You have commented 338 times on Rantburg.

Your Name
Your e-mail (optional)
Website (optional)
My Original Nic        Pic-a-Nic        Sorry. Comments have been closed on this article.
Bold Italic Underline Strike Bullet Blockquote Small Big Link Squish Foto Photo
-Lurid Crime Tales-
Bank accounts emptied by phone Trojan
2012-11-18
Several Android users in Berlin have had their bank accounts emptied after text messages from their bank containing TAN numbers were "caught or diverted" by a computer virus.

Berlin state police warned on Tuesday that "bank customers using the SMS-TAN/mTAN process have become victim of fraudulent money withdrawals." Several people have reportedly had their bank accounts emptied in the past few weeks, the police said in a statement.

"In all cases, the SMS containing the mTAN for the online banking system was caught or diverted," the statement said. "Up until now, those affected have been customers using a Smartphone with an Android operating system."

The criminals reportedly use a Trojan virus to get their victims' bank details from their desktop computer. Then a fake notification appears on their browser saying they should protect their smartphone with a security update, which requires them to give the phone's number and model.

An SMS is then sent to the phone containing a link to the supposed security update - but the software they then download is highly dangerous. "From then on, all instant messages containing an mTAN are diverted to another mobile phone, belonging to the criminal," the statement said.

These mTAN numbers, along with the account and PIN numbers gleaned before, can now be used to withdraw money. The transactions cannot be reversed. In several cases, the fraudsters not only emptied the accounts, but also used up overdraft limits, the police said.

Police are now warning people not to download security updates onto their phones apparently sent by their banks. Emails apparently sent from banks asking for security details should also be regarded suspiciously, the police said.

Posted by:Au Auric

#3  I just averted a loss to our own family bank account a few weeks ago. Criminals had gained access to our banking records, and they were just trying to tie together all the bank and personal ID information. My guess is that they sell it as a package on the black market - so other users can then drain your accounts. I think they originally intercepted a wireless call (by my wife) where she discussed banking information. Be very careful with anything you do on a phone these days!

The biggest lesson I learned from the experience is that the people who work at the local bank in your neighborhood are security morons. They are hopeless. If you ask them for help - they are next to useless. So you really have to do your own due diligence these days, because the criminals and the hackers are running rings around the banking system.
Posted by: Raider   2012-11-18 10:00  

#2  ...don't worry, they'll regain a wee amount of value after the toilet paper runs out.
Posted by: Procopius2k   2012-11-18 09:19  

#1  As if we needed yet another (evil systems problem) for the mass destruction of Federal Deposit Insurance. Those old Mason jars in the attic are looking pretty good. Of course the jars will soon be worth more than the money you'll be putting in them.
Posted by: Besoeker   2012-11-18 05:59  

00:00