A good amount of money has been stolen from my bank account bypassing the double factor authentication.

But it's up to you to accept such services, and to limit the amount of money that can be charged this way.
Click to expand...

I was aware that I had to use a rechargeable card and i tried several times to ask for one,but I failed. Why ? For unknown reasons to me at the moment. Maybe I've been only unlucky. In any case, the postal service refused to let me subscribe to one of them several times. My fault,I should have insisted in other ways.

If a money transaction from your account was possible by just clicking on a link, your password, pin number, or what else you need to identify yourself as the valid person and agree to the transaction, had to be somehow somewhere stored on your machine, accessably for the thief('s software).
Click to expand...

I didn't get any authorization to accept the fraudolent transaction,only warnings that someone was able to enable the bank app to his phone. But it was too late. And I was confused that his phone (Iphone 14 Max) was really my phone,because sometime I used a different user agent. I've immediately thought : maybe I forgot that in the recent past I used an "Iphone 14 Max" user agent. So,iI fooled myself :P

I don't keep saved the bank credentials on the mobile phone and on the FreeBSD system. I never use my credit card to buy stuff online (I'm a paypal user). And my paypal account hasn't been violated. So,man,I don't know.
 
Sounds like you are already very careful, more careful than most consumers who know nothing at all about this. Perhaps they have been targetting you for an extended time, in several stages. That sounds like something more organised than a teenager in a bedroom with a laptop.

If you ever find out how it worked, it will be interesting to hear. Everyone needs to know about this... so we can be warned about what can happen. I think thousands of people suffer from these phishing attacks, it happens all the time, you are not the only one.
 
blackbird9 said:
Sounds like you are already very careful, more careful than most consumers who know nothing at all about this. Perhaps they have been targetting you for an extended time, in several stages. That sounds like something more organised than a teenager in a bedroom with a laptop.

If you ever find out how it worked, it will be interesting to hear.
Click to expand...

So,to be aware is not enough. This is the lesson to learn. I suspect that we should become paranoic users. But it will be not good for our mental health. Let me understand a point. If I use the credit card details to buy something from a website and then when the transaction is complete,I remove the credentials from that website (sometimes this is allowed,sometime not),those credentials are really removed from the remote system or not ?
 
So how can you teach the grandma, or the young mum with three kids who knows nothing about computers? If you need a PhD in cyber security to use the system safely? 😂
I think the true responsibility to make the system safe lies with the banks, not with the bank customers, IMHO. The system belongs to the banks, and it is operated to benefit them, not the customers.
 
blackbird9 said:
So how can you teach the grandma, or the young mum with three kids who knows nothing about computers? 😂
I think the true responsibility to make the system safe lies with the banks, not with the bank customers. IMHO.
Click to expand...

For sure. It's cowardly to delegate the security of the computers to inexperienced users. Many people make another job,they have different interests,they had a different education,family and job and health problems and they aren't really focused on what happens in the world ; you can't expect them to become experts in yet another area. And if they make some mistake,they are immediately marked as a stupid or something like that ?
 
ZioMario said:
So,to be aware is not enough. This is the lesson to learn. I suspect that we should become paranoic users. But it will be not good for our mental health. Let me understand a point. If I use the credit card details to buy something from a website and then when the transaction is complete,I remove the credentials from that website (sometimes this is allowed,sometime not),those credentials are really removed from the remote system or not ?
Click to expand...
I don't know the answer to your question...
 
eternal_noob said:
The bank could argue that your friend set up the phising site and you share the refund. That's why only technical flaws will be compensated.
Click to expand...

Let me understand. I ask to my friend to stole my money to have back the same amount of money ? or to keep some part of that money giving the difference to my friend ? Isn't faster to make a wire transfer to him ? maybe I didn't understand well what u mean.
 
Well, that is an argument that the victim is part of the fraud. The bank would have to prove that to make it work as a defence against compensating the victim. You cannot blame the victime for the crime. At least, the victim is innocent until proven guilty!:)
 
ZioMario said:
I suspect that we should become paranoic users.
Click to expand...
"The question is not 'are you paranoid', but 'are you paranoid enough?'", Strange Days, USA 1995

No, seriously, there is a wide span between the unhealthy extremes of careless and paranoid, which is named careful.
As a psychologist you should know.

Dude,
I can understand you are pissed - and I feel with you. Really I do. And many others here for sure, too.
But besides to use the community to ventilate your anger, you also need to accept the responses are to bring your perspective back to a more real point of view, and to give you real help on what can really be done.
And you know that.

So, be patient what the police will tell you. Maybe this phishing trick is already known to them, and they catch the bastard, and maybe you actually get some of your money back. The chances are not good, but also not zero.
Until then try to figure out not to become housebroken again without losing the fun of life - without becoming paranoid.
But at least try to have partially some fun, like fantasizing of how to hack back 😁

A few months ago the wife of a very good friend of mine died of breast cancer. Knowing the unavoidable for years there also were some laughing in this family. She said:"It does not help the slightest bit if there is no fun at all anymore. In the contrary it rather spoils the time left I have."
 
Maturin said:
A few months ago the wife of a very good friend of mine died of breast cancer. Knowing the unavoidable for years there also were some laughing in this family. She said:"It does not help the slightest bit if there is no fun at all anymore. In the contrary it rather spoils the time left I have."
Click to expand...
Very true. We must try to enjoy the time we have. Take a day off and go for a good walk in the mountains or by the sea, and have a nice lunch somewhere. :)
 
A side note. If I want to install the app of the bank I should have a google account,sharing some sensible data with Google. The danger starts already here. Is there a way to install an Android app without signing with Google ? Because we can be very paranoic,but if we are forced to share informations that we don't want,about what are we talking about ?
 
eternal_noob said:
Don't use a phone for online banking but a hardware device connected to your computer.
Click to expand...

Unfortunately here there aren't banks that offer hardware devices anymore. I should look better,but I have already asked to some bank directors. They said that I will not find any bank that does it. If I buy an hardware device,can it "dialogue" with the bank app ?
 
My bank has replaced physical hardware tokens with digital solutions such as O-Key Smart and I-B@nk mToken, which enable authentication via the Mobile app on your smartphone, eliminating the need for a separate device. These options offer a high level of security, using a PIN, fingerprint, or facial recognition to authorize transactions. Current solutions O-Key Smart: This is the main alternative, available free of charge with the app. To activate it, download the app, go to "My Key," and follow the instructions to register the service. I-B@nk mToken : This is another digital authentication option, available via a dedicated app (available on Google Play).
Click to expand...

These methods don't help if I click on a phishing link,because those apps will be disabled and reactivated on the remote phone. This is what I've understood.
 
ZioMario said:
Unfortunately here there aren't banks that offer hardware devices anymore.
Click to expand...
Can't believe that. Hardware authentication is much more secure than software solutions.

www.onespan.com

Why hardware devices should be a key ingredient of banks’ strong customer authentication strategy

Find out why hardware authentication devices represent an important security component of online banking applications now and in the future.
www.onespan.com www.onespan.com

I use hardware authentication and if my bank says i can't anymore, i am gone.
 
eternal_noob said:
Can't believe that. Hardware authentication is much more secure than software solutions.

www.onespan.com

Why hardware devices should be a key ingredient of banks’ strong customer authentication strategy

Find out why hardware authentication devices represent an important security component of online banking applications now and in the future.
www.onespan.com www.onespan.com

I use hardware authentication and if my bank says i can't anymore, i am gone.
Click to expand...

This is what I said several times,here and to the banks directors. They say that they don't care. They don't offer hardware solutions anymore and I can't do anything to change that.
 
ZioMario said:
A side note. If I want to install the app of the bank I should have a google account,sharing some sensible data with Google. The danger starts already here. Is there a way to install an Android app without signing with Google ? Because we can be very paranoic,but if we are forced to share informations that we don't want,about what are we talking about ?
Click to expand...

The bank apps I've dealt with in the US don't care about a Google account, but the expected device integrity (and getting it from Play Store) likely requires a sign-in.

If your bank is cool they'd provide an apk from their servers (I'm not aware of any :p). I wouldn't sideload a financial apk from any source online, but depending on how often the bank updates the app, you could download the apk from a signed-in Google device/account, extract the apk, and install it on another non-Google device (possibly Waydroid + Play Store would allow the apk DL).

Realistically I don't believe Google-side permissions would pose a risk to bank accounts (banks have their apps on Play Store and support Android), and likely Strong Integrity enforcement would mean the device is secure (if the phone doesn't pass Strong or Basic I wouldn't use it for financials even with Play Store access).


My bank gives notifications in email and I can manage light stuff through a web browser; I don't bother with their Android app on my Gapp-less set-up, but when Play Store was convenient I grabbed their app from there just to have it.
 
You must log in or register to reply here.
Back
Top