My [AIB Online Banking] compromised

MajkelBlack

Was anyone robbed through AIB On-line banking after last Sunday (12/02/2012) ? I received a phone call this morning from AIB Bank support Agent. She asked me if I did any money transfers last sunday (both over 2000 euros). Probably some kind of virus attacked AIB customers.

omahaid

Nope, I'm just as broke as I was last week. Was it definitely AIB that rang? Wasn't someone chancing their arm? I see a good few warnings about browser hijacking on their website.

To Alcohol

Hope you haven't given your log on details to anyone! AIB have a warning up at the moment advising of fraudulent attempts to get log on details.

MajkelBlack

I didn't give any details, just confirmed my address. My online banking is suspended now. 5000e is gone from my account. On Sunday I wanted to log into my account. Usually you have to enter 3 random digits from your (5 digits personal code) but I've been asked for full 5 digits personal code. Everything was exactly the same as always instead of that detail. Spoke again with AIB advisor, I'm not the only one who has been robbed. An information on AIB page popped up on Monday, probably they realised that something is not right when all pending money transfers went through that day. All came back to normal on my laptop yesterday when I checked Login page was exactly same as on Sunday, was asking for 5 digits code, I did a disc format, reinstalled my system and antivirus and now looks fine (asking for random 3 digits). I have a brand new laptop with fresh system, fully secured. I did a system scan and antivirus didn't find any virus.

To Alcohol

Wow. So the issue is with them. Have they confirmed you'll get a refund? I'd fight tooth and nail as the issue appears to be their website.

Hope it works out ok for you.

MajkelBlack

I will not ask them IF I receive a refund, I will ask then WHEN they give me my money back. Savings of my life gone just like that. Will give more details later..

Kenny Logins

That's very unusual, to make a transfer they'd need more than log in details, they'd need code card/reader too...

Kenny Logins

This warning is now shown when logging in

frank9901

this has just happened to me today, money was withdrawn over the last 3 days from my account
it is now with aib fraud examination, i use a bookmark to access aib internet banking, i recall some weeks ago i was asked for code card numbers to log in now it seems that may have been a bogus page, i called garda and they said i should wait to see what aib do,i spoke to someone later today from aib
and she is sending out a form to me which i must get stamped at the police station, anyone any idea what will happen from here ? i paid all my bills from the account and am now stony broke

MajkelBlack

Exactly the same story. Today AIB sent me a form I have to stamp on Garda Station. We suppose to get our money back but dont know how long it will take.

dotsman

To Alcohol wrote: »

Wow. So the issue is with them.

No, as per his post, the issue was with his computer. He was going to the fraudulent page. By wiping his machine and reinstalling, he was then able to get to the actual page.

MajkelBlack wrote: »

I did a system scan and antivirus didn't find any virus.

Was that before or after you formatted the machine? If before, it's interesting that the antivirus didn't pick anything up - was it completely up to date? what antivirus do you use?

Kenny Logins wrote: »

That's very unusual, to make a transfer they'd need more than log in details, they'd need code card/reader too...

This, I find stranger. How did the criminals get various codes required?

MajkelBlack

2 weeks ago a bought a new laptop with 30 days Mcafee anti-virus. I did a system scan before I did a disc format.

I checked my account in a bank today. Yesterday all money from my credit card were transfered on my current account to be ready to withdraw.
Happily I closed my Internet banking on Tuesday so I have some money till the end of the month.
There were 3 transactions on my account, you need 2 security codes for each to be done. Just wondering how did it happen, all money from my saving acc has been moved on current and then there were 2 money transfers from current account. I'm not counting the last one that someone prepared money from my Credit Card.

BostonB

dotsman wrote: »

...This, I find stranger. How did the criminals get various codes required?

Perhaps they crack the codes, found a pattern to them.

AIB should be able to see a pattern in the attacks.

frank9901

in my case it seems i game them 2 codes on a bogus log in page, what puzzles me is how were them 2 codes enough when the required codes while making a transfer are random, any 2 of about 100 codes

dudu

Hi, exactly the same happened to us. 5000 eur gone in 2 transactions. We were doing O2 top up on Friday and Monday morning found out that the money from our account are gone. We are still waiting for fraud forms (already 4 days !!!) from AIB to get them stamped by Garda. I have been on the phone today with a lady from fraud department and she mentioned that there is no guarantee that we will get the money back????? because in T&C is stated not to give full 5 digits PAC code to anywhere. We are now in big shock and we can't believe to what she said as whole transaction was done on their web site and all was looking the same apart from the request to enter full PAC number. After all she said she will come back to us on Monday as to wether we will get the money refunded or not.... ridiculous...

MajkelBlack

Info alert appeared on AIB page on Monday, i logged into my account on Sunday and there was no warning message. I think bank is fully insured in this case and it shouldnt be any problem to give us a refund, if they dont want to lose thousands of cust.

frank9901

as the pin number and 2 code numbers are not enough alone i am wondering how they bypassed the other security questions. i did notice one weakness in their system, one time my daughter was logging in and it asked for the last 4 digits of her mobile phone, she had changed her number a few weeks previously and confused the number, when the system said not the correct detail, she closed the login page then opened a new page and got a different security question. after that until she changed her number with the bank whenever she got the mobile question she just opened a new login page, i think the security question should stay the same until answered

jmcgold

Had the same issue and malwarebytes seems to have fixed it.

Looks like a trojan that was injecting some javascript at the bottom of aibinternetbanking.aib.ie that was pulling code from dbase-security.com. This code basically replaced the PAC prompt on the login page with one of their own looking for all the digits of the PAC.

Look for the following on your machine and remove it (replace XXXX with your account name)

remove the file: C:\Users\XXXX\AppData\Roaming\Vaome\aftibah.exe

Then use regedit.exe to search for and remove any keys referring to the above file.

If you are not confident doing this yourself, download malwarebytes and it will do it for you after a quick scan.

frank9901

jmcgold wrote: »

Had the same issue and malwarebytes seems to have fixed it.

Looks like a trojan that was injecting some javascript at the bottom of aibinternetbanking.aib.ie that was pulling code from dbase-security.com. This code basically replaced the PAC prompt on the login page with one of their own looking for all the digits of the PAC.

Look for the following on your machine and remove it (replace XXXX with your account name)

remove the file: C:\Users\XXXX\AppData\Roaming\Vaome\aftibah.exe

Then use regedit.exe to search for and remove any keys referring to the above file.

If you are not confident doing this yourself, download malwarebytes and it will do it for you after a quick scan.

what do you think the banks stance will be on this ?

dotsman

frank9901 wrote: »

what do you think the banks stance will be on this ?

What do you mean? There's only so many times a bank can scream that people should use up-to-date anti-virus scanners and be vigilant to anything out of the ordinary etc. The bank's websites are not the one's being attacked, it's people's computers. What do you think the banks can/should do?

noodler

Jesus. This really is scary stuff.

Is there anyway to completely lock out transfers from your account?

Thanks alot for the heads up.

I don't recall ever being asked for 5 digits and theres no unusual activity on my account so I hope I am okay.

noodler

dotsman wrote: »

What do you mean? There's only so many times a bank can scream that people should use up-to-date anti-virus scanners and not be vigilant to anything out of the ordinary etc. The bank's websites are not the one's being attacked, it's people's computers. What do you think the banks can/should do?

All I use is AVG Free and SuperAntiSpyWare.

Would that worry you?

dotsman

noodler wrote: »

All I use is AVG Free and SuperAntiSpyWare.

Would that worry you?

As long as they are up to date and you use common sense you should be ok. There's nothing to be overly paranoid about. As long as you are careful, the chances of being successfully attacked are very remote - and the bank will refund you in these circumstances anyway (just a bit of hassle regarding paperwork etc).

noodler

dotsman wrote: »

As long as they are up to date and you use common sense you should be ok. There's nothing to be overly paranoid about. As long as you are careful, the chances of being successfully attacked are very remote - and the bank will refund you in these circumstances anyway (just a bit of hassle regarding paperwork etc).

Yeah, I might make another account with money transfers disabled to limit this type of possibility in the future.

I have to say I would have been surprised if I'd been asked for my 5 digits. Even more so if it had been from a pop-up window.

This link

http://www.aib.ie/InternetBankingSecurityDemo/index.html?c_id=securitydemo&ad_id=1

seems to indicate that part of last week's scam asked for all 100 of your code card numbers (obviously not in the OP's case) and that would have been quite obviously a scam.

frank9901

no it did not ask for all 100 digits it asked for 2 code card numbers, that why i am wondering how they bypassed the aib security, to transfer money internationaly you will be asked for two random code card numbers ,so they must have cracked the card from those 2 numbers, there is also any of three other measures last 4 digits of work number,last 4 digits of home number or last 4 from credit card, so how did they get past that security

frank9901

dotsman wrote: »

What do you mean? There's only so many times a bank can scream that people should use up-to-date anti-virus scanners and not be vigilant to anything out of the ordinary etc. The bank's websites are not the one's being attacked, it's people's computers. What do you think the banks can/should do?

i gave one example of this in an earlier post, right now if you are asked for a four digit number for example last 4 digits of credit card, if you dont have that information but have the targets phone number you can close and reopen the page until you are asked for the last 4 digits of the phone number. thats something they must share some of the blame for plus their code card is useless if somebody gets 2 digits from it also i have mcafee 2012 total protection and it picked up nothing

noodler

frank9901 wrote: »

no it did not ask for all 100 digits it asked for 2 code card numbers, that why i am wondering how they bypassed the aib security, to transfer money internationaly you will be asked for two random code card numbers ,so they must have cracked the card from those 2 numbers, there is also any of three other measures last 4 digits of work number,last 4 digits of home number or last 4 from credit card, so how did they get past that security

Again I specifically said it it wasn't the case for those in this thread.

Amazing someone would actually type all 100 codes though.

frank9901

i was talking to a girl from the fraud dept at aib, she said even the most sophisticated anti virus software may not pick up this virus

BostonB

frank9901 wrote: »

i was talking to a girl from the fraud dept at aib, she said even the most sophisticated anti virus software may not pick up this virus

?

jmcgold wrote: »

Had the same issue and malwarebytes seems to have fixed it...

Zab

frank9901 wrote: »

no it did not ask for all 100 digits it asked for 2 code card numbers, that why i am wondering how they bypassed the aib security, to transfer money internationaly you will be asked for two random code card numbers ,so they must have cracked the card from those 2 numbers, there is also any of three other measures last 4 digits of work number,last 4 digits of home number or last 4 from credit card, so how did they get past that security

While it's "possible" that the codes were predictable, AIB would have to extraordinarily inept for that to be the case. Another possibility is that while you were logging into the fake page a computer was logging into your account from somewhere else and it simply asked you for the two codes that it was being asked for. Either that or there's a way to transfer money without a code card (to my mind this is more likely than the predictable codes anyway).

bk

This sounds like a man in the middle attack to me.

Basically a trojan installed on your PC, which is injecting Javascript code into your web browser that makes it look like the real AIB website, but when you actually log in and interact with the AIB website it is taking your responses to the security questions and actually doing different things in the background (such as sending money to their account), then what it shows you it is doing.

It doesn't actually need all your codes and passwords, it probably only carries out the attack each time you login to AIB and it asks you then for the specific codes it needs for that session.

While it might ask for the codes at times when it wouldn't normally ask, most people probably wouldn't realise this and just accept that what they are seeing is legit.

The responsibility of this lies partly with the customer. After all it is there PC that got infected, probably due to lack of up to date anti virus software.

However if the banks didn't actually cover the cost of these frauds and it happened to a lot of people, then the bad PR from it would have a much worse and costly effect for the banks as people lose trust in their online banking services.

The banks can however fix this issue, by improving the security of their online banking service, by implementing two factor authentication and alternative authentication channels.

AIB are already doing this with their new Card Reader device (which looks like a calculator and reads your ATM card), this device uses two form authentication and alternative authentication channels, which makes online banking much safer and protects against these sort of attacks.

I highly recommend everyone requests a Card Reader device:
http://www.aib.ie/servlet/Satellite?c=SC_Content&cid=1296736790579&pagename=SecurityCentre%2Fsc_main&section=S003