As far as I'm aware, from the actual bank account. I agree on the missing info but to be honest I'm not sure that any of the innocent parties involve know what that is.
The bank hasn't mentioned any other method being use. They are persistent with pointing the finger at malware but provide no explanation on how this was possible when a token id was required. This person did have malware on their computer at the time. There are logs from various anti-malware products that were run afterwards that prove that. James. From: [email protected] [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Friday, 27 September 2013 12:34 AM To: ntsysadm Subject: Re: [NTSysADM] Bank funds stolen without access to rsa token, anyone heard of that? There is missing info in this story, I am sure. Were the funds actually transferred via the bank account, or via a debit card (or alternative)? ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market... On Thu, Sep 26, 2013 at 3:24 AM, James Hill <[email protected]<mailto:[email protected]>> wrote: I've recently been in discussion with someone who has had money stolen from their bank account. I have seen examples of this in the past when the only authentication in place was a password. But in this case they had two factor authentication. A password and an RSA token. They had funds transferred to an overseas bank account. For this to occur it would normally require logging on to the internet banking system with the password and token code. Then enter the external transfer area, enter the details then enter in the current token code. Has anyone ever heard of this occurring? James.
