHill would have gotten it from elsewhere. And besides, with android, installing apps from places other than google play requires you to enable a specific setting on the device. So I think its OK to rule this out.

Not really so if you just install apps from the official Play store, which 99% of consumers do just that.Nope.

My guess is the spam messages in the email account are a correlation, first step is to check the computer for viruses/spam, I suggest using Malwarebytes http://ninite.com/malwarebytes - and once the computer is clean (or from a second computer), change all passwords to email, online banking, etc, and don't use the same password on each account. Also get a new client card/credit card number from the bank.

HTH

Re: Banking security
 

My banking password is different from anything else as the bank requires exactly 5 numbers no letters or special characters. Pretty much every other website wants a lengthy password with numbers, letters, lower case and upper case etc.

I change my email a few times a year on average, or when google thinks someone has attempted to access my email, but it's usually the result of me not turning off the VPN it seems.

ATM card pin has been the same since the 90's, its only used on the card and nowhere else.

Most of the month the bank has 0 dollars in it, so any thief would be disappointed for the most part, only a few hours a month there is any money actually in there.

I haven't had any banking fraud since the early 00's and that time it was still when merchant receipts for credit and visa debit printed the entire account number and expiry date on the receipt still, and the thief was an employee at the last place I had used the card, the dork used the number at his workplace literally 20 mins after I was there so was easy for the bank to solve, but it tied up all my funds for 2 weeks, which was very difficult.

Re: Banking security
 

I doubt I would have used the bank app when at Tim's. I only use their wifi so I don't use my data while there for looking up stuff on the net. Certainly if I had it would be several months ago.
Links JS mentions nobody can steal from his account because there's no money on it, the only reason they took $480 was because there was only $491 in total on that account. I use it for my daily/weekly spending and have another account for bill payment etc.
About ten days ago I was getting a lot of spam which I don't usually get. I wonder if that was connected. But the worrying thing to me is how they managed to get through a password and a pin. The three secret questions have answers that even my husband who knows most things about me wouldn't be able to answer. Then they sent the interac to somebody who has an almost identical name to a friend of mine with whom I exchange emails.

It's scary what these criminals can do. I had a very hard time dealing with it on Tuesday. I felt very vulnerable but I'm over it now and just waiting for the bank to give me my money back. Will I use Internet banking again? I don't know. It's so convenient but I don't want this situation to happen again!

Re: Banking security
 

Plenty of helpful people gave me medical advice when I was sick Allan, some not so great advice, most tried to help tho, and that advice led me to the emergency room, soon after I had my heart fixed up and unblocked.

I took some advice and ignored others. It's the internet that's how it works.

Read, think, use common sense and ignore what u think is crap

So knowing what we know now it looks like it may have been a phishing email and the OP has changed passwords since so all is good now :@)

Re: Banking security
 

something to be learned from the above

I'll take magnumpi's 'helpful' advice with his 'LMGTFY' infomation & that from others (discard what I don't think is relevant) to say that I will never ever use a smart phone, or take my computer to do anything personal on it in a wi-fi public place, that I will never shop on-line, do any 'stupid gaming' or 'App downloads' & definitely 'never do on-line banking', because if I did I would know from this thread that there is a chance that I could get hacked.


.

What an eye opener eh!

Re: Banking security
 

You're right. It is an eye opener. Hoping this is the first and last time it happens to me! Considering how to deal with my banking going forward...

Re: Banking security
 

If you don't use email transfer, maybe check with the bank and see if that function can be turned off for your account?

Re: Banking security
 

Is that the option? I get paid that way. I send money to hubby for my share of the bills that way. Do I have to go back to going in to the bank?

Re: Banking security
 

I am not sure, just thought it could be an option if you didn't use the service. I know banks (some anyhow) can turn off other services to accounts like tap and go type payment where a pin isn't required, thought email transfer could be the same.

Re: Banking security