• banks, demographics and payments

    One of the big banks in Belgium, ING, decided yesterday that its clients older than 60 would only be able to get 1000 euro's a week cash from their accounts to protect their security. THe public outcryin this no-news period was enormous and later that day the decision was reversed. Elderly people and others were shocked that the banks would set such a limit based solely on age.

    It is in fact a bit more complicated than that.

    Most people forget that when you get a bank- or creditcard you can set yourself a limit on it - just to be sure that you are not tempted to spend more than you can pay back in a reasonable time. The only problem here is that each time you will get a new card these limits are forgotten and each time you think you may spend more you have to run to the bank to upgrade the limits and to re-install them afterwards. As a victim of bankcardfraud I know it is a very good defense. (but that's a complicated story)

    So there is nothing wrong or stupid about setting such a rule on your account it is even very wise and could be used - as the marketeer thought - by most of the people most of the time (even if the modern creditcardthiefs only steal a limited amount from each compromised account). It should even be advised to do so based upon your capability on your income to pay back the creditcards or the amount you want to go in the red.

    Secondly more and more banks and creditcardcompanies are using behavorioural analysis to decide if they will approve some payments. If someone has never been to China for example and there are payments out of China coming in and the person has not mentioned to his or her bank that he or she will be travelling to China, than in the UK for example some banks will simply block it.

  • 27 on 28 investigated belgian ringtone sites are probably unsafe

    It depends all on what you call unsafe. But it also unsafe if it steals money from you by using very expensive services (looks like the redirecting of the modems) or by recalling you time after time and letting you pay for it (without any opt-out) or by saying that you have signed a contract by using their service to buy every month a new ringtone. For people working in the ITsecurity fields this all seems much like 'where did I hear this all before (or a bit like that)'. The problem is that the mobile service didn't believe untill recently and even than only in Asia that it can become the victim of organised and sophisticated attacks on its users and networks.

    This from the first preliminary report from the EU  source

    Table 1: Websites checked by the sweep and number of the websites that need further investigation

    Total number of websites checked
    Total number of websites that need further investigation
    Total number of potential CPC (cross border) cases

    Table 2: Websites checked by the sweep and number of the websites that need further investigation per Country

    Total number of the websites checked
    Total number of the websites that need further investigation
    Total number of potential CPC cases

    and remember there are freeware tools that make ringtones for you on your pc so you don't have to use these kind of services

  • Belgian sites now used for phishing operations  Italian Post

    this is a site from a school, something that should be organised and not be left alone to the chinese volunteers trying to keep up with things.

    to which other sites are redirected, as is this one  which wouldn't surprise us because the site is under construction but probably not secured


  • The biggest Belgian Bankhackers were using simple keyloggers

    Security experts are praising Sumitomo Mitsui Banking Corp. for
    admitting that it was the target of a failed $424 million hacking

    According to media reports, the U.K.'s National High Tech Crime Unit
    (NHTCU) has issued a warning to large banks to guard against
    keylogging, the method adopted by the would-be thieves in an attack on
    the Japanese bank's London systems. The intruders tried to transfer
    money out of the bank via 10 accounts around the world.

    Keyloggers record every keystroke made on a computer and are commonly
    used to steal passwords. Eighteen months ago, U.S. games developer
    Valve had the source code to its latest version of Half-Life stolen
    after a virus delivered a keystroke recorder program into Valve's
    founder's computer 
    Well that seems like one of the best targeted attacks so far because if you find 10 accounts that together hold that kind of money
    So rich people and enterprises, this lesson will go the world around
    Better 1 very rich account broken than 100 smaller ones 

  • Fake Diploma mills and non accredited educational institutions

    Today there is a story in our newspapers about a Belgian that is connected to a diploma mill that is being investigated in the US 

    With the web everybody can claim they have an accredition or whatever proof that they can deliver valid degrees and whatever as long as you pay. It is not always that clear to everybody who has the legal power to do this in which country for how long. There are some online sources with some tips that can be followed, but you should also look at different other websites about diploma mills. The reason of their success is that they are used to get application visa's for the US and sometimes that seem to work for a while.

    Wikipedia has some good arcitles here and here

    But it shows also that some sites that claim to give you some information about the sites are just doing so without any checking. This is the case for -  which has a mirror on So you really should trust more the official information sites and lists of fake insitutions.

    You can find official information about accredition in any country here

     But you can also make fakedegrees for whatever university here for a price.

  • Belgian crooks defrauding others

    You have crooks in every country, but according to the history in this dutch forum it looks like a whole lot of work to get them busted. Banks that aren't responsive and don't seem to work with the ecops and the Dutch police that doesn't automatically transmit the information to the Belgian ecops. They should know that the Belgian ecops have enough power if the proof is captured to act immediately.

    They send stupid not helping messages like this to their victims

    "Geachte mevrouw, De wet op de privacy en de discretieplicht opgelegd aan de banken, zeg maarbankgeheim, verbieden ons informatie over eventuele cliënten mede te delenaan derden.Indien u opgelicht werd staat het u vrij klacht neer te leggen bij depolitie. De politiediensten hebben trouwens een speciale computer crimeunit opgericht om dit soort zaken te behandelen.Ook kan u bij de provider via dewelke u de aankoop deed, klacht neerleggentegen de verkoper.Wij hopen u met deze informatie van dienst te zijn geweest.Met vriendelijke groeten,  KBC Cliëntenservice - PCSBrusselsesteenweg 100B-3000 Leuven Christiane ReyskensHoofdadviseur Cliëntenservice Tel.: +32(0)16 86 68 71Fax: +32(0)16 86 30 "

    So if you are the victim of someone using a Belgian ISP, server, .be domainname, emailaddress or bank account.

    Who are you gonna call ?   the   

    or should we call them FRAUDBUSTERS ?  

    Maybe Ecops should give the responsable bankpeople a few hours of training how to ask the right information and send that to the right institutions in the right format.  That shouldn't be too hard ?