Someone tried to take £33,000 from my account

Discussion in 'Community Discussion' started by RedTomato, Feb 11, 2013.

  1. macrumors 68040

    RedTomato

    Joined:
    Mar 4, 2005
    Location:
    .. London ..
    #1
    Hello guys.

    Just had an interesting phone call with Santander, a UK bank. Someone tried to transfer £33,000 (about $50,000) from my bank account on the 26th January.

    :eek:

    Luckily the bank caught it and blocked the transfer. (I have nowhere near that much in the account!) After speaking with the Fraud Dept, it appears that someone was able to copy my internet banking logon, logged onto my account and tried to do the transfer to another UK account.

    I only log onto my internet banking on my laptop, via an up to date Chrome, and only at home or work. The password details are kept in 1password.

    So how did whoever it was get my details? (ps I never click on a Santander link in an email)
     
  2. Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #2
    There have been java exploits for the past several months off and on. But there's really no way to know the culprit. At least your bank caught it so you don't have to deal with being broke while they figure it out.
     
  3. daneoni, Feb 11, 2013
    Last edited: Feb 11, 2013

    macrumors G4

    daneoni

    Joined:
    Mar 24, 2006
    #3
    Could be an inside job or key-logging software.
     
  4. macrumors 65816

    Zombie Acorn

    Joined:
    Feb 2, 2009
    Location:
    Toronto, Ontario
    #4
    There must be some rich people who don't miss 50k when it comes out of their bank, not sure why they would try for such a large amount
     
  5. macrumors demi-god

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #5
    Now, about that loan I've been seeking...;)

    :D
     
  6. macrumors 6502a

    Joined:
    Oct 15, 2011
  7. macrumors member

    Mercer

    Joined:
    Jul 7, 2008
    Location:
    North West, UK
    #7
    They are a spanish bank but they also have banks in England..
     
  8. macrumors 68020

    Macky-Mac

    Joined:
    May 18, 2004
    #8
    probably the crooks expect to get the money transferred, withdrawn the cash and then disappear before the money is missed
     
  9. macrumors 601

    twietee

    Joined:
    Jan 24, 2012
    #9
    Don't you need some sort of additional and unique Tan number (not sure how you call it) or other pin to confirm any transaction?
     
  10. macrumors 6502a

    shinji

    Joined:
    Mar 18, 2007
    #10
    Anyone else have physical access to your laptop at home or work?
     
  11. macrumors Core

    Dagless

    Joined:
    Jan 18, 2005
    Location:
    Darkplace Hospital
    #11
    I've had the opposite problem. Tried to buy 2 return tickets to LA and an EOS 60D camera in the same month. Had both declined and my card cancelled, had to get a new card!
    (I have a debit card, don't know if the rules are different)

    But I'd rather that happen than someone else taking my money.
     
  12. macrumors 6502a

    Joined:
    Mar 13, 2012
    Location:
    Jersey/Miami
    #12
    The people who tried to take your money probably tried it on more than one account and they probably got through with one of them .
     
  13. thread starter macrumors 68040

    RedTomato

    Joined:
    Mar 4, 2005
    Location:
    .. London ..
    #13
    Santander website doesn't use java. Chrome is set for all plug-ins to ask for a click to run (does wonders for disabling annoying adverts).

    I never bothered to install java 7 for Mountain Lion. (upgraded to Mountain Lion 2 months ago)

    Thanks for the hint though - I just now tested for java. No pref-panel, no java utility. After a search, seems I still have java 6 left over from Snow Leopard (never installed Lion). As far as I know, java 6 does not run in Mountain Lion without a bit of tweaking (which I haven't done). Tested in browsers and downloaded a couple of .jar apps. No functionality here.

    Inside.. hmm. Key-logging - not sure how on OSX - my macbook is pw-protected.

    Santander took over a british bank, Abbey, a few years ago. I had an account with Abbey, which then became a Santander account.

    Yup, a OTP, One Time Password. If I transfer money via the website, it texts my phone with a passcode, which I need to enter on the website. Thanks for reminding me. I didn't get any passcode text linked to this fraudulent transfer. I'll bring that up next time I talk to them, if I get a chance.

    Nope. It's my baby and only I use it :) Belongs to me, not to work. Has a login password and a wake from sleep password (if sleep for more than 1 hour)

    :( if they had bothered to try a transfer for an amount that I actually had, they might have succeeded. Not sure how without activating an OTP request though.
     
  14. Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #14
    I'm still not blaming Java but both Java 7 and 6 had recent security holes. Just because Santander doesn't use Java doesn't mean another site you visited wasn't and then installed something which monitored your logins on other sites.
     
  15. macrumors G3

    Renzatic

    Joined:
    Aug 3, 2011
    Location:
    It's Never A Good Night To Have A Curse
    #15
    How complicated is your password? If it's something relatively simple, whoever did it could've brute forced it by trying to log in once or twice a day over a month or two. Just hitting it up enough to keep the failed logins to a bare minimum so as not to raise suspicion.
     
  16. macrumors 6502a

    Joined:
    Mar 13, 2012
    Location:
    Jersey/Miami
    #16
    They probably hacked the banks system also. Who knows what they did ?
     
  17. thread starter macrumors 68040

    RedTomato

    Joined:
    Mar 4, 2005
    Location:
    .. London ..
    #17
    Java isn't working on my laptop. You cut out this bit :

    However they could have captured the login from back when I had Mountain Lion & functioning Java, then not used it for a month or two.

    It's more like three passwords. First page - a personal ID which is user definable, alphanumberic. If I understand the code (I don't really), the ID is sent in the clear, but the page itself is sent over HTTPS.

    Code:
    https://retail.santander.co.uk/LOGSUK_NS_ENS/BtoChannelDriver.ssobto?dse_operationName=LOGON
    
    <form method="post" action="ChannelDriver.ssobto?dse_operationName=LOGON" name="formCustomerID_1" id="formCustomerID_1">
    
    Get this wrong, and you never see the second page, so it's a bit hard to cycle through password attempts. The second page requires two passwords (?), both sent encrypted. (I won't post code from the second page).

    The guy from Santander Fraud suggested I might have entered Santander in Google then clicked on whatever came up and thus gone through a man-in-the-middle attack. I try to avoid doing this but it is possible I might have gone through Google in a distracted moment. Both Chrome and Google have their own malicious website blacklist but it's possible I got taken in in that span between setting up a MITM attack and having it blacklisted.
     
  18. macrumors 68020

    Macky-Mac

    Joined:
    May 18, 2004
    #18
    If you said, I missed it, but have you ever logged on to your bank from somewhere other than your own secure wifi? A friend had a password hijacked when he was using public wifi while on a trip
     
  19. macrumors 603

    Joined:
    Oct 22, 2007
    Location:
    An Island in the Salish Sea
    #19
    Check the phone# listed on your account that they send the OTP to. If it is correct then the bank itself was hacked and/or it's an internal job.

    You said you needed an OTP to transfer these kinds of funds. If the bank intercepted the transfer, it means someone had the OTP. And if it wasn't actually sent to you then it was internal. And if it was internal then there was nothing you could have done to prevent it.

    A bank will never admit it was internally compromised. Which means that they have to make you believe it was something to do with you, without maybe ever actually accusing you of negligence. But if someone got your OTP, then it was internal.

    I assume the bank will send an email to you when it detects a change in your security settings? One of those "If you did this, then you need do nothing - and if you didn't do this then someone else has on your behalf..." Then you sign in to check the security settings *not* using the link provided of course.
     

Share This Page