Pretty huge hole in the security of these online banking systems, digital ID needs a huge overhaul. And hopefully the publicity will keep the pressure on banks to promptly refund, early reports suggested they were accusing the victims of being lax.
This is a very interesting article. Kinda insane
I do have one question though – how are they accessing online banking? Wouldn’t they need the username and password? My Santander online banking always asks for those credentials
Or are they setting up a brand new online banking account for the first time? I’m a bit confused
So are the police reviewing CCTV from the gyms?
Are the police asking the banks to disclose the IP address of the phones the stolen cards were registered to?
Are the police requesting the IMSE of the phone that was used to register the card?
Are the police requesting MAC address and cell station pings from the ISP/phone company?
This shit can literally be automated to a push of a button.
Shouldn’t have to do this but maybe cancel the registration of the banking app if your going to be leaving your phone in a locker which could be broken into at a gym or public swimming pool.
I d like to see the faces of all those people that were doubting/victim blaming the twitter thread gal a couple of days ago!
Some apps also allow you to get a pin reminder in the app itself, so once you’ve got onto that there’s nothing stopping the thief from draining bank accounts with “legitimate” (to the bank) purchases.
Agree with the advice, I never need to bring my card with me pretty much anywhere anymore, and if i’m at the gym my phone is on my person at all times, I guess in these cases the victims for some reason didn’t want to have their phones on them?
I don’t get it they have a picture of the back of the person head. Why can’t they get a picture of the front?
I don’t know.
You working out.
It’s why you always carry your gym back with you to the floor. No cams in the locker rooms is a joke
They suggest this is the work of one person who uses the stolen cards in the same shops. Don’t those shops have CCTV that they can use to find her?
Recently, I lost a key to a chest of draws with items I need to use recently. I got a lockpicking set — and fuck ! Its easy to pick — Not the old antique lock I got it for — but the test lock. Its very easy. A padlock style. I still haven’t broken into my own chest of draws, yet. lol.
It’s so easy to ensure your text messages can’t be previewed on your lock screen on iPhones as this is how the thief is able to setup a blind banking on their own device.
You go into Settings > Notifications > When Unlocked.
By doing this notification previews will only show up on your phone when unlocked this is for ios. I’m not sure how you do it for android.
This hole could be easily fix.
Just checked Natwest. It allows multiple devices but to set it up you need the customer number, pin and password.
You can reset the pin and password but you’d need personal details and access to phone. You can’t reset the customer number but you can access it if you re-register for online banking, but you need sort code and account number.
So I think the average person should be safe, unless you also keep your cheque book with you.
I may be wrong, so do correct me if so.
Personally I always keep my natwest card and license at home, and use my revolut card for the daily spend, with less than £100 on there any one time.
If you have a physical SIM card, even if you hide messages on Lock Screen (a good idea), you should set a pin on that too.
Apple: Settings -> mobile data -> sim pin
Android: I don’t know
Without this, someone can just swap the sim into a spare phone, and send / receive messages from your number.
You will need to enter it once each time you start your phone, but not to unlock.
This is the future! Banks and scammers in a constant battle over your accounts and financials. The conning bastards know the flawed systems, which tells me we are dealing with security insiders somewhere..
Despite our best efforts in this civil-financial war, the banks will do their best to pin the blame on anyone but themselves. People need to be digitally aware.
People thought me mad for trying to cut my own card to disable Contactless, when the bank told me you can’t have a card without it! Needless to say I was not best pleased when that failed to render Contactless immobile. I never trusted it and these kind of news stories are only confirming my bias!
Euphoric redditors who were so convinced that it was just the women being silly and of course the banks couldn’t be that shit from that other thread now looking sheepishly at their hands.
“That verification passcode is sent by the bank to the stolen phone. The
code flashes up on the locked screen of the stolen phone, leaving the
thief to tap it into their own device”
Can’t you alter the notification settings so that a text message is only readable when the phone is unlocked? Its what I do. You can see the bubble for the message but can’t actually read the contents.
That’s a really simple trick, but I’d never have thought of it
Well done, fraudster – although the fact she always shops at the same stores during her sprees makes me think the cops already have her on CCTV
20 comments
Pretty huge hole in the security of these online banking systems, digital ID needs a huge overhaul. And hopefully the publicity will keep the pressure on banks to promptly refund, early reports suggested they were accusing the victims of being lax.
This is a very interesting article. Kinda insane
I do have one question though – how are they accessing online banking? Wouldn’t they need the username and password? My Santander online banking always asks for those credentials
Or are they setting up a brand new online banking account for the first time? I’m a bit confused
So are the police reviewing CCTV from the gyms?
Are the police asking the banks to disclose the IP address of the phones the stolen cards were registered to?
Are the police requesting the IMSE of the phone that was used to register the card?
Are the police requesting MAC address and cell station pings from the ISP/phone company?
This shit can literally be automated to a push of a button.
Shouldn’t have to do this but maybe cancel the registration of the banking app if your going to be leaving your phone in a locker which could be broken into at a gym or public swimming pool.
I d like to see the faces of all those people that were doubting/victim blaming the twitter thread gal a couple of days ago!
Some apps also allow you to get a pin reminder in the app itself, so once you’ve got onto that there’s nothing stopping the thief from draining bank accounts with “legitimate” (to the bank) purchases.
Agree with the advice, I never need to bring my card with me pretty much anywhere anymore, and if i’m at the gym my phone is on my person at all times, I guess in these cases the victims for some reason didn’t want to have their phones on them?
I don’t get it they have a picture of the back of the person head. Why can’t they get a picture of the front?
I don’t know.
You working out.
It’s why you always carry your gym back with you to the floor. No cams in the locker rooms is a joke
They suggest this is the work of one person who uses the stolen cards in the same shops. Don’t those shops have CCTV that they can use to find her?
Recently, I lost a key to a chest of draws with items I need to use recently. I got a lockpicking set — and fuck ! Its easy to pick — Not the old antique lock I got it for — but the test lock. Its very easy. A padlock style. I still haven’t broken into my own chest of draws, yet. lol.
It’s so easy to ensure your text messages can’t be previewed on your lock screen on iPhones as this is how the thief is able to setup a blind banking on their own device.
You go into Settings > Notifications > When Unlocked.
By doing this notification previews will only show up on your phone when unlocked this is for ios. I’m not sure how you do it for android.
This hole could be easily fix.
Just checked Natwest. It allows multiple devices but to set it up you need the customer number, pin and password.
You can reset the pin and password but you’d need personal details and access to phone. You can’t reset the customer number but you can access it if you re-register for online banking, but you need sort code and account number.
So I think the average person should be safe, unless you also keep your cheque book with you.
I may be wrong, so do correct me if so.
Personally I always keep my natwest card and license at home, and use my revolut card for the daily spend, with less than £100 on there any one time.
If you have a physical SIM card, even if you hide messages on Lock Screen (a good idea), you should set a pin on that too.
Apple: Settings -> mobile data -> sim pin
Android: I don’t know
Without this, someone can just swap the sim into a spare phone, and send / receive messages from your number.
You will need to enter it once each time you start your phone, but not to unlock.
This is the future! Banks and scammers in a constant battle over your accounts and financials. The conning bastards know the flawed systems, which tells me we are dealing with security insiders somewhere..
Despite our best efforts in this civil-financial war, the banks will do their best to pin the blame on anyone but themselves. People need to be digitally aware.
People thought me mad for trying to cut my own card to disable Contactless, when the bank told me you can’t have a card without it! Needless to say I was not best pleased when that failed to render Contactless immobile. I never trusted it and these kind of news stories are only confirming my bias!
Euphoric redditors who were so convinced that it was just the women being silly and of course the banks couldn’t be that shit from that other thread now looking sheepishly at their hands.
“That verification passcode is sent by the bank to the stolen phone. The
code flashes up on the locked screen of the stolen phone, leaving the
thief to tap it into their own device”
Can’t you alter the notification settings so that a text message is only readable when the phone is unlocked? Its what I do. You can see the bubble for the message but can’t actually read the contents.
That’s a really simple trick, but I’d never have thought of it
Well done, fraudster – although the fact she always shops at the same stores during her sprees makes me think the cops already have her on CCTV