:wtf:
sitting in front of pc and sms from standard bank that my wifes login detail etc have changed - she is overseas so I'm like :wtf:, but I login and everything looks ok, then sms again and then again, so im like :wtf: again and go login and this time I'm blocked out, so I call standard but they wont speak to me cause Im not the account holder, so obviously now panic and overseas phone calls, anyhow thank goodness for voip, cause banks keep you on the line for hours, anyhow took 2 - 3 hours to sort out, but standard said they tried to access her accounts from a non standard bank link - and they noticed and then blocked all access and canceled all cards, credit cards etc all blocked, and funds all safe.
I can only assume one of her cards were skimmed somewhere cause all pcs at home have standard bank rapport and other anti malware software.
Anyhow nerve racking to say the least!

:( :mad:

greedy bastards!!!...trying to take money that's not theirs

Scary stuff.

Someone fell for phishing if it was accessed by a non-standard Standardbank address I think.

Im confused, they changed her bank login details? But the sms's still went to you?
How do you change that without the OTP? Does it send an OTP for changing bank login details? Even if they didnt, all they could do was transfer money between beneficiaries and accounts, and thats it.

What does skimming cards have to do with this? If they skim your cards, you would have money drawn, not someone logging into your internet banking?

Whats a non Standard Bank address?

Whats a non Standard Bank address?

www.stdbenk.co.za or www.standardbank.mysitegotowned.com Basically phishing websites.

Someone fell for phishing if it was accessed by a non-standard Standardbank address I think.

normally i would say yes, but impossible as she was overseas and anything that remotely looks like a bank email is trashed


Im confused, they changed her bank login details? But the sms's still went to you?
How do you change that without the OTP? Does it send an OTP for changing bank login details? Even if they didnt, all they could do was transfer money between beneficiaries and accounts, and thats it.

What does skimming cards have to do with this? If they skim your cards, you would have money drawn, not someone logging into your internet banking?

I can only assume card was skimmed or her account details were used because they are readily available as she runs an online business, so they used those to login, or they tried to figure a way to login.
how they changed the login details without the OTP being sent is something that she will have to investigate when she gets back.
If they can change login without a OTP Im assuming they can add beneficiaries without one?

bottom line is they were blocked but she is back today and hopefully standard will offer further insight - I am also keen to know what they meant they tried to access from an external link.

normally i would say yes, but impossible as she was overseas and anything that remotely looks like a bank email is trashed
I can only assume card was skimmed or her account details were used because they are readily available as she runs an online business, so they used those to login, or they tried to figure a way to login.
how they changed the login details without the OTP being sent is something that she will have to investigate when she gets back.
If they can change login without a OTP Im assuming they can add beneficiaries without one?
bottom line is they were blocked but she is back today and hopefully standard will offer further insight - I am also keen to know what they meant they tried to access from an external link.

I would like to know the outcome of the investigation. If the OTP stuff gets changed, thats scary, really scary. And std bank should be shot

"was accessed by a non-standard Standard bank address".

If they used a "non SBK address" they it would not have come through to SBK....

Duh!!! Dumb-stupid call centre nit-wit.

Likely rather they picked up "suspicious" activity. They have fairly good algorithms for that. Or something else, but definitely not that brain-dead explanation.....

Intense!

I have a few questions I would like her to ask, but I think standard may not be forthright with their answers and they are:

1. How did they gain access to her account - it can't be from a phising site, unless their Rapport software doesn't work, and even then it would be extremely unlikely.

2. What alerted Standard to the fact it was a hack attempt? As burfot suggested, it was probably "suspicious activity" but what exactly?

3. how did they change her login info without a OTP being sent? That is the main one I'm worried about, because if they can do that, then they can have complete control over all your funds.

so yeh kudos to standard for blocking this while in progress, but still so much to worry about.

I can only assume one of her cards were skimmed somewhere cause all pcs at home have standard bank rapport and other anti malware software.


It's impossible to hack into your online banking account by skimming a card.

Story sounds all kinds of sketchy.

Glad to hear though that the funds are safe.

Probably they mean by non standard bank site that they used another site to send POST or GET calls to the official STB website which returns the response to the phoney website. Can use a custom made application to do this aswell but im sure STB would have thought of this and checked the HTTP headers and amount of requests from a single IP... right STB?

It's easy enough to intercept and stop an sms if you know someone "on the inside".

Oh, and had a highly dodgy experience getting logged into someone else's account the other day; one of the big banks. Screenshot + sent it off to the bank concerned with an explanation of what happened, but no response :eek:

:D


http://www.youtube.com/watch?v=zPGjeAPrLog&feature=related

It's easy enough to intercept and stop an sms if you know someone "on the inside".

Oh, and had a highly dodgy experience getting logged into someone else's account the other day; one of the big banks. Screenshot + sent it off to the bank concerned with an explanation of what happened, but no response :eek:

Where there is a will, there is a way.

People will go to any lengths to steal.

I have noticed an increase recently in the amount of Standard Bank and ABSA phishing spam I am getting and they are getting more sophisticated as time goes by.

Wonder where the ****ers got my email address? :mad:

I have noticed an increase recently in the amount of Standard Bank and ABSA phishing spam I am getting and they are getting more sophisticated as time goes by.

Wonder where the ****ers got my email address? :mad:

People on the inside... You wouldn't believe the details that average workers get access to at financial institutions, telcos, etc etc...

Sorry to hear. Let us know what comes of it.

I was ridiculed for suggesting an inside job in my thread here: http://mybroadband.co.za/vb/showthread.php/170794-Internet-Banking-Fraud-Standard-Bank?highlight=

To be honest I still don't know the true outcome of this story other than countless polygraphs within the client's business as well as questions from within the bank itself. My feelings are that they (the client) would've been sunk had this not been resolved and they're still going so I think it was resolved one way or another.