Banking scam

DrBlueBob said:
I have no idea. As @Prestwich_Blue suggested, it could be nonsense but for the sake of not clicking a link I would think it worth being wary. Click in haste and repent at leisure.
Click to expand...
Some of the links could contain a virus at the very least, that’s as good a reason not to click anyway. I know fraudsters are now trying to intercept OTP’s but they have to get the info by speaking to the victim.

I’m almost sure scammers wouldn’t be able to empty a bank account from a link being clicked.
 
hammocity said:
Some of the links could contain a virus at the very least, that’s as good a reason not to click anyway. I know fraudsters are now trying to intercept OTP’s but they have to get the info by speaking to the victim.

I’m almost sure scammers wouldn’t be able to empty a bank account from a link being clicked.
Click to expand...
You are very possibly correct Sir.
 
hammocity said:
Bearing in mind a lot of banks use OTP’s with text message data I don’t see how clicking on a link could empty a bank account. I use Santander for my Business and Nationwide for personal use, there’s multi layers of security especially when paying someone or a new company for the first time.

I’m not dismissing your advice but I’m intrigued to know how this could possibly happen.
Click to expand...
If the link led onto it silently installing something (on older Android and Apple OS's), then it could potentially hijack a Banking App in pre or even mid use.
ie It forces starting the 'fake' Banking App, that directly runs the real 'Banking App' in the background.
The 'fake' scrapes the output of the 'real' App, ie you input into the 'fake' and it pushes that in to the 'real' to get you logged in (including 2 factor authentication), after that it navigates around 'automatically' as required.
It could then 'hijack' your setting up of a new recipient when you do, showing you 'fake' info, whilst creating it's own recipient, and hey presto you authorise £xxxx (the max your bank account holds or the max that can be transferred without further checks) to a different recipient the 'fake' has control of, rather than £xx to the recpient the 'fake' preented to you...

Keeping Phone OS's (and Apps) up to date is the only way forward to protect yourself on phones.. As of today's date:
For iOS: iPhone 5S or 6, you need to be on 12.5.5. Anything newer than an iPhone 6 needs to be on 15.1. Anything older than an iPhone 5S should not be used for anything which requires security/privacy.
For Android: No idea, but the updating is too fragmented to document

Edit: The same could happen on a compromised PC/Mac using browser banking
 
Last edited:
I had a missed call from my bank (Barclays) last Thursday morning, also sent a text advising they had to confirm some recent activity on my account. The text was in a chain that had previous texts from them advising on branch opening etc, so was as genuine as I could ascertain.

I called them back but was by then feeling vulnerable, the girl I spoke with asked me to log in to my banking to check a confirmation message that I was speaking with her, I wasn't comfortable with this so she suggested ending the call and ringing back via the app once I had logged in, I felt happier doing that.

Once I had connected from the app the fella informed me that someone was taking money from my account and they had put a stop on further withdrawals until speaking with me.

Upshot was my card was cancelled, with my agreement, and a new one sent out, any money taken would be returned forthwith and that was that.

I haven't used my card in a shop or similar for ages, pay cash all the time, have made online purchases from my laptop, never used my phone to pay. So I, nor Barclays have any idea how my details were gathered.

Yesterday my wife checked our account and there was a payment for £34 odd which went out last Thursday, neither of us recognised it, it was a transfer via Wyre and mentioned Australia, called Barclays and they immediately put the money back in our account, just as they had done with the £80 from last Thursday.
So all ended well and fair play to Barclays for flagging it up in the first place, just shows how vulnerable we are though.
Be careful out there folks.
 
As an aside I keep my cards in a small plastic sleeve designed to stop cloning. No idea if it works but to date my cards have remained uncloned.

They only need to get you once to put a right old crimp on your day.
 
The rags are getting scammed for nearly 1 million a week from some bloke called Ronnie, do you think we should inform them - nah.
 
JASR said:
If the link led onto it silently installing something (on older Android and Apple OS's), then it could potentially hijack a Banking App in pre or even mid use.
ie It forces starting the 'fake' Banking App, that directly runs the real 'Banking App' in the background.
The 'fake' scrapes the output of the 'real' App, ie you input into the 'fake' and it pushes that in to the 'real' to get you logged in (including 2 factor authentication), after that it navigates around 'automatically' as required.
It could then 'hijack' your setting up of a new recipient when you do, showing you 'fake' info, whilst creating it's own recipient, and hey presto you authorise £xxxx (the max your bank account holds or the max that can be transferred without further checks) to a different recipient the 'fake' has control of, rather than £xx to the recpient the 'fake' preented to you...

Keeping Phone OS's (and Apps) up to date is the only way forward to protect yourself on phones.. As of today's date:
For iOS: iPhone 5S or 6, you need to be on 12.5.5. Anything newer than an iPhone 6 needs to be on 15.1. Anything older than an iPhone 5S should not be used for anything which requires security/privacy.
For Android: No idea, but the updating is too fragmented to document

Edit: The same could happen on a compromised PC/Mac using browser banking
Click to expand...

My banking app has a unique user selected greeting to prove authenticity.

How would a fake app be able to replicate it?
 
Fode N The Hole said:
My banking app has a unique user selected greeting to prove authenticity.

How would a fake app be able to replicate it?
Click to expand...
If it’s running the real banking app in the background (hidden), the fake one will just screen grab what it needs and show that appropriately. Your key presses into the fake app will be pushed into the real - only when it wants to change the recipient details and amoun will the fake send differently to the real.
The fake could also present, say, balances, transactions and totals, from the real, but remove the transactions it wants to hide, as well as adjusting totals and balances…

clever and devious.

edit: this is all very possible and has been done when accessing a fake banking website in a browser. I’m unsure whether the same is possible on an App, but I’d say it’s quite feasible , especially in Android.
 
My bank has my voice as my password along with a pin and log in code and the code they send to my phone , fort knox !
never use my phone to use internet banking
 
My wife just received this. Seems legit, because it's got those ticks by the company name, so I've told her to pay it from her own account.
712afc4c876eff9c5cdd73c7234697c9.jpg
 
You must log in or register to reply here.
Unread Posts

Don't have an account? Register now and see fewer ads!

SIGN UP
Back
Top
  AdBlock Detected
Bluemoon relies on advertising to pay our hosting fees. Please support the site by disabling your ad blocking software to help keep the forum sustainable. Thanks.