Yep, I have heard about that also over in the states. Amazing on how well Social Engineering still works with the right hardware. They did that with Card readers at Barnes and Noble and other stores less than about 1 yr ago.
Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: [email protected] [mailto:[email protected]] On Behalf Of Steve Burkett Sent: Thursday, September 26, 2013 9:00 AM To: [email protected] Subject: [NTSysADM] RE: Bank funds stolen without access to rsa token, anyone heard of that? We've had a couple of incidents in the last couple of weeks here in the UK where criminals posing as computer engineers have fitted KVM's on to computers inside of bank branches, and transferred the cash out that way. Don't assume it's your end that's been compromised! :) http://www.theregister.co.uk/2013/09/20/barclays_cyber_cops_make_arrests/ http://www.bbc.co.uk/news/uk-england-london-24077094 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of James Hill Sent: 26 September 2013 08:38 To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Bank funds stolen without access to rsa token, anyone heard of that? No I'm not. The suspicion is malicious software on the computer that was normally used. James. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ken Schaefer Sent: Thursday, 26 September 2013 5:32 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: Bank funds stolen without access to rsa token, anyone heard of that? Are you 100% sure this was done via the internet banking site? Cheers Ken From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of James Hill Sent: Thursday, 26 September 2013 5:24 PM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] Bank funds stolen without access to rsa token, anyone heard of that? I've recently been in discussion with someone who has had money stolen from their bank account. I have seen examples of this in the past when the only authentication in place was a password. But in this case they had two factor authentication. A password and an RSA token. They had funds transferred to an overseas bank account. For this to occur it would normally require logging on to the internet banking system with the password and token code. Then enter the external transfer area, enter the details then enter in the current token code. Has anyone ever heard of this occurring? James. === STEMCOR CONFIDENTIALITY AND DISCLAIMER NOTICE This e-mail is intended only for the addressees named in it. The contents should not be disclosed to any other person nor copies taken. Any views or opinions presented are solely those of the sender and do not necessarily represent those of Stemcor unless otherwise specifically stated. Stemcor does not accept legal responsibility for the contents of this message nor responsibility for any change made to it after it was sent by the original sender. You are advised to carry out a virus check before opening any attachment as Stemcor does not accept liability for any damage sustained as a result of any software viruses. You should be aware that Stemcor reserves the right to read incoming and outgoing emails. ===
<<inline: image001.jpg>>
