Jump to content

Beware Internet Cafes


thaieagle67

Recommended Posts

Fellow followers of fun!

I just wanted to let everyone know that i have just been contacted by my bank in the UK (luckily) to be informed that somebody has managed to gain my internet banking information and attempted to empty my account of a vast sum of money. The bank that the money was suppose to go to was a well known thai bank with the branch mentioned as in the Pattaya area!

Now the only place this information could have been rifled from was a certain Internet cafe on the 1st floor of the Big-C near the Dolphin roundabout as this is the only place i have ever tried to access my account. :o

Call me an idiot for trying to do this via an internet cafe but i took all the neccessary precautions not withstanding the gadgets that maybe in place at such an establishment. The time i accessed my account i was in the middle of transfering money but then there was a technical hitch and some of the screens would not close out, so christ knows what information could have been taken in that time?

Take care my friends as there are some serious scum in town intent on making a fast million via somebody elses hard earned work. What with the ATM scam, broad daylight thefts, murders, etc, Pattaya is becoming the sort of place that i hoped i would never have to live in again.......!

Link to comment
Share on other sites

  • Replies 61
  • Created
  • Last Reply

Top Posters In This Topic

Knowing the odd thind about Toolz and Warez, I had to go to a web-cafe in Bangkok to to a transaction.

A few things to think about - Hit Ctl+Alt+Del and see what's going on in task manager for both applications and tasks. If it looks weirs like "logz.exe" or something like that - kill it. If you kill too much and the machine crashes, just press the reset button, and pay the extra 3 baht for the time.

Look around and check to see the angle of the web-cams in the shop. There may be one pointing right at your screen/keyboard, be careful.....

Next and most important, Before you start and after you have finished the transactions clear the cache and also clear the cookies. In IE its in Tools ==> Internet options look at the temporary internet files, and press the "delete files" and then the "Delete Cookies".

Why do it before, if the person who owns the Internet Cafe put the software there, they won't want you cleaning out the cache and the cookies. So if they object, co to another shop.

The other way which is better in my mind is to use your wap-enabled phone. You can make the phone get a security certificate so you will have 128 bit encryption into grps Packets.

Just my thoughts to stop getting ripped off.

Link to comment
Share on other sites

Its unfair to point the finger at the internet cafe. You said there was a problem whilst you were in there and the screen couldn't be closed down properly. That means you left the screen open after you had done your internet banking. More fool you. Also, you have no idea who used that pc after you, it could have been anyone, not necessarily a staff member from the internet cafe.

I have a small internet cafe in my office, and it amazes me the times I go to shut down the pc's after business and I find someone has not logged out of some sort of password protected account. As long as you log out correctly from these accounts you won't have a problem.

Link to comment
Share on other sites

..... As long as you log out correctly from these accounts you won't have a problem.

True, true, the problem is sometimes the UAT of the applications is at the same technical level as the digit-heads who produced it. Some banks (and I am certainly NOT naming them) have a very high expectation of the technical ability of the user of internet banking, which is not fair.

Link to comment
Share on other sites

You should NEVER use an Internet cafe for banking or credit cards. Many Internet cafe owners are NOT very computer savvy and anyone can install a key tracking program to steal any information that was typed into the computer. It is no big trick for someone to set up a little route to different shops and plant his logging program.

Link to comment
Share on other sites

Unfortunately i have learned the hard way but just wanted to share the issue. Some very good points to look out for though, although i think i will take the advice of using the telephone for banking.

WCR i just wanted to add that yes it maybe a little unfair to critisise the internet cafe but i did not leave the information on the screen through a foolish act and did log out of the sight in the correct way. Infact my bank's site normally will lock you out if there is more than 30 seconds of unactivity so the dastly dead was most definately done whilst i was logging in (the only possible time) as once into the site the information for logging on is not available to the viewer. But you have a point about fingering the cafe and maybe my words were a little sharp but you can probably imagine my frustration.

I love Thailand but little things like this are starting to turn me off!

Link to comment
Share on other sites

Well, this is what happened on a Thai board about Bangkok in the nighttime (no we won't want to list the name) where I am a member of.

If you enter your login, True saves it on their proxy server. Then when another True member comes to the board, it gets your login details prefilled in and can login to your account without a problem. This doesn't happen all the time but occasionally.

The only thing to avoid this is to use a third party proxy server before logging in.

Maybe this is the same case ...

Link to comment
Share on other sites

Some soluitions to this could be :

* Use your own computer/laptop in the internet cafe - but be aware of people looking at you r screen or cameras on you

* Take your own operating system with you and use that on one of their computers - ie knoppix boot off a CD or DSL (Dam n Small Linux) boot off a compact flash etc (Non volatile memory).

The second option - your own OS - requires alot of technical understanding and may require some in situ trouble shooting - but it means that you can just carry arounf a USB memory stick and/or a CD with you instead of having to lug a laptop.

One other option could be to just use a PDA for everything. If you get one with WiFi, you can use some of the free hotspots !

edit - censor doesnt like d a m n small linux !

Edited by Khun Bob
Link to comment
Share on other sites

I use Barclays, the most secure online banking facility.

They NEVER send emails to you, but once after using a cafe in a tourist part of Bkk, I got an email the next day from 'Baclays' (see the spelling?)

Link to comment
Share on other sites

I use Barclays, the most secure online banking facility.

They NEVER send emails to you, but once after using a cafe in a tourist part of Bkk, I got an email the next day from 'Baclays' (see the spelling?)

DJ Pat, my bank is Barclays and it was their famously secure site that somebody managed to get into!!! Mind you they have been excellent at following up and by locking out my account and changing all pass codes and issuing new details within minutes of the incident.

For everyones info, i have been informed that there is a programme that is readily available that can record every key pressed on a selected PC, which is bloody scary! :o

Stay Safe!

Link to comment
Share on other sites

Internet theft happens everywhere in the world  :o

What is the point of your post?

Sorry you could not work out a simple one liner!

The OP was implying that Pattaya was a town of scam and crime. I merely pointed out that crime, including Internet fraud happens all over the world!

Get it?

Your comment was so obvious that I was questioning why anyone would posted it.

Maybe you thought you were making a contribution.

Link to comment
Share on other sites

......i have been informed that there is a programme that is readily available that can record every key pressed on a selected PC, which is bloody scary!......:o

Not just one such program.......but dozens. Their called "Keyloggers" or "Backdoor Trojans".

In addition, while using any computer, you are "broadcasting" information, which someone with the right equipment, can pick up and decode (read) hundreds of feet away. In the case of WiFi, that distance may extend to several miles.

While no internet connection is 100 percent secure, would suggest you limit any internet financial transactions to your personal computer running on a hard-wired phone line*. Additionally, depending upon your specific needs (personal vs. business) it may be desireable to have your financial institute impose a "daily limit" on transfers.

* An in-home WiFi setup still broadcasts throughout the neighborhood.

cheers :D

Link to comment
Share on other sites

I do my internet banking wherever i am at that moment. I have no problems if somebody is looking over my shoulder making notes of whatever i type. All the keyloggers can't stop me.

Why.

Because i use a bank that gives me a nice little machine that generates codes. I just type my number, use the calculator look-alike and punch in a few numbers. I get my code enter it and away i go.

Typing in a few transactions and pressing the "go" button. And yep i have to us my little machine again.

Now if i at this moment i walk away with an open session the only thing people are able to do is look how much or litle money i have. Every transaction needs a new code.

My bank also uses very short sessions. Sometimes it is a nuisance but it is just an extra security measure.

Any bank who is not working with this procedure is not safe!

Just as safe as giving someone your credit card, like when you are in a restaurant. They can just write down your numbers and start ordering stuff on the internet.

These things are not safe, so don't use them. If you use it you accept that they are not safe and you can have problems. Try profing it wasn't you who took the money and tried to steal from them.

Always be aware. And find out for yourself if things are as safe as they tell you. The internet is a great source for that. Use it.

Link to comment
Share on other sites

I do my internet banking wherever i am at that moment. I have no problems if somebody is looking over my shoulder making notes of whatever i type. All the keyloggers can't stop me.

Why.

Because i use a bank that gives me a nice little machine that generates codes. I just type my number, use the calculator look-alike and punch in a few numbers. I get my code enter it and away i go.

Typing in a few transactions and pressing the "go" button. And yep i have to us my little machine again.

Now if i at this moment i walk away with an open session the only thing people are able to do is look how much or litle money i have. Every transaction needs a new code.

My bank also uses very short sessions. Sometimes it is a nuisance but it is just an extra security measure.

Any bank who is not working with this procedure is not safe!

Just as safe as giving someone your credit card, like when you are in a restaurant. They can just write down your numbers and start ordering stuff on the internet.

These things are not safe, so don't use them. If you use it you accept that they are not safe and you can have problems. Try profing it wasn't you who took the money and tried to steal from them.

Always be aware. And find out for yourself if things are as safe as they tell you. The internet is a great source for that. Use it.

I'm sold. so, what banks offer this service?

Link to comment
Share on other sites

Internet theft happens everywhere in the world  :o

What is the point of your post?

Sorry you could not work out a simple one liner!

The OP was implying that Pattaya was a town of scam and crime. I merely pointed out that crime, including Internet fraud happens all over the world!

Get it?

Your comment was so obvious that I was questioning why anyone would posted it.

Maybe you thought you were making a contribution.

KL, all you can post is sarcasm, it don't impress anyone.

Link to comment
Share on other sites

:o

My mothers account has been accessed by hackers for years now. My dad refuses to tell the police though, because the hackers spend less money than my mum.

:D

very intresting topic and one we should all take note of especially me who is not very computer savy.i plan to move to thailand and when i do i will leave my accounts off shore and will need to access them.

Link to comment
Share on other sites

last time i try to transfer 20000 thousand AU dollars from my account to a finance firm in australia, the transfer as been refuse at it was to large ..

not sure what is the maxi , perhaps same as atm withdraw .. ??

perhaps bit more secure this way

Link to comment
Share on other sites

Internet theft happens everywhere in the world  :D

What is the point of your post?

Sorry you could not work out a simple one liner!

The OP was implying that Pattaya was a town of scam and crime. I merely pointed out that crime, including Internet fraud happens all over the world!

Get it?

Your comment was so obvious that I was questioning why anyone would posted it.

Maybe you thought you were making a contribution.

KL, all you can post is sarcasm, it don't impress anyone.

I'm with you, Harry. KL's post has a bitter tinge.

Say, Khun Larry, supposing we all try to keep you happy from now on. Give us an acceptible benchmark for the future. Something like- "No posting unless your comments a guaranteed to deviate +/-" Now, what's your number, Khun Larry? :o

Link to comment
Share on other sites

......i have been informed that there is a programme that is readily available that can record every key pressed on a selected PC, which is bloody scary!......:D

Not just one such program.......but dozens. Their called "Keyloggers" or "Backdoor Trojans".

In addition, while using any computer, you are "broadcasting" information, which someone with the right equipment, can pick up and decode (read) hundreds of feet away. In the case of WiFi, that distance may extend to several miles.

While no internet connection is 100 percent secure, would suggest you limit any internet financial transactions to your personal computer running on a hard-wired phone line*. Additionally, depending upon your specific needs (personal vs. business) it may be desireable to have your financial institute impose a "daily limit" on transfers.

* An in-home WiFi setup still broadcasts throughout the neighborhood.

cheers :D

waldwolf,

Thats a very scary senario that somebody can pick up and decode information remotely! :D

For everyones info my bank has given me the details of the supposed "Beneficiary" and to find that the name of the account is that of a Westerner was i'm sad to say not a shock. If the name is real or not i now have the account details, contact number and would you believe he (they) even had the audacity to enter a reason for transferal, the have got balls thats for sure but not for much longer if i catch the B*****d. :o

Link to comment
Share on other sites

Any bank who is not working with this procedure is not safe!

I'm sold. so, what banks offer this service?

I am from the Netherlands. I know SNS bank, ABN-AMRO bank and Postgiro work with a similar system. Just ask you bank how the internet security is working, if it is only a username,password than it is not sufficient. You need a codegenerator or a little more old style is a name/password and printed code list.

It should be impossible to access your account and transfer money with only information that is not generated on the spot. This information can be logged or stolen. When the code generator is stolen it is still impossible to use the account because it needs a pin code.

Link to comment
Share on other sites

Any bank who is not working with this procedure is not safe!

I'm sold. so, what banks offer this service?

I am from the Netherlands. I know SNS bank, ABN-AMRO bank and Postgiro work with a similar system. Just ask you bank how the internet security is working, if it is only a username,password than it is not sufficient. You need a codegenerator or a little more old style is a name/password and printed code list.

It should be impossible to access your account and transfer money with only information that is not generated on the spot. This information can be logged or stolen. When the code generator is stolen it is still impossible to use the account because it needs a pin code.

Most German and Austrian Banks use the same system (PIN code + transaction code required). In this case a hacker could still route you to a fake website (which is not the bank), intercept your PIN code and your transaction number and use the unused transaction code to get your money. So when you enter your account, have a look at your balance and your latest activity first, this way you can be sure you are really at your bank's website. After your transaction check whether it shows up in your account, so the transaction code has really been used. If you get interrupted in the middle of a transaction, call the bank to make sure the transaction has been completed and the transaction code has been used. If not, cancel this code with your bank (may require cancelling a whole bunch of transaction codes).

Bangkok Bank's internet banking uses only PIN code - but you can only transfer money to a third party account if you have told the bank this account number before - in writing. I like this requirement a lot.

Some banks combine both: you need a PIN, a new transaction code for every transaction AND you can only transfer money to preselected accounts. I like this because I hardly ever transfer money to an account to which I have never transferred money before, usually it's always the same: my broker, landlord, gf, insurances, IRS.

Link to comment
Share on other sites

my bank is Barclays and it was their famously secure site that somebody managed to get into!!! Mind you they have been excellent at following up and by locking out my account and changing all pass codes and issuing new details within minutes of the incident.

For everyones info, i have been informed that there is a programme that is readily available that can record every key pressed on a selected PC, which is bloody scary! :o 

Interestingly, Barclays uses a login system where as well as typing a PIN, you also have to enter two characters from your password, using a drop-down box with your mouse.

This is to protect against keyloggers - since you are not entering a keystroke, it is not easy to capture these characters as they are entered by mouse.

Plus, they request a different pair of characters each time - and you only get three attempts to get it right before your account is locked.

In my opinion, you left yourself logged into the session and the next user saw you were logged in and simply tried their luck.

Link to comment
Share on other sites

"I'm sold. so, what banks offer this service?"

Citibank offers a "virtual credit card number", a similar safeguard.

The two worse things that have happened to me are:

Slow connection: the cafe advertises ADSL, but the line moves at a fraction of that.

Fast Clock: 60 minute billing after 30 minutes...makes up for the slow line ; )

Link to comment
Share on other sites

my bank is Barclays and it was their famously secure site that somebody managed to get into!!! Mind you they have been excellent at following up and by locking out my account and changing all pass codes and issuing new details within minutes of the incident.

For everyones info, i have been informed that there is a programme that is readily available that can record every key pressed on a selected PC, which is bloody scary! :o 

Interestingly, Barclays uses a login system where as well as typing a PIN, you also have to enter two characters from your password, using a drop-down box with your mouse.

This is to protect against keyloggers - since you are not entering a keystroke, it is not easy to capture these characters as they are entered by mouse.

Plus, they request a different pair of characters each time - and you only get three attempts to get it right before your account is locked.

In my opinion, you left yourself logged into the session and the next user saw you were logged in and simply tried their luck.

spog,

You could be right about logging off but i am 100% sure that my log off sequence was correct as i got all the right signals back that i had done so.

One thing that interests me though is that you mention a drop down box to enter 2 characters. I do not get this drop down whilst logging into Barclays Offshore banking service. I will call them today and ask why this is as i am only asked for my membership number, name and full pin number!

Thanks for that information, it may help me convince Barclays to upgrade their offshore banking security policy. :D

Edited by thaieagle67
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...