Author Topic: Don't bank online  (Read 25734 times)

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 15632
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #15 on: July 27, 2021, 05:16:01 PM »
US Senate Banking Chair Asks CFPB How It Plans to Address Risks of Chime and Other Banking Apps ProPublica

https://www.propublica.org/article/senate-banking-chair-asks-cfpb-how-it-plans-to-address-risks-of-chime-and-other-banking-apps#1096604

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 15632
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #16 on: October 14, 2021, 03:30:17 PM »
Britain is the world capital of bank fraud

"enabled partially by Britain's instant electronic transfers"

https://boingboing.net/2021/10/14/britain-is-the-world-capital-of-bank-fraud.html

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 15632
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #17 on: December 04, 2021, 03:08:27 PM »
New wrinkle:

Fraud: 'I had 18,000 stolen after my drink was spiked' - BBC News
https://www.bbc.com/news/business-59494524

BoL

  • Inner Core
  • Hero Member
  • *
  • Posts: 1182
    • View Profile
Re: Don't bank online
« Reply #18 on: December 04, 2021, 04:49:21 PM »
>Fraud: 'I had 18,000 stolen after my drink was spiked' - BBC News

Had me wondering how it was done. For me, there's a pass phrase in the app where you enter 3 characters of it. 3 incorrect entries and you're locked out. Guess the banks in question don't have that protection.

With that out the way, the rest sounds trivial.

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 8817
    • View Profile
Re: Don't bank online
« Reply #19 on: December 04, 2021, 05:56:53 PM »
Hypothesis: His apps are using Touch ID or Face ID, no code required. Since he's drugged, the criminals have access to both. That's both how they get into the phone and into the accounts. iPhones only require reauth with the code if the system has rebooted or the cookie (or whatever it is in the app world) has expired.

Makes one think about the issue with having a single system for both opening the phone and opening a financial app. If you're drugged, if effectively circumvents and 2FA. Pause for thought

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 15632
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #20 on: December 04, 2021, 06:07:57 PM »
>Hypothesis

Debbie says 'Bingo!'  His biometrics could still be available.

This thread also relates to the recent craptop thread and why my devices that leave the house are loaded with select sites and bookmarks.  I also switch browsers on those devices so there won't be any possibility of syncing.

Brad

  • Inner Core
  • Hero Member
  • *
  • Posts: 3982
  • What, me worry?
    • View Profile
Re: Don't bank online
« Reply #21 on: December 04, 2021, 10:03:14 PM »
I do no banking online. No NFC payments either.

I don't use biometric access, just old fashioned PIN.  Plus I have not been in a bar or party drinking since pre covid.

Travoli

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1159
    • View Profile
Re: Don't bank online
« Reply #22 on: December 06, 2021, 03:43:25 AM »
>Hypothesis

Yes.

Old: Drug them and harvest organs.
New: Drug them and steal crypto.

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 15632
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #23 on: December 13, 2021, 05:45:14 PM »
Another one;

Man stole $23K using exs phone through facial recognition while she slept
https://nypost.com/2021/12/13/man-steals-23k-using-exs-phone-through-facial-recognition-report/

ergophobe

  • Inner Core
  • Hero Member
  • *
  • Posts: 8817
    • View Profile
Re: Don't bank online
« Reply #24 on: December 15, 2021, 12:17:05 AM »
>>Don't bank online

I would gloss that last one as "Don't date a con artist."

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 15632
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #25 on: December 20, 2021, 06:01:58 PM »

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 15632
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #26 on: February 19, 2022, 03:03:32 PM »
Plaid is the 3rd-party engine behind a lot of online fintech.

Plaid is an evil nightmare product from Security Hell
https://drewdevault.com/2022/02/19/Plaid-is-an-evil-nightmare-product.html

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 15632
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #27 on: February 21, 2022, 06:37:40 PM »

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 15632
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #28 on: November 08, 2022, 02:20:00 PM »
US financial institutions reported nearly $1.2 billion on likely ransomware-related payments last year, most commonly in response to breaches originating with Russian criminal groups, according to the Treasury Department. - Bloomberg

https://www.bloomberg.com/news/articles/2022-11-01/us-banks-spent-1-billion-on-ransomware-payments-in-2021-treasury-says

rcjordan

  • I'm consulting the authorities on the subject
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 15632
  • Debbie says...
    • View Profile
Re: Don't bank online
« Reply #29 on: January 27, 2023, 04:23:37 PM »
Mobile phone fraud: 'They stole 22,500 using my banking app' - BBC News

https://www.bbc.co.uk/news/business-64240140