Solved A good amount of money has been stolen from my bank account bypassing the double factor authentication.

Login to the provided page using the password above and change your password or close the account there.

When you receive such e-mail for verification Do not share the screenshot of it with the entire verification link visible to the public. Anyone can verify this link and create the profile.
 
Honestly, I feel like I'm being watched. As if my data had been stolen, and every now and then someone tries to register on old or new sites I've been to, or never have been to. In any case, I've already changed the passwords in most of those websites.
 
Using text messaging for securing accounts is ludicrous. TEXT MESSAGES ARE NOT SECURE.

Why companies would try to use them for security funtions is dumb.


At some point its important to acknowledge how possible it is that our mobile computers are just as (more) susceptible to exploitation than our personal computers. I remember reading a public email professing the importance of NOT using PGP to sign emails because it convinces everyone else that theres some sort of impenetrable impervention and that the message sender is obviously who they claim to be. Isn't this exactly what they prey upon? What a lovely gift.
 
I never normally read this rag but the story is interesting. Description of sim swap fraud.


And organised crime video from the FT. I just wish they wouldn't put the silly background music on all the time.
View: https://www.youtube.com/watch?v=a9cugMoM89w
 
What a lovely gift.
Hehe. No, you are, Al...

On topic: My bank has been emptied by the local sociopath/Anonymous member. My point is this is rarely accomplished due to a compromise on the other end (nor does it make sense). It wasn't through the bank; it was through his access to my computer.

P.S. When I showed up at his computer store, he hid in a closet because he's a coward.
 
Using user/pass for banking account should be prohibited via regulation. It is akin to a clerk checking the name and numbers on ID card but not bothering to look at the picture and the person.

P.S. When I showed up at his computer store, he hid in a closet because he's a coward.

I was after-hours in a largeish (for this market) cell/console/comp electronic repair service, collecting some 'domain info' to make them a biz application and seeing technicians rather dissapointed as the good looking girl that brought the cell in for repair doesn't have any kinky pictures/videos of themselves on it. In my own company the PC repair dept guys kept on sifting through computers looking for stuff like its their own, and openly commenting about the find - but I've never seen them copy the stuff over, unlike the guys in the cell repair stores, they kept their own archives of 'user stuff'...

But I've yet to hear somebody was that stupid to actually access and drain a customers account.
 
Using user/pass for banking account should be prohibited via regulation. It is akin to a clerk checking the name and numbers on ID card but not bothering to look at the picture and the person.



I was after-hours in a largeish (for this market) cell/console/comp electronic repair service, collecting some 'domain info' to make them a biz application and seeing technicians rather dissapointed as the good looking girl that brought the cell in for repair doesn't have any kinky pictures/videos of themselves on it. In my own company the PC repair dept guys kept on sifting through computers looking for stuff like its their own, and openly commenting about the find - but I've never seen them copy the stuff over, unlike the guys in the cell repair stores, they kept their own archives of 'user stuff'...

But I've yet to hear somebody was that stupid to actually access and drain a customers account.
I've been followed by a gym teacher and a sociopath for 16 years. I'm releasing a website soon with proof after he covered my Facebook in awful shit. He's everything you would expect him to be.
 
Using user/pass for banking account should be prohibited via regulation. It is akin to a clerk checking the name and numbers on ID card but not bothering to look at the picture and the person.
I totally disagree. I think if you run a system that collects passwords you should be licensed and audited.

When I create a password it is a bond of trust between me and the provider.

I trust that they will defend their passwords with the greatest software tools available.

No user should be able to guess more that 3 times or they get locked out.

We have these simple tools in our ports tree. FAIL2BAN and many others. Why should I jump through hurdles on an unsecure messaging service?
SS7 is BROKE. It will not be fixed. It is a very well know backdoor.


The takeaway is that calls and SMS run over infrastructure that was never built to be private, so you shouldn’t place private things there.
 
I really feel sorry for older people that are not technologically savvy.

In my state the abolished PAPER mailings for Division of MOTOR VEHICLES. DMV. They expect you to go online and pay for Tags and Registration. You need to keep track yourself of due dates.
No more paper bills.
License renewal ONLINE? No more vision exam?

Tech Dudes really don't give two hoots about your problems and now the State is doing the same.
Think of the money saved.
They will mail you a PAPER bill for an additional FEE.
How generous of them.
 
In Virginia, anyone who installs, services, or sells surveillance equipment must be licensed by the Department of Criminal Justice Services.
I had to get licensed to work on commercial security DVR systems. Take a 16H course and have my BACKGROUND checked and fingerprints taken.

Why do the same requirements not apply to business websites collecting login data? They are preforming a security service.
I would not be surprised if they greased some palms to get exempted from law.
 
I totally disagree. I think if you run a system that collects passwords you should be licensed and audited.

When I create a password it is a bond of trust between me and the provider.

I trust that they will defend their passwords with the greatest software tools available.

No user should be able to guess more that 3 times or they get locked out.

Well that's a standard user/pass auth you described and it is dangerous to use without a second factor, hence we came up with 2FA long ago...

It is too easy to phish out passwords. Good point about older people - my folks are seniors too and I just take care of online shopping for them.

Again, it would be too easy to just phish out their user/pass.

Besides bond of trust you speak of doesn't formally exist. It is something maybe in our trade, but not in contract with the bank or the laws and regulations it sits upon. If ebanking portal uses just user/pass for login, if in their logs they have a sucessful auth, your case is gone. They may go forward with legal stuff against IP of login, but as far as laws go, you cannot prove the password wasnt stolen from your PC.
 
Back
Top