How scammers get into your bank account

I went to a banker last week. I have separate account numbers for everything, internet banking, CC notification SMS. Received an SMS informing me I have won a RICA didn't believe it, 3 days later get the same sms on my other mobile phone. Coincidence or does this certain individual have a friend working at the bank. I am very puzzled and concerned. Banks should rather issue USB dongle thing or much better yet make use of GPS technology and see if you in the same area making internet transactions. If you not in your usual spot to allow u to do 1 or 2 transactions, then red flagging the account. They do it with debit cards when you want to withdraw from a retailer twice in 1 day.
 
I've been receiving tonnes of "SARS- Efiling Tax Return" and "E-filing Tax Return" (ABSA themeed) Emails on my address the past 2 months that I've registered ONLY on the FirstAscent website. I love my one time Email addresses that allow me to see EXACTLY who leaked my information online.

I am also receiving these phising Emails on my other accounts, but nowhere near the amount they flood in on my FirstAscent account...

I'd love to see how these hackers get past a second factor authentication that doesn't involve you entering an OTP into the compromised website AND when the IMSI number is being monitored too (meaning SIM clones won't work either) !
I suppose social engineering would be their best bet.
 
I've been receiving tonnes of "SARS- Efiling Tax Return" and "E-filing Tax Return"
Not me. The only emails I've been getting were from my bank...telling me to watch out for XYZ that is specifically targeting said bank. Never got the actual phishing mail that was being warned against...I guess google spam caught it.

AND when the IMSI number is being monitored too (meaning SIM clones won't work either) !
Do tell...I'm not aware of any IMSI monitoring? Not sure its even feasible...people switch phones all the time.
 
Strange how the banks or networks are not mentioning FICA.

The result of most scams = money transferred to other accounts before being withdrawn at atms.
Surely these accounts lead to people who actually own them, if the account owners details are fake, then the bank is at fault for not verifying FICA details correctly.

Ultimately, banks should be able to trace when the money goes to up until the atm.

Edit - also, its time that SARS and banking websites all use a higher level of ssl certs which atleast turn the address bar green.

I think these institutions owe it to their customers to provide training/help in regards to how to verify the website you are using. Example, how to look at the ssl cert and verify that its authentic.
 
Last edited:
Strange how the banks or networks are not mentioning FICA.

The result of most scams = money transferred to other accounts before being withdrawn at atms.
Surely these accounts lead to people who actually own them, if the account owners details are fake, then the bank is at fault for not verifying FICA details correctly.

Ultimately, banks should be able to trace when the money goes to up until the atm.

Edit - also, its time that SARS and banking websites all use a higher level of ssl certs which atleast turn the address bar green.

I think these institutions owe it to their customers to provide training/help in regards to how to verify the website you are using. Example, how to look at the ssl cert and verify that its authentic.

Uhm this is actually explained in the article. The scammer gets an innocent "friend" to lend them their account for a nominal fee (probably some random person he sits next to on a taxi). By the time someone finds the owner of the account, the scammer is long gone and the owner will have no clue what happened.

I wonder how long the banks take to trace people and how successful it actually is. We have all these RICA and FICA laws, but we never hear about any of this actually being used to capture any criminals. Is there any stats from banks and cellphones companies out there regarding this? Or is RICA and FICA, as we all suspected, just a bunch of mismanaged paperwork?
 
Last edited:
DJiceman....you did not read the article then did you ;)

They use legal accounts...

"One such trick is using the video camera on a smartphone to record the passwords employees type into the web-based admin software they use at many mobile networks."

This sounds a bit too mission impossible for me....does this guy know what he is talking about?

From what I've seen is that they get access with phishing...them simply do a simswap on your number. this can be done on any network with minimal info....yes....over the phone.

Some phishing sites will even prompt you for the code you just received (them adding a beneficiary)

Money gone!
 
Uhm this is actually explained in the article. The scammer gets an innocent "friend" to lend them their account for a nominal fee (probably some random person he sits next to on a taxi). By the time someone finds the owner of the account, the scammer is long gone and the owner will have no clue what happened.

I wonder how long the banks take to trace people and how successful it actually is. We have all these RICA and FICA laws, but we never hear about any of this actually being used to capture any criminals. Is there any stats from banks and cellphones companies out there regarding this? Or is RICA and FICA, as we all suspected, just a bunch of mismanaged paperwork?

Owner of the account must then be held liable maybe, unless they can provide their "friends" details...
 
Why don't the banks simply use 2 step authentication?

For example Capitech mobile app requires you to put a pin number into the app before it issues a generated number that you have to use to log into internet banking. If you do not have a capable phone they use to issue RSA tokens.
 
Gullible people clicking links emailed to them...
in the words of Mythbuster's Adam Savage.... well there's your problem!
 
Why is it I get 10x more ABSA oriented emails then other banks? The scammer know ABSA is weak.
 
Owner of the account must then be held liable maybe, unless they can provide their "friends" details...

I know that there are cases where many accounts are setup with false identity documents, the scammers then use mules to make the withdrawals.
 
Just read some of the front page comments and I have to let off steam somewhere...

Sweet mother of Hitchens! Getting your username and password are the least impressive parts of the attack and that's what people are focussing on?!

Phew. Much better.

EDIT: Just clarifying that my little rant isn't directed at anyone in this thread, or anyone in particular. For instance I completely agree with TirNaNog: Don't fall for the scam. Secondly: Don't click on dodgy links from your insecure PC. If you must, use a VM or something.
 
Last edited:
Sweet Rosemary

Just read some of the front page comments and I have to let off steam somewhere...

Sweet mother of Hitchens!
Getting your username and password are the least impressive parts of the attack[/B}
and
that's what people are focussing on?!

Phew. Much better.

What would be better is if you told us what the MOST impressive parts of the attack are ????
Weez wantz to NO :)
 
Just read some of the front page comments and I have to let off steam somewhere...

Sweet mother of Hitchens! Getting your username and password are the least impressive parts of the attack and that's what people are focussing on?!

Phew. Much better.

EDIT: Just clarifying that my little rant isn't directed at anyone in this thread, or anyone in particular. For instance I completely agree with TirNaNog: Don't fall for the scam. Secondly: Don't click on dodgy links from your insecure PC. If you must, use a VM or something.

Personally I think more information on how hackers get access to your username and password so readers can prevent it would have been more useful. But thats my opinion. Interesting article still. At least the reader of your article can proactively do something about the first steps if they have the right information.

If you can stop the first step normally you dont have to worry about the rest of the steps. People reading that article for instance are unable to stop people falling for sob stories and are unable to stop criminals corrupting cell phone network operators. Its beyond their control and to me, the least impressive bit of this.

Thank you for this important article.
 
Last edited:
i can also tell you, I was like 'huh' how does the cam film that, impossible.
 
Just found this in my spam folder. It was sent from [email protected]

spam.jpg

with email signature:

HIGHEST-RANKED. 6 YEARS STRAIGHT.
Thanks to our Cardmembers, J.D. Power and Associates has ranked us "Highest in Customer Satisfaction with Credit Card Companies, Six Years in a Row."
Learn more about this award:www.standardbank.co.za

Standard Bank received the highest numerical score among credit card issuers in the proprietary J.D. Power and Associates 2007- 2012 Credit Card Satisfaction StudiesSM. 2012 study based on responses from 13,726 consumers measuring 11 card issuers and measures opinions of consumers about the issuer of their primary credit card. Proprietary study results are based on experiences and perceptions of consumers surveyed in June 2012. Your experiences may vary. Visit jdpower.com.

Contact Customer Service

|

View Our Privacy Statement

|

Add Us to Your Address Book

Your Cardmember information is included in the upper-right corner to help you recognize this as a customer service e-mail from Standard Bank. Using the spam/junk mail function may not block servicing messages from being sent to your email account. To learn more about e-mail security or report a suspicious e-mail, please visit us at standardbank.co.za/phishing. We kindly ask you not to reply to this e-mail but instead contact us securely via customer service.

© 2013 Standard Bank is a licensed financial services provider in terms of the Financial Advisory and Intermediary Services Act and a registered credit provider in terms of the National Credit Act, registration number NCRCP15.

AGNEUALE0001001
 
Just found this in my spam folder. It was sent from [email protected]

You made me go look at my spam folder, and my oh my I found this:

Dear ABSA Client,

Attention! Your online service has been deauthorized.
We suspect someone other than you with IP 217.190.182.35
making series of incorrect attempts with your card number.

Please confirm your recent activities with us to show
you are not away at this time.
It should be confirmed as soon as possible to
keep it from getting intermitted.

Begin the verification process <-- Url to http: // niepelnosprawnyturysta.yapis.net /semb/onac.mern/situ.mery/naid.ferb.htm

Note: This email was sent from a secure server,
please SIGNON to email us as mails sent to this address cannot be answered.

I do not even bank at Absa nevermind the fact that this is to an outlook.com alias that only Nedbank has.
 
...Check Account :wtf: What's the chances of a bank spelling cheque wrong?
 
Top
Sign up to the MyBroadband newsletter
X