The bank should be able to tell the account holder what method was used to transfer the money (instruction received via internet banking site, instruction received via fax, instruction received via telephone banking, instruction received in-branch etc.).
Assuming they confirm it was via internet banking, then you can narrow things down. E.g. what malware was on the machine? We can look at the typical capabilities etc. that this has Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of James Hill Sent: Friday, 27 September 2013 6:29 AM To: [email protected] Subject: RE: [NTSysADM] Bank funds stolen without access to rsa token, anyone heard of that? As far as I'm aware, from the actual bank account. I agree on the missing info but to be honest I'm not sure that any of the innocent parties involve know what that is. The bank hasn't mentioned any other method being use. They are persistent with pointing the finger at malware but provide no explanation on how this was possible when a token id was required. This person did have malware on their computer at the time. There are logs from various anti-malware products that were run afterwards that prove that. James. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Friday, 27 September 2013 12:34 AM To: ntsysadm Subject: Re: [NTSysADM] Bank funds stolen without access to rsa token, anyone heard of that? There is missing info in this story, I am sure. Were the funds actually transferred via the bank account, or via a debit card (or alternative)? ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market... On Thu, Sep 26, 2013 at 3:24 AM, James Hill <[email protected]<mailto:[email protected]>> wrote: I've recently been in discussion with someone who has had money stolen from their bank account. I have seen examples of this in the past when the only authentication in place was a password. But in this case they had two factor authentication. A password and an RSA token. They had funds transferred to an overseas bank account. For this to occur it would normally require logging on to the internet banking system with the password and token code. Then enter the external transfer area, enter the details then enter in the current token code. Has anyone ever heard of this occurring? James.
