Argh :( Just had to cancel my card - clever trickery inside

wannabedamned said:
That was a really well done scam in fairness. I would have raised an eyebrow at it asking for the mothers maiden name CVV. But not everyone would.

And I'll echo the fact there's nothing wrong with IE.

you've just been unlucky. atleast you cancelled your card right away.
Click to expand...

Thanks. I must admit, I did spend about 5 minutes on the second page thinking should I or shouldn't I. But after checking the SSL out I thought maybe they were just doing an additional security check.

Next time, I know to phone them up first and confirm, but the page is completely legit, no URL changing, and the SSL on the site was bang on so I do have to congratulate them (even if I hate them). :)
 
dbmzk1 said:
Check your hosts file?
Click to expand...

Checked - completely fine.

And FoxEye - no, I didn't check another browser. I've already system restored my PC back to a month ago, and got another virus scan running from the AV rescue CD which is coming up completely clean so far. Therefore I think i've probably obliterated it. After the system restore, the barclaycard website showed the correct page 2 on the website.
 
That's a very sophisticated phishing scam. Thanks for passing this on especially because I use Barclayard online.

I read something about this in the news but I can't track down the article.
 
Have to be honest, it does look very convincing and I can't see how it works/forwards the data on to the "scammer".

But when being asked lots of complete security questions, I would be very suspicious and go to www.barclays.co.uk or whatever.
 
Yeah, that's a sophisticated scam, even if you're fairly technical.

What's a CVV? I don't think I have that field for my card. 3-digit security number on the back of the card perhaps like mine?

As for Internet Explorer, it isn't the best browser but I believe that security has improved since version 6 / 7. The main problem with IE is that it missed the boat with pop-up blocker, tabbed browsing and add-ons, where other browsers have already included these for years. That is another debate though and isn't relevant to this thread.
 
Peño said:
I read something about this in the news but I can't track down the article.
Click to expand...

Click on BBC24 covered it about a month ago, tis a man in the browser attack, rather alarmingly, the AV's they used on the show failed to pick it up.
 
At The Gates said:
Zeus trojan?
Click to expand...

Can't remember the name of the Trojan nod detected, but I did save the log files. When the current scan finishes I'll check and post what Trojan it was.

However, reading about Zeus on Wikipedia, it sounds plausible. I'm guessing the scam worked by the Trojan intercepting the HTML web page and modifying it before IE rendered it. I'm guessing that way I really was on the real barclaycard website, but my browser was showing different forms injected by the Trojan.
 
VoG said:
Click on BBC24 covered it about a month ago, tis a man in the browser attack, rather alarmingly, the AV's they used on the show failed to pick it up.
Click to expand...

Don't suppose you know any YouTube or iplayer links to this as I would be very interested.
 
It's a good attack.

Do not need AV to thwart it either, just common sense.

I do not care how good of a scam it is, why would you ever enter those details?
 
darael said:
Have to be honest, it does look very convincing and I can't see how it works/forwards the data on to the "scammer".

But when being asked lots of complete security questions, I would be very suspicious and go to www.barclays.co.uk or whatever.
Click to expand...

It wont send information directly using the website scam. More likely stores the data collected with somesort of spyware\trojan on the computer, and then uploads the data separately providing its able (firewall)
 
I think I read about this, they developed this type of tech to try to breachof all things world of warcraft authenticators. Basically they were intercepting the authenticator data by sending it via a fake website, but forwarding the correct data back to the users pc. Apparently world of warcraft accounts were worth more than cash at that time due to low chance of actual prosecution.

The user put all the correct details in and then got an error message a little after looking like they had logged in fine. It was during this brief time that the hackers took control of the account and changed the password, standard wow functionality kicked off the genuine account owner due to multiple logons for same account.

I suspect in this case if you had entered the last data you would have been logged in correctly, you would have then seen your normal data. 10 minutes later they would have attacked your account but you would have been none the wiser as you did get through to normal barclaycard. You would have been oblivious you had given all the key data about your account to a thief.
 
Substance said:
I swear I've seen a thread almost identical to this on these boards a while back, I think it was barclays too
Click to expand...

There was a thread, it was quite a while ago, it worked by replacing a panel or pane within the window, so firefox showed the green lock for the window but part of the window had been replaced and was fake.
 
How does a man-in-the-browser attack manifest itself, and does it affect all browsers? Is it a type of computer virus? I don't think I came across this in my technician years (2003-9) - it was virus, Trojan horse and spyware back then and people mainly got them from Limewire etc or by clicking malicious links in emails.
 
You must log in or register to reply here.
Back
Top Bottom