Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Mac Community > Community Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 11, 2013, 09:06 AM   #1
RedTomato
macrumors 68040
 
RedTomato's Avatar
 
Join Date: Mar 2005
Location: .. London ..
Someone tried to take 33,000 from my account

Hello guys.

Just had an interesting phone call with Santander, a UK bank. Someone tried to transfer 33,000 (about $50,000) from my bank account on the 26th January.



Luckily the bank caught it and blocked the transfer. (I have nowhere near that much in the account!) After speaking with the Fraud Dept, it appears that someone was able to copy my internet banking logon, logged onto my account and tried to do the transfer to another UK account.

I only log onto my internet banking on my laptop, via an up to date Chrome, and only at home or work. The password details are kept in 1password.

So how did whoever it was get my details? (ps I never click on a Santander link in an email)
RedTomato is offline   0 Reply With Quote
Old Feb 11, 2013, 09:10 AM   #2
SilentPanda
Moderator emeritus
 
SilentPanda's Avatar
 
Join Date: Oct 2002
Location: The Bamboo Forest
There have been java exploits for the past several months off and on. But there's really no way to know the culprit. At least your bank caught it so you don't have to deal with being broke while they figure it out.
__________________
My 24 hour web cam!
SilentPanda is online now   0 Reply With Quote
Old Feb 11, 2013, 09:16 AM   #3
daneoni
macrumors G4
 
daneoni's Avatar
 
Join Date: Mar 2006
Could be an inside job or key-logging software.
__________________
15" rMBP Core i7 | 27" ACD | AEBS | 5G iPod | iPhone 5S | 3G Apple TV | rMini

Last edited by daneoni; Feb 11, 2013 at 10:09 AM.
daneoni is offline   0 Reply With Quote
Old Feb 11, 2013, 09:25 AM   #4
Zombie Acorn
macrumors 65816
 
Zombie Acorn's Avatar
 
Join Date: Feb 2009
Location: Toronto, Ontario
There must be some rich people who don't miss 50k when it comes out of their bank, not sure why they would try for such a large amount
Zombie Acorn is offline   0 Reply With Quote
Old Feb 11, 2013, 09:26 AM   #5
Shrink
macrumors Demi-God
 
Shrink's Avatar
 
Join Date: Feb 2011
Location: New England, USA
Quote:
Originally Posted by RedTomato View Post
Hello guys.

Just had an interesting phone call with Santander, a UK bank. Someone tried to transfer 33,000 (about $50,000) from my bank account on the 26th January.



Luckily the bank caught it and blocked the transfer. (I have nowhere near that much in the account!) After speaking with the Fraud Dept, it appears that someone was able to copy my internet banking logon, logged onto my account and tried to do the transfer to another UK account.

I only log onto my internet banking on my laptop, via an up to date Chrome, and only at home or work. The password details are kept in 1password.

So how did whoever it was get my details? (ps I never click on a Santander link in an email)
Now, about that loan I've been seeking...

__________________
Two things are infinite, the universe and human stupidity; and I'm not sure about the universe. -- Albert Einstein
Shrink is offline   1 Reply With Quote
Old Feb 11, 2013, 09:32 AM   #6
tekno
Banned
 
Join Date: Oct 2011
Santander are a Spanish bank.
tekno is offline   1 Reply With Quote
Old Feb 11, 2013, 10:30 AM   #7
Mercer
macrumors member
 
Join Date: Jul 2008
Location: North West, UK
They are a spanish bank but they also have banks in England..
__________________
Macbook, Mac Mini, Iphone 3GS (Waiting for Iphone 4.0)
Mercer is offline   0 Reply With Quote
Old Feb 11, 2013, 10:48 AM   #8
Macky-Mac
macrumors 68020
 
Macky-Mac's Avatar
 
Join Date: May 2004
Quote:
Originally Posted by Zombie Acorn View Post
There must be some rich people who don't miss 50k when it comes out of their bank, not sure why they would try for such a large amount
probably the crooks expect to get the money transferred, withdrawn the cash and then disappear before the money is missed
Macky-Mac is offline   0 Reply With Quote
Old Feb 11, 2013, 11:19 AM   #9
twietee
macrumors 68030
 
twietee's Avatar
 
Join Date: Jan 2012
Don't you need some sort of additional and unique Tan number (not sure how you call it) or other pin to confirm any transaction?
twietee is offline   0 Reply With Quote
Old Feb 11, 2013, 12:02 PM   #10
shinji
macrumors 6502a
 
shinji's Avatar
 
Join Date: Mar 2007
Quote:
Originally Posted by RedTomato View Post
Hello guys.

Just had an interesting phone call with Santander, a UK bank. Someone tried to transfer 33,000 (about $50,000) from my bank account on the 26th January.



Luckily the bank caught it and blocked the transfer. (I have nowhere near that much in the account!) After speaking with the Fraud Dept, it appears that someone was able to copy my internet banking logon, logged onto my account and tried to do the transfer to another UK account.

I only log onto my internet banking on my laptop, via an up to date Chrome, and only at home or work. The password details are kept in 1password.

So how did whoever it was get my details? (ps I never click on a Santander link in an email)
Anyone else have physical access to your laptop at home or work?
shinji is offline   0 Reply With Quote
Old Feb 11, 2013, 12:32 PM   #11
Dagless
macrumors Core
 
Dagless's Avatar
 
Join Date: Jan 2005
I've had the opposite problem. Tried to buy 2 return tickets to LA and an EOS 60D camera in the same month. Had both declined and my card cancelled, had to get a new card!
(I have a debit card, don't know if the rules are different)

But I'd rather that happen than someone else taking my money.
__________________
Maybe if everyone who'd ever been close to you had died, you'd be sarcastic, too.
Macrumors Steam Group
Dagless is offline   0 Reply With Quote
Old Feb 11, 2013, 01:15 PM   #12
Demonface
macrumors 6502a
 
Join Date: Mar 2012
Location: Jersey/Miami
The people who tried to take your money probably tried it on more than one account and they probably got through with one of them .
Demonface is offline   0 Reply With Quote
Old Feb 11, 2013, 05:27 PM   #13
RedTomato
Thread Starter
macrumors 68040
 
RedTomato's Avatar
 
Join Date: Mar 2005
Location: .. London ..
Quote:
Originally Posted by SilentPanda View Post
There have been java exploits for the past several months off and on. But there's really no way to know the culprit. At least your bank caught it so you don't have to deal with being broke while they figure it out.
Santander website doesn't use java. Chrome is set for all plug-ins to ask for a click to run (does wonders for disabling annoying adverts).

I never bothered to install java 7 for Mountain Lion. (upgraded to Mountain Lion 2 months ago)

Thanks for the hint though - I just now tested for java. No pref-panel, no java utility. After a search, seems I still have java 6 left over from Snow Leopard (never installed Lion). As far as I know, java 6 does not run in Mountain Lion without a bit of tweaking (which I haven't done). Tested in browsers and downloaded a couple of .jar apps. No functionality here.

Quote:
Originally Posted by daneoni View Post
Could be an inside job or key-logging software.
Inside.. hmm. Key-logging - not sure how on OSX - my macbook is pw-protected.

Quote:
Originally Posted by Mercer View Post
They are a spanish bank but they also have banks in England..
Santander took over a british bank, Abbey, a few years ago. I had an account with Abbey, which then became a Santander account.

Quote:
Originally Posted by twietee View Post
Don't you need some sort of additional and unique Tan number (not sure how you call it) or other pin to confirm any transaction?
Yup, a OTP, One Time Password. If I transfer money via the website, it texts my phone with a passcode, which I need to enter on the website. Thanks for reminding me. I didn't get any passcode text linked to this fraudulent transfer. I'll bring that up next time I talk to them, if I get a chance.

Quote:
Originally Posted by shinji View Post
Anyone else have physical access to your laptop at home or work?
Nope. It's my baby and only I use it Belongs to me, not to work. Has a login password and a wake from sleep password (if sleep for more than 1 hour)

Quote:
Originally Posted by Demonface View Post
The people who tried to take your money probably tried it on more than one account and they probably got through with one of them .
if they had bothered to try a transfer for an amount that I actually had, they might have succeeded. Not sure how without activating an OTP request though.
RedTomato is offline   0 Reply With Quote
Old Feb 11, 2013, 05:41 PM   #14
SilentPanda
Moderator emeritus
 
SilentPanda's Avatar
 
Join Date: Oct 2002
Location: The Bamboo Forest
Quote:
Originally Posted by RedTomato View Post
Santander website doesn't use java. Chrome is set for all plug-ins to ask for a click to run (does wonders for disabling annoying adverts).
I'm still not blaming Java but both Java 7 and 6 had recent security holes. Just because Santander doesn't use Java doesn't mean another site you visited wasn't and then installed something which monitored your logins on other sites.
__________________
My 24 hour web cam!
SilentPanda is online now   0 Reply With Quote
Old Feb 11, 2013, 05:58 PM   #15
Renzatic
macrumors 604
 
Renzatic's Avatar
 
Join Date: Aug 2011
Location: Who puts the washers in the woods?
Quote:
Originally Posted by RedTomato View Post

I only log onto my internet banking on my laptop, via an up to date Chrome, and only at home or work. The password details are kept in 1password.

So how did whoever it was get my details? (ps I never click on a Santander link in an email)
How complicated is your password? If it's something relatively simple, whoever did it could've brute forced it by trying to log in once or twice a day over a month or two. Just hitting it up enough to keep the failed logins to a bare minimum so as not to raise suspicion.
Renzatic is offline   0 Reply With Quote
Old Feb 11, 2013, 10:12 PM   #16
Demonface
macrumors 6502a
 
Join Date: Mar 2012
Location: Jersey/Miami
Quote:
Originally Posted by RedTomato View Post
Santander website doesn't use java. Chrome is set for all plug-ins to ask for a click to run (does wonders for disabling annoying adverts).

I never bothered to install java 7 for Mountain Lion. (upgraded to Mountain Lion 2 months ago)

Thanks for the hint though - I just now tested for java. No pref-panel, no java utility. After a search, seems I still have java 6 left over from Snow Leopard (never installed Lion). As far as I know, java 6 does not run in Mountain Lion without a bit of tweaking (which I haven't done). Tested in browsers and downloaded a couple of .jar apps. No functionality here.



Inside.. hmm. Key-logging - not sure how on OSX - my macbook is pw-protected.



Santander took over a british bank, Abbey, a few years ago. I had an account with Abbey, which then became a Santander account.



Yup, a OTP, One Time Password. If I transfer money via the website, it texts my phone with a passcode, which I need to enter on the website. Thanks for reminding me. I didn't get any passcode text linked to this fraudulent transfer. I'll bring that up next time I talk to them, if I get a chance.



Nope. It's my baby and only I use it Belongs to me, not to work. Has a login password and a wake from sleep password (if sleep for more than 1 hour)



if they had bothered to try a transfer for an amount that I actually had, they might have succeeded. Not sure how without activating an OTP request though.
They probably hacked the banks system also. Who knows what they did ?
Demonface is offline   0 Reply With Quote
Old Feb 12, 2013, 03:30 AM   #17
RedTomato
Thread Starter
macrumors 68040
 
RedTomato's Avatar
 
Join Date: Mar 2005
Location: .. London ..
Quote:
Originally Posted by SilentPanda View Post
I'm still not blaming Java but both Java 7 and 6 had recent security holes. Just because Santander doesn't use Java doesn't mean another site you visited wasn't and then installed something which monitored your logins on other sites.
Java isn't working on my laptop. You cut out this bit :

Quote:
never bothered to install java 7 for Mountain Lion. (upgraded to Mountain Lion 2 months ago)

Thanks for the hint though - I just now tested for java. No pref-panel, no java utility. After a search, seems I still have java 6 left over from Snow Leopard (never installed Lion). As far as I know, java 6 does not run in Mountain Lion without a bit of tweaking (which I haven't done). Tested in browsers and downloaded a couple of .jar apps. No functionality here.
However they could have captured the login from back when I had Mountain Lion & functioning Java, then not used it for a month or two.

Quote:
Originally Posted by Renzatic View Post
How complicated is your password? If it's something relatively simple, whoever did it could've brute forced it by trying to log in once or twice a day over a month or two. Just hitting it up enough to keep the failed logins to a bare minimum so as not to raise suspicion.
It's more like three passwords. First page - a personal ID which is user definable, alphanumberic. If I understand the code (I don't really), the ID is sent in the clear, but the page itself is sent over HTTPS.

Code:
https://retail.santander.co.uk/LOGSUK_NS_ENS/BtoChannelDriver.ssobto?dse_operationName=LOGON

<form method="post" action="ChannelDriver.ssobto?dse_operationName=LOGON" name="formCustomerID_1" id="formCustomerID_1">
Get this wrong, and you never see the second page, so it's a bit hard to cycle through password attempts. The second page requires two passwords (?), both sent encrypted. (I won't post code from the second page).

The guy from Santander Fraud suggested I might have entered Santander in Google then clicked on whatever came up and thus gone through a man-in-the-middle attack. I try to avoid doing this but it is possible I might have gone through Google in a distracted moment. Both Chrome and Google have their own malicious website blacklist but it's possible I got taken in in that span between setting up a MITM attack and having it blacklisted.
RedTomato is offline   0 Reply With Quote
Old Feb 12, 2013, 12:30 PM   #18
Macky-Mac
macrumors 68020
 
Macky-Mac's Avatar
 
Join Date: May 2004
If you said, I missed it, but have you ever logged on to your bank from somewhere other than your own secure wifi? A friend had a password hijacked when he was using public wifi while on a trip
Macky-Mac is offline   0 Reply With Quote
Old Feb 12, 2013, 01:08 PM   #19
snberk103
macrumors 603
 
Join Date: Oct 2007
Location: An Island in the Salish Sea
Check the phone# listed on your account that they send the OTP to. If it is correct then the bank itself was hacked and/or it's an internal job.

You said you needed an OTP to transfer these kinds of funds. If the bank intercepted the transfer, it means someone had the OTP. And if it wasn't actually sent to you then it was internal. And if it was internal then there was nothing you could have done to prevent it.

A bank will never admit it was internally compromised. Which means that they have to make you believe it was something to do with you, without maybe ever actually accusing you of negligence. But if someone got your OTP, then it was internal.

I assume the bank will send an email to you when it detects a change in your security settings? One of those "If you did this, then you need do nothing - and if you didn't do this then someone else has on your behalf..." Then you sign in to check the security settings *not* using the link provided of course.
__________________
My friends, love is better than anger. Hope is better than fear. Optimism is better than despair. So let us be loving, hopeful and optimistic. And we'll change the world. - Jack Layton
snberk103 is offline   0 Reply With Quote


Reply
MacRumors Forums > Mac Community > Community Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Over 10,000,000 Galaxy Note 3s sold! rhinosrcool Alternatives to iOS and iOS Devices 23 Dec 18, 2013 04:08 PM
WIFI drops every 30 seconds on one admin account but works perfect on other account?? MBM007 OS X 10.8 Mountain Lion 7 Mar 20, 2013 10:44 PM
Obama orders federal pay freeze lifted, $1,000,000,000 in increases next year thewitt Politics, Religion, Social Issues 40 Dec 31, 2012 02:03 PM
iTunes Match 25,000 limit/Amazon Cloud Player 250,000 limit kingledley Mac Applications and Mac App Store 1 Jul 31, 2012 04:03 PM

Forum Jump

All times are GMT -5. The time now is 10:09 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC