Solved A good amount of money has been stolen from my bank account bypassing the double factor authentication.

Espionage724 said:
When I see random bank emails, I usually go straight to the bank website via manual URL entry (not from email click) and check stuff out. I kind of wish some of those large deposits were real :p
Click to expand...

How can you be sure that *usually* I don't do the same ? Is it so hard for you to believe that having a moment of low attention is human and natural ? Paranoic peoples can't accept that their minds can be vulnerable.
 
eternal_noob said:
Everyone has moments of weakness, and that's ok. The problem is that you're trying to blame the bank for your moment of weakness.
Click to expand...

What I'm trying to do is to avoid being overwhelmed by the guilt you're trying to instill in me due to your excessive intransigence. I take my part of responsibility, and I don't think I'm 100% responsible, because, as I repeat, I believe systems can always be more secure than how they are. It's just a matter of how much money you're willing to invest to convince yourself that you've created a system that's sufficiently secure, not to mention bulletproof. And you believe this because you've invested in it. For this reason, you might not see its weaknesses. Doing so would put you in the awkward position of having to spend even more and more money,probably going into an endless cycle,because...there can't be any system that's 100% secure,connected or disconnected.
 
astyle said:
Until you read about the University of Minnesota Linux Kernel debacle. Even Open Source is not immune to miscreants creating a mess. This is why you gotta keep your eyes peeled for signs of trouble no matter where you are.

Paranoia at breakfast, lunch and dinner can be exhausting, but yeah, there are people who actually do that for fun, and know a lot about it.
Click to expand...
there are quite some out there, but that is not the point. My point is: when someone is approaching me that some open source project is seriously flawed and the correspondent claims to be some kind of l33t h4x0r I wanna see proof. Then, talking how a transition to the Rust programming language would solve that problem just disqualifies that person. The problem is the supply chain, which has nothing to do with the underlying technology, because a backdoor will then simply be used using the Rust programming language.
 
ZioMario said:
I'm trying to do is to avoid being overwhelmed by the guilt you're trying to instill in me due to your excessive intransigence.
Click to expand...
It wasn't my intention to make you feel guilty. Rather, I wanted to make it clear to you that you should change your perspective on things so that you don't become a victim again.

If you want me to stop posting here, just say a word.
 
eternal_noob said:
It wasn't my intention to make you feel guilty. Rather, I wanted to make it clear to you that you should change your perspective on things so that you don't become a victim again.

If you want me to stop posting here, just say a word.
Click to expand...

I see a widespread mentality that overly "punishes" single individuals, rather than seeing the issue in its complexity, implicating a multitude of actors who also bear responsibility. The problem isn't you. And perhaps it's not any individual. It's the way you (plural) think, which is too focused on evaluating the behavior of individuals, losing sight of the complexity of the issue, which instead concerns many individuals.
 
rootbert said:
there are quite some out there, but that is not the point. My point is: when someone is approaching me that some open source project is seriously flawed and the correspondent claims to be some kind of l33t h4x0r I wanna see proof. Then, talking how a transition to the Rust programming language would solve that problem just disqualifies that person. The problem is the supply chain, which has nothing to do with the underlying technology, because a backdoor will then simply be used using the Rust programming language.
Click to expand...
There are plenty of people who talk nonsense, but it takes an actual subject matter expert to see that. The cyber security field is full of people like that. When I see ads for cyber security services, I just roll my eyes. It's like buying a door that can withstand a hit from a Patriot missile when the rest of the house is made of straw, and inside, there's nothing worth stealing - because it was all spent on that fancy door.
 
Well it's the classic scam paradox. The bank didn't fail you, or take your money. They are not on the hook with you. They will not make good the losss, nor can be legally compelled to. The person who is liable to you is the scammer. Ah, but even if you caught the scammer, he already spent it all, because nobody scams people to put into a savings account. It is spent, poof.

When I started reading this thread, my thought was that between the phone software and the text message and the website and the this and the that, the attack surface is too huge. Then I found out you clicked on a phishing email link. But then I realized it still applies. With the multitude of surfaces, your own mind was not in a condition to filter out the phishing email like it should have. You already have 22 elements at work, why should a 23rd stand out?

The best security is to keep things simple, small. There is no need to add yet another door, another element, if, not to be redundant, there is no need. Institutions will try to push surface on you, telephone software, this, that, because they profit from it in various ways, not because you need it.

Modern man needs to learn to say no. Or to at least think of "yes" in terms of a value decision that must get value in return. Put a price on "yes." That way it will at least be easier to keep track.

It's not your fault that this happened, you should not feel guilty. A professional targeted you and got you, as is their wont. But it is not the bank's fault either. In the mean time, study the problem to see what made you vulnerable.

A stinking thief is a stinking thief. Don't get confused about that.
 
Banks can sometimes get it wrong, i was lucky enough to go to a seminar in London for free due to somebody else being ill. Freaky Clown a hacker/penetration professional was doing the seminar. At the time he was working with a cyber security firm for the banking industry & talked about one of the banks spending millions on new state of the art firewalls etc. On the security testing day instead of network attacks, he just turned up at the bank using social engineering & took a server out of the server room. The weakest link is always the human.
 
ngnicholson said:
Banks can sometimes get it wrong, i was lucky enough to go to a seminar in London for free due to somebody else being ill. Freaky Clown a hacker/penetration professional was doing the seminar. At the time he was working with a cyber security firm for the banking industry & talked about one of the banks spending millions on new state of the art firewalls etc. On the security testing day instead of network attacks, he just turned up at the bank using social engineering & took a server out of the server room. The weakest link is always the human.
Click to expand...

The opposite can be also true ? If the weakest link is always the human,the stronger link is always the human. So. It depends only in which side is the most "creative" person on. On the side of the system's defense or on the side of the offense.
 
Yeah, banks and also large corporations put so much enfasis on pre-empting any computing-focused attack, they end up creating a thousand openings for a human-focused attack. Like the tendency for everything to have 32 complicated passwords. Of course this will be very hard for computers to crack. But what human being has space or time in their lives to memorize 32*NUMBER_OF_SERVICES 12 char passwords with small, large caps, special characters, numbers. What happens? The human has one password template or writes it all down in some accesible place, making the whole thing less secure than when you started. I am specially shocked when institutions rely on multitude of devices for security. All I see is multitude of openings.

Instead of trying to write out the human factor, good security should leverage it. That is the difference between dealing with cattle and dealing with persons.

---

From the consumer side, I think the first step to a far more secure life is to have 0 trust for institutions and their security. Just like servers are instructed never to trust the client, also the client should never trust the server. You can't cover every single hole, a motivated and talented enough person can probably get you. But just this mentality will increase your overall security several orders of magnitude.
 
lost_in_c said:
Yeah, banks and also large corporations put so much enfasis on pre-empting any computing-focused attack, they end up creating a thousand openings for a human-focused attack. Like the tendency for everything to have 32 complicated passwords. Of course this will be very hard for computers to crack. But what human being has space or time in their lives to memorize 32*NUMBER_OF_SERVICES 12 char passwords with small, large caps, special characters, numbers. What happens? The human has one password template or writes it all down in some accesible place, making the whole thing less secure than when you started. I am specially shocked when institutions rely on multitude of devices for security. All I see is multitude of openings.

Instead of trying to write out the human factor, good security should leverage it. That is the difference between dealing with cattle and dealing with persons.

---

From the consumer side, I think the first step to a far more secure life is to have 0 trust for institutions and their security. Just like servers are instructed never to trust the client, also the client should never trust the server. You can't cover every single hole, a motivated and talented enough person can probably get you. But just this mentality will increase your overall security several orders of magnitude.
Click to expand...

Finally someone who also sees the structural vulnerabilities on the server/organization side and doesn't just place 100% of the blame on me.
 
This story wasn't ended yet. Is ended yesterday,with a refund from my bank after speaking with the complaints office. I told them that I'm ready to accept my 50% of responsability,but not totally,because in my personal view,it's not regular that a bank can allows that a customer losses a big amount of money by simply making a click on a wrong link. They refunded me the full amount of money as a sign of care towards me. Now it is really ended.
 
Part of me feels we will never learn this way. The other part knows that, if it had been my money, I would have done the same.

It will be interesting to see how banks deal with account safety in the coming decade.

Glad you got your money back. Must be a beautiful feeling. Death to scammer scum.
 
ZioMario , eternal_noob : It's just that I personally noticed that a lot of people seem really tempted to take a proverbial whack at OP. Just the perverse satisfaction of being able to claim that they, too, posted in there to tell OP that he was phished and scammed and that it's his fault for not paying attention and keeping his eyes peeled. It's those comments that I'm getting tired of.

If you want real freedom of speech, there's Reddit and 4Chan. In here, Forums have rules about interaction being professional. I'm too lazy to link to those rules, but I think they'd still apply here. And unloading on OP after case is closed - that's just not nice. Even OP said that story is over.

Besides, the Forums are aimed at helping FreeBSD users with FreeBSD-related technicalities. I know this is an Off-Topic area where like-minded people gather, but how long is this gonna go on? Scamming and keeping your eyes peeled when AFK is not exactly relevant to FreeBSD.
 

I'm intrigued by what the guy from the complaints office wrote to me: "We believe in your good faith." I wonder what that sentence means. It seems they think I might be acting in bad faith and therefore trying to scam them ? How ?
 
ZioMario said:
I'm intrigued by what the guy from the complaints office wrote to me: "We believe in your good faith." I wonder what that sentence means. It seems they think I might be acting in bad faith and therefore trying to scam them ? How ?
Click to expand...
If you only knew how many cases of bad faith the bank has to deal with... A bank is quite a juicy target for bad apples, so the bank had to grow a thick skin and to learn to do due diligence on EVERY SINGLE FREAKING case, even if it means claimants have to jump through a lot of hoops. You're not the only one who got scammed. You're not the only client who thinks they can get something from the bank. The bank has its own interests to protect, as well, it needs to operate as a proper bank, be compliant with financial laws and keep EVERYBODY's money safe.
 
astyle said:
If you only knew how many cases of bad faith the bank has to deal with... A bank is quite a juicy target for bad apples, so the bank had to grow a thick skin and to learn to do due diligence on EVERY SINGLE FREAKING case, even if it means claimants have to jump through a lot of hoops. You're not the only one who got scammed. You're not the only client who thinks they can get something from the bank. The bank has its own interests to protect, as well, it needs to operate as a proper bank, be compliant with financial laws and keep EVERYBODY's money safe.
Click to expand...

I don't understand how I could have fooled them. The money that was stolen from me was mine. Would I have stolen it by myself and then asked a refund ? Does it make sense ? If I had purchased something I didn't want, I would have asked the seller for a refund. The law allows for a refund if you request it within a certain number of days.
 
You must log in or register to reply here.
Back
Top