Kasikornbank (Kbank) Issues A Trojan Warning To Users Of Smart Phones

[KnooKie]

SCB have been issuing a similar warning for a while now

[tropo]

I really don't trust Internet banking in Thailand. It may be relatively safe but why take a chance when all my information is as close as the nearest ATM.

That's the worst place off all. Have you not noticed that at the ATM after every transaction your balance is plastered on the screen for all behind you to see?

[stoli]

Ha Ha, that'll teach folks not to visit dodgy sites.

As a good friend of mine always says: "We all have to pay for our pleasures, some day!"

Want a good free internet security system for a Windows computer?

Look no further than Comodo

Is Comodo a dodgy site? If we all have to pay for our pleasures, why do you then recommend a free site?

[Chilon]

The internet banking with two factor verification using a password and text message is pretty secure provided the banking and text are on separate devices-e.g. PC and phone or two phones. I've hesitated using mobile banking on the same mobile I receive the verification test message.

For what its worth I've been using internet banking with Australian and Thai banks in both countries without issues for a number of years but keep the text receiving device separate from the internet banking device.

The next step up in security used by some Singaporean banks is to have a security token that generates a code that has to be used to verify the transaction but this necessitates another bit of hardware to take care of ( and lose).

[sirchai]

Gotta be careful with all sorts of Visa and Master cards here, as nobody's checking the signature, or even trying to read the name on it.

Would I loose my card without knowing it instantly, somebody could just buy whatever's on my bank. I'm tutoring a girl who's working at a bank, she said well, that's Thailand.........

I'm pretty sure that also many expats were already hacked and some guys can get all information stored on their machines, without them knowing it.

. I've also heard of a Filipino gang in Bangkok doing that cloning in a very professional and efficient way in LOS.

Then the Nigerians and the...oh my god.....

[theajarn]

I use a Mac and only use my Mac for Internet banking. Oh wait... I also use my iPhone too.

But I'm not dumb enough to download any apps from just anywhere to do the banking for me. Growing up in the tech era I just "know" what to look out for. Unfortunately this knowledge is not passed on in schools. There should be more awareness of these things-- it should be in the curriculum.

There WAS one app from Kbank about a year or so ago and it was from the ios AppStore, but it was crappy so I decided to ditch it. It was genuinely the bank's app. I think they eventually ditched it too.

Damn. I better check w the bank now...

[tropo]

The next step up in security used by some Singaporean banks is to have a security token that generates a code that has to be used to verify the transaction but this necessitates another bit of hardware to take care of ( and lose).

I've been using a security device like this for an Australian bank for 5 years. This was an annoying improvement because I had to have someone post it out to Thailand. You also have to remember to carry it with you if you travel, otherwise you cannot use your internet banking.

When security levels get too high it takes away from the banking experience and becomes a right pain in the a**

One off shore bank I use in the Philippines (Citibank) started implementing new security measures which made it nearly impossible to continue using the internet banking. I had to travel to the Philippines, buy a mobile SIM card... set it up for global roaming and work out a way to load it every 3 months using internet banking from another bank. To do that I had to go into another bank and register my mobile number to allow online reloading. If I forget to load it every 3 months the SIM will expire and I won't be able to use internet banking. If the load goes below 100 baht the global roaming will stop.

Banks need to find the right balance between security and ease of use. I find OTP sent to mobile numbers a real pain.... especially if you travel to other countries and need to use global roaming which you otherwise wouldn't want to use.

It's starting to get tough for international travellers who have bank accounts in several countries.

Edited March 7, 2013 by tropo

[theajarn]

So how do they know who to target, with what banking app? They somehow have skimmed off information about who logs into what banks, along with their email addresses? or phone #'s? Has someone tapped into the electronic banking system?

How come this hasn't been reported.

They don't. It's called "phishing". If they do however, it's different -- it's then called "pretexting".

In any case, it's easy to get info from idiots -- in particular what idiots would fall for these scams.

Start from FessBoook (play on thai pronunciation of Facebook) -- an example are posts that have idiots liking a particular post or typing in a number to see of the screen will really reveal something such as a naked picture or ghost etc. etc. this is where the perps harvest the names of potential suckers.

I'm sure you can imagine what they do from there. No?

Once they have a name of a sucker who obviously doesn't understand how the web works (such people think it's all magic) they then look at their Facebook profile to see which country they are from -- allowing them to guess which bank they use. They also see if they can get that person's email.

Then they fire away.

Mods, feel free to delete this post if you believe this information will spawn would-be cyber crooks.

Now... How about final-year high school students receiving emails from universities they've "applied for" ... asking for banking info to process their enrollment... the possibilities are endless. People need to be educated.

[theajarn]

Ok. I just called K-Bank and they confirmed that the K-mobile banking app on the AppStore is genuine.

HOWEVER

They weren't too sure about the other apps that are there! Ok -- so they're digitally "signed" as belonging to Kasikorn Bank (duh) but what's from keeping other people from signing it with a similar-sounding name?

And with kbank's own support center a bit in a mess about this... It's a recipe for disaster.

In any case I asked the person to pass on my concerns to the relevant department. I told them to let their customers know which apps in particular are genuine, and explain to customers how they might check the authenticity of an app from the bank (short of calling customer service).

I won't hold my breath.

[tropo]

. I've also heard of a Filipino gang in Bangkok doing that cloning in a very professional and efficient way in LOS.

You've heard of a Filipino gang, yet the police don't know about it? They can't be very professional or efficient if you've heard about them.

It's probably just another Filipino bashing rumour.... and you were quick to include Nigerians too.

[XINLOI]

I really don't trust Internet banking in Thailand. It may be relatively safe but why take a chance when all my information is as close as the nearest ATM.

Especially when the ATM is easier to hack and steal your information from......

[dighambara]

I really don't trust Internet banking in Thailand. It may be relatively safe but why take a chance when all my information is as close as the nearest ATM.

My internet banking is as close as the computer on my desk whereas the ATM is 7 km away. Also I don't get wet if it is raining.

I have been doing internet banking for a few years now with no problems.

It's certainly convenient but from a security perspective it's weak. You won't have a problem, until you do.

I will agree that the security is weak - all my other banks use a self made code phrase, and a personally selected image, to verify their website.

However, I have had no problems with my deposit account - the only one I access by computer and that account requres a personal visit to the bank to withdraw funds.

[lookingeast]

Last year my visa card was cloned at swampy, my bank stopped it but not before 3000 pounds was taken from my bank from an atm in the Philippines, which I am getting back thankfully. But, after this I went to my Kasikorn bank and obtained an atm card. I asked the lady in the bank if it was protected from fraud and theft and she said...No.... it is your responsibility.... Still trolling for info on that one, but the card does have a Visa sign, which I assume would cover fraudulent use?. The problem is, if it was cloned and someone took money...how...in Thailand.... do you prove it was not you?

That sounds like a very good reason to avoid maintaining a large balance in K-bank, who i'm with also. As far as banking on a 'mobile device' is concerned with some new-fangled thing called an 'app'...nah, already decided to go nowhere near it. Not everything that's New is New & Improved. Edited March 7, 2013 by lookingeast

[jacko45k]

Ha Ha, that'll teach folks not to visit dodgy sites.

As a good friend of mine always says: "We all have to pay for our pleasures, some day!"

Want a good free internet security system for a Windows computer?

Look no further than Comodo

Where does it say the trojan came from a dodgy site?

[jacko45k]

I really don't trust Internet banking in Thailand. It may be relatively safe but why take a chance when all my information is as close as the nearest ATM.

Which in my case is quite a few KM away... and the ATM doesn't do much really, relative to the very convenient and well presented internet service in Thailand.Fortunately, being too dumb for a smart phone, not a problem for me.

[qdinthailand]

So how do they know who to target, with what banking app? They somehow have skimmed off information about who logs into what banks, along with their email addresses? or phone #'s? Has someone tapped into the electronic banking system?

How come this hasn't been reported.

They don't. It's called "phishing". If they do however, it's different -- it's then called "pretexting".

In any case, it's easy to get info from idiots -- in particular what idiots would fall for these scams.

Start from FessBoook (play on thai pronunciation of Facebook) -- an example are posts that have idiots liking a particular post or typing in a number to see of the screen will really reveal something such as a naked picture or ghost etc. etc. this is where the perps harvest the names of potential suckers.

I'm sure you can imagine what they do from there. No?

Once they have a name of a sucker who obviously doesn't understand how the web works (such people think it's all magic) they then look at their Facebook profile to see which country they are from -- allowing them to guess which bank they use. They also see if they can get that person's email.

Then they fire away.

Mods, feel free to delete this post if you believe this information will spawn would-be cyber crooks.

Now... How about final-year high school students receiving emails from universities they've "applied for" ... asking for banking info to process their enrollment... the possibilities are endless. People need to be educated.

Phishing is when I get an email saying its from a bank I don't even use (or another website, like uTube, Yahoo!, Facebook, etc.). They get a lot of hits because a high percentage of internet surfers use uTube, Facebook, Yahoo! etc.

The reports on this thread are that people are getting such emails identified as coming from the bank they do business with, not from banks they have no association with, either now or in the past. No one's saying they got a SCB mailing when they do business with Kasikorn or Bangkok Bank.

I still think they know who uses what banks, and have the email or smart-phone number associated with that customer. They are phishing, indeed - but extremely targeted - or lucky guessers.

Edited March 8, 2013 by qdinthailand

[laislica]

Ha Ha, that'll teach folks not to visit dodgy sites.

As a good friend of mine always says: "We all have to pay for our pleasures, some day!"

Want a good free internet security system for a Windows computer?

Look no further than Comodo

Is Comodo a dodgy site? If we all have to pay for our pleasures, why do you then recommend a free site?

It's not a dodgy site and it is an excellent product.

My reference to dodge sites is because that is where most of the "nasties" originate. I include Facebook in the list of dodgy sites, there are far too many Apps and scams and things to Click on that can cause you harm.

I've used the Free CIS Premium for years. I get regular product upgrades and I am now using version 5.12

I had a problem with an HP WiFi printer.

I sent off a query to Comodo and they emailed me the solution very quickly.

(a firewall issue, the default setting is to Block fragmented datagrams, uncheck the box and prob solved)

It's features are very easy to use. as an example, I bought some software and I do not want to see invites to upgrade to a newer version every time I use it, so I used the firewall to block outgoing comms from the software.

I occasionally write software and depending what the program does, it can look like a virus.

It is very easy to mark the file as an exclusion and never be bothered again (until the next build lol).

Here is a (rather old) comparison from Comodo forum but the principles apply today.

Comodo Internet Security Premium 2011 : Cost - $00.00

Features:

- Firewall

- Antivirus

- Defense+ (HIPS)

- Sandbox

==================================================================

Comodo Internet Security Plus 2011 : Cost - $39.99/Year

Features:

- Firewall

- Antivirus

- Defense+ (HIPS)

- Sandbox

- Live PC Support - Remote Security Support - security setup and virus removal if necessary.

==================================================================

Comodo Internet Security Pro 2011 : Cost - $49.99/Year

Features:

- Firewall

- Antivirus

- Defense+ (HIPS)

- Sandbox

- Live PC Support - Remote Security Support & Anytime System Support - everything.

- Trust Connect

- $500 virus free guarantee

==================================================================

Comodo Internet Security Complete: Cost - $69.99/Year

Features:

- Firewall

- Antivirus

- Defense+ (HIPS)

- Sandbox

- Live PC Support - Remote Security Support & Anytime System Support - everything.

- Trust Connect

- $500 virus free guarantee

- Online Backup

- ID Theft Protection up to $15,000

==================================================================

More info: Comodo.com - to see full details of each product.

There is no STRIPPED down versions unlike other Vendors where they may limit the functionality of their "free versions" compared to their "paid versions" - Example: Other Vendors might not give you sandbox, or limit the functionality of the antivirus or antimalware component etc.

Comodo Internet Security... Code base of Suite functionality, security features, are all equal (Firewall, Defense+, Sandbox, Antivirus) - all the security features of CIS in all 4 versions are the same. However, you can buy the extra services if you wish too (Live PC Support, $500 virus free guarantee, online backup and ID Theft Protection) which are the only differences between CIS Premium and CIS Plus/Pro/Complete.

Hope this helps.

[stoli]

Ha Ha, that'll teach folks not to visit dodgy sites.

As a good friend of mine always says: "We all have to pay for our pleasures, some day!"

Want a good free internet security system for a Windows computer?

Look no further than Comodo

Is Comodo a dodgy site? If we all have to pay for our pleasures, why do you then recommend a free site?

It's not a dodgy site and it is an excellent product.

My reference to dodge sites is because that is where most of the "nasties" originate. I include Facebook in the list of dodgy sites, there are far too many Apps and scams and things to Click on that can cause you harm.

I've used the Free CIS Premium for years. I get regular product upgrades and I am now using version 5.12

I had a problem with an HP WiFi printer.

I sent off a query to Comodo and they emailed me the solution very quickly.

(a firewall issue, the default setting is to Block fragmented datagrams, uncheck the box and prob solved)

It's features are very easy to use. as an example, I bought some software and I do not want to see invites to upgrade to a newer version every time I use it, so I used the firewall to block outgoing comms from the software.

I occasionally write software and depending what the program does, it can look like a virus.

It is very easy to mark the file as an exclusion and never be bothered again (until the next build lol).

Here is a (rather old) comparison from Comodo forum but the principles apply today.

Comodo Internet Security Premium 2011 : Cost - $00.00

Features:

- Firewall

- Antivirus

- Defense+ (HIPS)

- Sandbox

==================================================================

Comodo Internet Security Plus 2011 : Cost - $39.99/Year

Features:

- Firewall

- Antivirus

- Defense+ (HIPS)

- Sandbox

- Live PC Support - Remote Security Support - security setup and virus removal if necessary.

==================================================================

Comodo Internet Security Pro 2011 : Cost - $49.99/Year

Features:

- Firewall

- Antivirus

- Defense+ (HIPS)

- Sandbox

- Live PC Support - Remote Security Support & Anytime System Support - everything.

- Trust Connect

- $500 virus free guarantee

==================================================================

Comodo Internet Security Complete: Cost - $69.99/Year

Features:

- Firewall

- Antivirus

- Defense+ (HIPS)

- Sandbox

- Live PC Support - Remote Security Support & Anytime System Support - everything.

- Trust Connect

- $500 virus free guarantee

- Online Backup

- ID Theft Protection up to $15,000

==================================================================

More info: Comodo.com - to see full details of each product.

There is no STRIPPED down versions unlike other Vendors where they may limit the functionality of their "free versions" compared to their "paid versions" - Example: Other Vendors might not give you sandbox, or limit the functionality of the antivirus or antimalware component etc.

Comodo Internet Security... Code base of Suite functionality, security features, are all equal (Firewall, Defense+, Sandbox, Antivirus) - all the security features of CIS in all 4 versions are the same. However, you can buy the extra services if you wish too (Live PC Support, $500 virus free guarantee, online backup and ID Theft Protection) which are the only differences between CIS Premium and CIS Plus/Pro/Complete.

Hope this helps.

Thank you for a helpful response.

[Cuban]

So how do they know who to target, with what banking app?

"They" use a blunderbuss approach and send the same message to all contact details they can. Some on-line banking users are stupid enough to respond.

However it is possible to use more focused messaging where people in forums like this announce their use of a particular bank by the "ME TOO" messages I see in this thread, not the sharpest tools in the box.

How is that bad? Any fragment of information helps those that seek to access your money will use what info they can to gain a foot in the door, getting a user's email address is not beyond the wit of a experienced hacker, and I am not talking about computer hacking the TV member list, there are other ways.