Fraudster poses as Barclays' chairman, withdraws funds
Barclays bank in the U.K. has found itself at the center of another security
scam, this time around someone posed as the bank's chairman and scammed £10,000
($20,000) out of his personal account.
The fraudster rang a Barclays call center posing as the bank's chairman, Marcus
Agius, and managed to have a new credit card sent out to him under Agius' name.
He then went into a Barclays branch and used the newly issued credit card to
withdraw £10,000 out of Agius personal account.
Britain's Sun newspaper reported that Barclay's bosses were 'burning up' with
embarrassment.
The scam follows the highly publicized actions of BBC Top Gear presenter Jeremy
Clarkson, who published his Barclay's account number in an attempt to prove
that the U.K.'s largest ever data breach was nothing to fuss over.
A cheeky reader subsequently used the details to help Clarkson 'donate' £500
to a U.K. charity .
"The banks have to protect people connecting to their services, but if
I know enough about you or anyone, you would be amazed what I could do,"
said Andreas Baumhof, CTO of online fraud protection company TrustDefender.
"If you've lost your account number or password for online banking, is
your bank providing you with a service to recover those details? Every bank
does, because it's a normal thing that happens," he said.
"They provide you with this information after checking your identity,
which typically is your address, telephone number and some personal information.
So if you know this information they will release your password."
With the right story and the right personal information, the security measures
of any bank can be circumvented
Baumhof said call centers are a typical target of online fraudsters and identity
thieves. Their tactics involve bombarding a call center with phone calls, talking
to a different person each time and extracting a little piece of information
with each call.
"After they've rung them fifty times, you can connect a lot of information
about someone," he warned.
According to Baumhof a lot comes down to telling the right story to the right
person.
"In the end it comes down to human behavior, if you look like you are
in the right place at the right time then people tend to trust you."
Baumhof said that with the right story and the right personal information,
the security measures of any bank can be circumvented because of this human
element.
"The banks can provide really good secure protection but it only helps
if we protect people's identities generally."
Barclay's is reported to have accepted liability for the breach and has reimbursed
the £10,000 into Agius' account.
Amid fears other senior execs could become targets, the bank is reported to
have reissued all passwords and is revising its security practices.
» posted by abennett
Computerworld Australia
Build your tech library with our book giveaways.
Hacking Exposed, Sixth Edition
By Stuart McClure, Joel Scambray, George Kurtz; Published by McGraw-Hill/Osborne
The original Hacking Exposed authors rejoin forces on this tenth anniversary edition to offer completely up-to-date coverage of today's most devastating hacks and how to prevent them. Using their proven methodology, the authors reveal how to locate and patch system vulnerabilities. The book includes new coverage of ISO images, wireless and RFID attacks, Web 2.0 vulnerabilities, anonymous hacking tools, Ubuntu, Windows Server 2008, mobile devices, and more. Enter now!
