If your mobile phone suddenly stops working with the error "Sim
registration failure" or similar and it is the number associated with
your internet banking account check what's happening on your bank
account.
My mobile was barred last Friday at 10:44 am after someone phoned
Vodafone to report it missing. By 11:09 some lowlife ba$tard had
extracted almost £3k from my current account. (it was an unusually
high balance due to having imminent bills for a boiler and some double
glazing).
It appears that said lowlife reports your mobile stolen, hoping to get
calls diverted to a number of their choice in case the bank rings
about the unusual transaction activity on your account. Luckily
Vodafone will only apply a divert if the caller can prove they are the
mobile account holder. In this case, Halifax spotted the unusual
account activity by the 4th transaction and locked the bank account.
They then assured me that the missing money will be replaced by
tomorrow now that I have scanned my IT equipment for nasties and the
account has been re-activated with new security information. So, the
moral of the story is, don't be complacent when your phone stops
working - I was originally going to wait until I could get to a Voda-
shop to get the SIM checked but after
not being able to access my bank account, I rang them to sort the
phone out
and discovered the link.
On 01/07/2012 18:55, CJB wrote:
> This from another forum:
>
> If your mobile phone suddenly stops working with the error "Sim
> registration failure" or similar and it is the number associated with
> your internet banking account check what's happening on your bank
> account.
>
> My mobile was barred last Friday at 10:44 am after someone phoned
> Vodafone to report it missing. By 11:09 some lowlife ba$tard had
> extracted almost £3k from my current account. (it was an unusually
> high balance due to having imminent bills for a boiler and some double
> glazing).
>
> It appears that said lowlife reports your mobile stolen, hoping to get
> calls diverted to a number of their choice in case the bank rings
> about the unusual transaction activity on your account. Luckily
> Vodafone will only apply a divert if the caller can prove they are the
> mobile account holder. In this case, Halifax spotted the unusual
> account activity by the 4th transaction and locked the bank account.
>
> They then assured me that the missing money will be replaced by
> tomorrow now that I have scanned my IT equipment for nasties and the
> account has been re-activated with new security information. So, the
> moral of the story is, don't be complacent when your phone stops
> working - I was originally going to wait until I could get to a Voda-
> shop to get the SIM checked but after
> not being able to access my bank account, I rang them to sort the
> phone out
> and discovered the link.
>
> XXXXXX
>
So you're relying on a) someones bank phoning them within a defined time
period (I think mine have phoned me twice in the last 10 years) and b)
them not asking any security questions?
I could see how a) was plausible to get around - call them up and ask
them to call you back on your mobile but I'm totally unsure of how to
get around b)
Or are you suggesting that someone has both compromised a bank account
and someones mobile simultaneously in the hope that the latter will help
perpetuate the former?
>This from another forum:
>
>If your mobile phone suddenly stops working with the error "Sim
>registration failure" or similar and it is the number associated with
>your internet banking account check what's happening on your bank
>account.
>
>My mobile was barred last Friday at 10:44 am after someone phoned
>Vodafone to report it missing. By 11:09 some lowlife ba$tard had
>extracted almost £3k from my current account. (it was an unusually
>high balance due to having imminent bills for a boiler and some double
>glazing).
>
>It appears that said lowlife reports your mobile stolen, hoping to get
>calls diverted to a number of their choice in case the bank rings
>about the unusual transaction activity on your account. Luckily
>Vodafone will only apply a divert if the caller can prove they are the
>mobile account holder. In this case, Halifax spotted the unusual
>account activity by the 4th transaction and locked the bank account.
>
>They then assured me that the missing money will be replaced by
>tomorrow now that I have scanned my IT equipment for nasties and the
>account has been re-activated with new security information. So, the
>moral of the story is, don't be complacent when your phone stops
>working - I was originally going to wait until I could get to a Voda-
>shop to get the SIM checked but after
>not being able to access my bank account, I rang them to sort the
>phone out
>and discovered the link.
I understand the bit about them trying to divert your phone, but I
still don't see how the person was able to access your internet
banking account. How were they able to do that?
"Chris Blunt" <mail@nospam.com> wrote in message
news:kc52v7t5dj10099nhkbumdfktukelh5une@4ax.com...
> On Sun, 1 Jul 2012 10:55:01 -0700 (PDT), CJB <chrisjbrady@gmail.com>
> wrote:
>
>>This from another forum:
>>
>>If your mobile phone suddenly stops working with the error "Sim
>>registration failure" or similar and it is the number associated with
>>your internet banking account check what's happening on your bank
>>account.
>>
>>My mobile was barred last Friday at 10:44 am after someone phoned
>>Vodafone to report it missing. By 11:09 some lowlife ba$tard had
>>extracted almost £3k from my current account. (it was an unusually
>>high balance due to having imminent bills for a boiler and some double
>>glazing).
>>
>>It appears that said lowlife reports your mobile stolen, hoping to get
>>calls diverted to a number of their choice in case the bank rings
>>about the unusual transaction activity on your account. Luckily
>>Vodafone will only apply a divert if the caller can prove they are the
>>mobile account holder. In this case, Halifax spotted the unusual
>>account activity by the 4th transaction and locked the bank account.
>>
>>They then assured me that the missing money will be replaced by
>>tomorrow now that I have scanned my IT equipment for nasties and the
>>account has been re-activated with new security information. So, the
>>moral of the story is, don't be complacent when your phone stops
>>working - I was originally going to wait until I could get to a Voda-
>>shop to get the SIM checked but after
>>not being able to access my bank account, I rang them to sort the
>>phone out
>>and discovered the link.
>
> I understand the bit about them trying to divert your phone, but I
> still don't see how the person was able to access your internet
> banking account. How were they able to do that?
>
>
Ther clue might be in the first line "This from another forum:"
So this does not appear to have happened to CJB, it is just a copy from
another source, same as the other scare stories he posts from the 'Daily
Mail'.
On Mon, 2 Jul 2012 10:15:44 +0100
"Harry Stottle" <thiswontwork@noitreallywont.co.uk> wrote:
> "Chris Blunt" <mail@nospam.com> wrote in message
> news:kc52v7t5dj10099nhkbumdfktukelh5une@4ax.com...
> > On Sun, 1 Jul 2012 10:55:01 -0700 (PDT), CJB <chrisjbrady@gmail.com>
> > wrote:
> >
> >>This from another forum:
> >>
> >>If your mobile phone suddenly stops working with the error "Sim
> >>registration failure" or similar and it is the number associated
> >>with your internet banking account check what's happening on your
> >>bank account.
> >>
> >>My mobile was barred last Friday at 10:44 am after someone phoned
> >>Vodafone to report it missing. By 11:09 some lowlife ba$tard had
> >>extracted almost £3k from my current account. (it was an unusually
> >>high balance due to having imminent bills for a boiler and some
> >>double glazing).
> >>
> >>It appears that said lowlife reports your mobile stolen, hoping to
> >>get calls diverted to a number of their choice in case the bank
> >>rings about the unusual transaction activity on your account.
> >>Luckily Vodafone will only apply a divert if the caller can prove
> >>they are the mobile account holder. In this case, Halifax spotted
> >>the unusual account activity by the 4th transaction and locked the
> >>bank account.
> >>
> >>They then assured me that the missing money will be replaced by
> >>tomorrow now that I have scanned my IT equipment for nasties and the
> >>account has been re-activated with new security information. So, the
> >>moral of the story is, don't be complacent when your phone stops
> >>working - I was originally going to wait until I could get to a
> >>Voda- shop to get the SIM checked but after
> >>not being able to access my bank account, I rang them to sort the
> >>phone out
> >>and discovered the link.
> >
> > I understand the bit about them trying to divert your phone, but I
> > still don't see how the person was able to access your internet
> > banking account. How were they able to do that?
> >
> >
> Ther clue might be in the first line "This from another forum:"
> So this does not appear to have happened to CJB, it is just a copy
> from another source, same as the other scare stories he posts from
> the 'Daily Mail'.
>
And of course, any time you use your mobile 'phone to talk directly to
your bank account, you are risking somebody snooping.
--
Davey.
> So this does not appear to have happened to CJB, it is just a copy from
> another source, same as the other scare stories he posts from the 'Daily
> Mail'.
It may be a 'scare story' but that doesn't mean it's not true. A friend of
mine had his business account depleted by some £20k by con artists, and
convincing the bank to change the contact phone number was part of it.
Another part of the problem was that the bank weren't deterred by the fact
that the person answering the contact number couldn't answer the security
questions. He got his money back in the end, and moved banks.
--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
21:04:16 up 172 days, 23:37, 6 users, load average: 0.21, 0.51, 0.54
Qua illic est reprehendit, illic est a vindicatum
In uk.telecom.mobile Chris Blunt <mail@nospam.com> wrote:
> I understand the bit about them trying to divert your phone, but I
> still don't see how the person was able to access your internet
> banking account. How were they able to do that?
Lloyds Group internet banking (Lloyds, Halifax, Bank of Scotland) uses a
username, a password, and a memorable word for login purposes. Once you've
logged in, setting up a new payee involves an automated call to a number
registered by you and entering a 4 digit code displayed on the web page.
The username and password are easy to phish. The memorable word is harder,
because it's a '3 letters out of N' code, and if you get it wrong it keeps
asking for the same 3 letters. However, if you have malware on your PC it
can record the username, password and enough logins to get most of the
letters in the memorable word. That means the only barrier is then the
confirmation call. However it's not as simple as that, because the internet
banking doesn't display the full mobile number. Which means that number
needs to be keylogged from elsewhere (eg login to your mobile account, or
from an email). There then only remains the issue of finding out what
mobile network it's on (feasible with access to the HLR but otherwise
tricky).
> Thanks to smart phones being capable of using the internet and online
> banking, it is likely that the phone numner they send the code to is the
> very device the fraudster is using to do the banking transaction, having
> found or stolen the phone
--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
20:35:04 up 196 days, 23:08, 6 users, load average: 0.14, 0.25, 0.31
Qua illic est reprehendit, illic est a vindicatum
Once when I was on PAYG I called my phone network to get a PAC. He asked
for my number and he read it back wrong so I corrected him, I'm sure that
he got it wrong yet again.
But he put me on hold for a minute and came back and read a PAC. I asked
him to tell me what phone number he had and he had indeed took it down
wrong. What is scary is, that I could have given any PAYG phone number I
wanted for that network and took control of it.
This was around 10 years ago and I have no idea whether security is still
as lax.
Scam re: internet banking users... 
Linear Mode
