Beware Internet Cafes

[spog]

You get the drop-down boxes for the Barclays UK services (ibank.barclays.co.uk)

I am a little surprised that they have a different system for their offshore accounts - you'd think they'd just develop a single system to save costs.

How do you find the offshore services? I have the standard account - but you cannot register as a non-tax payer with Barclays, so you end up paying tax on your interest, even though you are supposed to be tax-free. I'm a little annoyed about that!

[thaieagle67]

You get the drop-down boxes for the Barclays UK services (ibank.barclays.co.uk)

I am a little surprised that they have a different system for their offshore accounts - you'd think they'd just develop a single system to save costs.

How do you find the offshore services? I have the standard account - but you cannot register as a non-tax payer with Barclays, so you end up paying tax on your interest, even though you are supposed to be tax-free. I'm a little annoyed about that!

<{POST_SNAPBACK}>

I spoke to Barclays in Jersey about the log on sequence and they admitted that the mainland UK system was better! I was as suprised as you to find they had different systems.

I find Barclays internet banking normally very good but their transfer rates are a bit high. I think now though that i will not use the service as this incident has put the frighteners on me as if the guy would have been successful he could have emptied my account of every penny!!!

I also have an HSBC offshore account which i believe is the better of the 2 services.

[TizMe]

When I used to use internet cafes for banking I did it like this:

I created a nonsense email to myself which had embedded account details and passwords. IE The first 5 characters of my account number as the first 5 charatcers on the fifth line and the last 6 characters as the last 6 characters on the sixth line. Likewise with the password, the first six characters as the first six on the sixth line and the last 2 as the last 2 on the second line.

Then instead of typing the data into the screen I would cut and paste it from one screen to another. (ie have two windows open). Key loggers would be no good because all that they would get is CTL-C and CTL-V keystrokes.

[paulfr]

TizMe

Thanks for the tip.

Very nice.

[waldwolf]

......Key loggers would be no good because all that they would get is CTL-C and CTL-V keystrokes.

<{POST_SNAPBACK}>

If only that were true.

Unfortunately, most keyloggers have the capability of storing not only Clipboard (CTL-C) content, but also "pictures" of what your viewing on your screen at any given time.

Always assume someone is looking over your shoulder when your computer is up and running.

[britmaveric]

Unless its my own computer/laptop and others do not access it. I won't do any business related transactions - plain asking for it and worse place is a inet cafe.

[mnoorsapl]

Its unfair to point the finger at the internet cafe. You said there was a problem whilst you were in there and the screen couldn't be closed down properly. That means you left the screen open after you had done your internet banking. More fool you. Also, you have no idea who used that pc after you, it could have been anyone, not necessarily a staff member from the internet cafe.

I have a small internet cafe in my office, and it amazes me the times I go to shut down the pc's after business and I find someone has not logged out of some sort of password protected account. As long as you log out correctly from these accounts you won't have a problem.

<{POST_SNAPBACK}>

"log out correctly from these accounts you won't have a problem." a very good advice from wcr. There are a lot of those bogus internet banking service, if you are not familiar which one is genuine, better not use it. "You said there was a problem whilst you were in there and the screen couldn't be closed down properly". should avoid using the terminal imediately.

[Nomad97]

There is some interesting stuff here. I seem to remember that during my time in the Services, RAF actually, that secure computer terminals were encased in a steel, mesh case. And that was some 20 years ago. This was to stop the transmission of signals from the computer terminal to any spy that maybe in the area with a suitable electronic listening device. Similar if you like to the BBC's TV licence evasion team that catch those people watching TV in the UK without a licence. I also seem to remember from somewhere that every receiver transmits approximately 50% of the signal received. Scary!

Secondly, LLoyds Bank Offshore Internet banking service requie an ID number and password on the first screen. After successfully inputting these you are confronted with a second screen that requires three (3) characters/numbers from your own memorial 10 digit information. These characters are chosen at ramdom every time you log on. If anyone wanted to hack into your account I guess they would need to monitor several log-ins if they wanted to guess you memorial information. No system is 100% but it meets my needs at the moment to access my account once a month or so from the privacy of my home computer.

[Zarkow]

Well, I can leave my bank-window open on an internet-cafe I wanted (no, never had the urge to even look at the account at one, but I could!) and let anyone have a go. Without the off-screen security-items (different one for different bank) no-one will be able to request or authorize anything.

Scandinavia has a high lever of security due to regulations, and so do some other EU/ECC-countries.

[bakachan]

i usually transfer money using the atm machine itself, not the internet.

my bank here in the states has a new alert service that the user can enable. you can tell it to alert you whenever a transfer over a certain amount or a withdrawl over certain

amount etc...etc..

the alert will be sent to your email immediately.

it had to have been a key logger that got you because as you say

the bank server logs you out with non-activity.

even malfunctioning atm machines can bite. i once went to one in the

states that had kept someones account open on the screen. Apparently it had swallowed their card and went into some kind of malfunction mode. Anyone

could have withdrawn money up to the daily limit on an atm.

[Zarkow]

Yes, regarding malfunctioning ATMs...they often run on Windows CE or similare plattforms, and a friend lost a card when the machine went into BSOD (BlueScreen of Death - famous windows-screen if something serious enough happends that locks the system) during an withdraval. So, yes, in theary, anything can happends with ATMs too. Safety is a tricky thing. =)

[Joey Boy]

when ya typing in yer password, type in a load of crap and select it with the mouse, then type over it again so it will dissapear, do this a few times with phrases that could be passwords, so any computer with keyloggers wont have a chance of workin yer password out

[TizMe]

when ya typing in yer password, type in a load of crap and select it with the mouse, then type over it again so it will dissapear, do this a few times with phrases that could be passwords, so any computer with keyloggers wont have a chance of workin yer password out 

The password is still going to be the last 6, 7 or 8 characters that you type though aren't they?

[Zarkow]

when ya typing in yer password, type in a load of crap and select it with the mouse, then type over it again so it will dissapear, do this a few times with phrases that could be passwords, so any computer with keyloggers wont have a chance of workin yer password out 

<{POST_SNAPBACK}>

The password is still going to be the last 6, 7 or 8 characters that you type though aren't they?

<{POST_SNAPBACK}>

Well, no, depends on _where_ you write stuff for example. Keep Notepad right next to you bankwindow and switch. Or type 3 keys of your pw, some trash, select the number on trash and remove (no way for keylogger to know exactly how many you selected and removed if done with the mouse) and so on.

But then again, it might just be easier to get a decent bank-service with off-screen safety attached to it. =)

[OxfordWill]

Its true that keyloggers have no problem grabbing everything and anything including anything you CTRL+V (paste) into a new document.

Personally I usually have little choice but to use internet banking in internet cafes. One poster suggested checking out the running processes but even that now is a fairly futile action as cloaking a process from the windows task manager is now an easily achieved thing.

I work on the understanding that 1) My bank is good with noticing problems and 2) I check my banking almost daily and 3) I change the access details regularly (a lie but I should) and 4) I use internet cafes that are not in particularly farang areas. Some cafes are obvious targets like the expensive one in Siam Square whereas ones around Bangrak and other such areas are mainly thai prices and wouldn't be 'rich pickings' for a wannabe internet thief.

On the whole though, what happened to the original poster is quite rare. It's easier for a thief to steal your money through details gained in a physical transaction in a shop than via internet banking.

[Veazer]

Don't think your safe just because your using you internet from home. As you know, some thai apartments have local LANs with shared high-speed connections. I was recently helping my friend configure his laptop to access the network at his apartment building. I was sniffing around the network amazed at how many people left shared folders wide open for everyone to see. Most disturbing of all was the download folder on the apartment's main computer used as a router/firewall for the building. They had download multiple packet sniffing applications and I can only assume they have installed them and use them.

While most connections to online banking sites are (I hope!) encrypted to an adequate level, I still find it upsetting to see that they are doing this. And if I remember correctly, if you monitor an encrypted connection from the point that it is initiated you can decrypt the communication that follows. Perhaps someone with more knowledge can elaborate on this...

[nightcruiser]

I use Barclays, the most secure online banking facility.

They NEVER send emails to you, but once after using a cafe in a tourist part of Bkk, I got an email the next day from 'Baclays' (see the spelling?)

<{POST_SNAPBACK}>

DJ Pat, my bank is Barclays and it was their famously secure site that somebody managed to get into!!! Mind you they have been excellent at following up and by locking out my account and changing all pass codes and issuing new details within minutes of the incident.

For everyones info, i have been informed that there is a programme that is readily available that can record every key pressed on a selected PC, which is bloody scary!

Stay Safe!

<{POST_SNAPBACK}>

:They can't record on a touch screen"

[waldwolf]

I use Barclays, the most secure online banking facility.

They NEVER send emails to you, but once after using a cafe in a tourist part of Bkk, I got an email the next day from 'Baclays' (see the spelling?)

<{POST_SNAPBACK}>

DJ Pat, my bank is Barclays and it was their famously secure site that somebody managed to get into!!! Mind you they have been excellent at following up and by locking out my account and changing all pass codes and issuing new details within minutes of the incident.

For everyones info, i have been informed that there is a programme that is readily available that can record every key pressed on a selected PC, which is bloody scary!

Stay Safe!

<{POST_SNAPBACK}>

:They can't record on a touch screen"

<{POST_SNAPBACK}>

Sorry, but the data from either regular keypads or touch screens is still transmitted the same old fashion way, via ethernet cables, and is recordable.

[RDN]

when ya typing in yer password, type in a load of crap and select it with the mouse, then type over it again so it will dissapear, do this a few times with phrases that could be passwords, so any computer with keyloggers wont have a chance of workin yer password out 

<{POST_SNAPBACK}>

Yer wrong cos yer don't know what yer talkin' abaht.

http://www.google.com/search?num=50&hl=en&...pro&btnG=Search

[Rob W]

Wow thats worrying. I remember Barclays changed their internet banking log in system a few years ago to combat the key loggers. They installed the 'secret word' with the drop down menu so key loggers couldn't track the letters. Wonder how they got round that?

[WhiteShiva]

Wow thats worrying. I remember Barclays changed their internet banking log in system a few years ago to combat the key loggers. They installed the 'secret word' with the drop down menu so key loggers couldn't track the letters. Wonder how they got round that?

<{POST_SNAPBACK}>

What about cut&paste individual letters in user name and password when you log in - wouldn't that be untraceable?

Edited August 31, 2005 by WhiteShiva

[Maestro]

I just wanted to let everyone know that i have just been contacted by my bank in the UK (luckily) to be informed that somebody has managed to gain my internet banking information and attempted to empty my account of a vast sum of money.

There are, of course, more sophisticated and more secure ways for arranging Internet access to a bank account than merely a username and a password, but most banks don’t do it, presumably for cost reasons.

Illustrated examples are given in the attached PDF file.

Examples.pdf

Edited September 9, 2005 by maestro

[DJ Moore]

Fellow followers of fun!

I just wanted to let everyone know that i have just been contacted by my bank in the UK (luckily) to be informed that somebody has managed to gain my internet banking information and attempted to empty my account of a vast sum of money. The bank that the money was suppose to go to was a well known thai bank with the branch mentioned as in the Pattaya area!

Vasts amounts of money, you say?????? My friend!!!!!..........DJM

Edited September 9, 2005 by DJ Moore

[Maestro]

Looking for love in all the wrong places, but having a helava good time along the way

What’s a “helava”? Is it Hebrew?

I am trying to learn English, hence my question.

Edited September 9, 2005 by maestro

[Rigger]

Looking for love in all the wrong places, but having a helava good time along the way

What’s a “helava”? Is it Hebrew?

I am trying to learn English, hence my question.

<{POST_SNAPBACK}>

###### of a good time

[Maestro]

Looking for love in all the wrong places, but having a helava good time along the way

What’s a “helava”? Is it Hebrew?

I am trying to learn English, hence my question.

###### of a good time

I believe it was Winston Churchill who said that the British and the Americans were two peoples divided by a common language. I am beginning to understand what he meant.

[Rigger]

Looking for love in all the wrong places, but having a helava good time along the way

What’s a “helava”? Is it Hebrew?

I am trying to learn English, hence my question.

###### of a good time

I believe it was Winston Churchill who said that the British and the Americans were two peoples divided by a common language. I am beginning to understand what he meant.

<{POST_SNAPBACK}>

He l l of a good time

I will help you out mate

If something is broken you say it has died in the ass

if it is not broken and works well then it s a @#$% ripper

if you are having fun then your having a @#$% ball or a helava good time

if your not having a helava good time then the place would be a shit hole

If you need any more help just let me know

[shadscat]

The guy installing keyloggers in Pattaya and stealing funds from peoples' accounts is a gentleman by the name of Robert Matache, he got me for close on $20k :-( This may however be a false name used for the bank account only as thai immigration claimed there was no-one in the country at the time by that name.

He was spotted recently ( a year since i lost the $ ) in Big C accessing the logs and I'm told he's about 6ft overweight with very large ears and black hair.

[kalaminsa]

Only ever use onetime key's when banking , there are plenty of banks that offer secure systems.

[cobra]

Knowing the odd thind about Toolz and Warez, I had to go to a web-cafe in Bangkok to to a transaction.

A few things to think about - Hit Ctl+Alt+Del and see what's going on in task manager for both applications and tasks. If it looks weirs like "logz.exe" or something like that - kill it. If you kill too much and the machine crashes, just press the reset button, and pay the extra 3 baht for the time.

Look around and check to see the angle of the web-cams in the shop. There may be one pointing right at your screen/keyboard, be careful.....

Next and most important, Before you start and after you have finished the transactions clear the cache and also clear the cookies. In IE its in Tools ==> Internet options look at the temporary internet files, and press the "delete files" and then the "Delete Cookies".

Why do it before, if the person who owns the Internet Cafe put the software there, they won't want you cleaning out the cache and the cookies. So if they object, co to another shop.

The other way which is better in my mind is to use your wap-enabled phone. You can make the phone get a security certificate so you will have 128 bit encryption into grps Packets.

Just my thoughts to stop getting ripped off.

<{POST_SNAPBACK}>

All good advice,

Though when the day is done sh ... still happens,

Use internet cafes for what they're best for email and a cup of coffee, even then your email address will probably be harvested and forwarded to spammers.