08/04/2010

banks, demographics and payments

One of the big banks in Belgium, ING, decided yesterday that its clients older than 60 would only be able to get 1000 euro's a week cash from their accounts to protect their security. THe public outcryin this no-news period was enormous and later that day the decision was reversed. Elderly people and others were shocked that the banks would set such a limit based solely on age.

It is in fact a bit more complicated than that.

Most people forget that when you get a bank- or creditcard you can set yourself a limit on it - just to be sure that you are not tempted to spend more than you can pay back in a reasonable time. The only problem here is that each time you will get a new card these limits are forgotten and each time you think you may spend more you have to run to the bank to upgrade the limits and to re-install them afterwards. As a victim of bankcardfraud I know it is a very good defense. (but that's a complicated story)

So there is nothing wrong or stupid about setting such a rule on your account it is even very wise and could be used - as the marketeer thought - by most of the people most of the time (even if the modern creditcardthiefs only steal a limited amount from each compromised account). It should even be advised to do so based upon your capability on your income to pay back the creditcards or the amount you want to go in the red.

Secondly more and more banks and creditcardcompanies are using behavorioural analysis to decide if they will approve some payments. If someone has never been to China for example and there are payments out of China coming in and the person has not mentioned to his or her bank that he or she will be travelling to China, than in the UK for example some banks will simply block it.

Permalink | |  Print |  Facebook | | | | Pin it! |

07/20/2008

27 on 28 investigated belgian ringtone sites are probably unsafe

It depends all on what you call unsafe. But it also unsafe if it steals money from you by using very expensive services (looks like the redirecting of the modems) or by recalling you time after time and letting you pay for it (without any opt-out) or by saying that you have signed a contract by using their service to buy every month a new ringtone. For people working in the ITsecurity fields this all seems much like 'where did I hear this all before (or a bit like that)'. The problem is that the mobile service didn't believe untill recently and even than only in Asia that it can become the victim of organised and sophisticated attacks on its users and networks.

This from the first preliminary report from the EU  source

Table 1: Websites checked by the sweep and number of the websites that need further investigation

Total number of websites checked
Total number of websites that need further investigation
Total number of potential CPC (cross border) cases
558
466
76

Table 2: Websites checked by the sweep and number of the websites that need further investigation per Country

Country
Total number of the websites checked
Total number of the websites that need further investigation
Total number of potential CPC cases
Belgium
28
27
14

and remember there are freeware tools that make ringtones for you on your pc so you don't have to use these kind of services

Permalink | |  Print |  Facebook | | | | Pin it! |

03/29/2008

Belgian sites now used for phishing operations

http://sjca.be/www.poste.it/index.php?MfcISAPICommand=Sig...=  Italian Post

this is a site from a school, something that should be organised and not be left alone to the chinese volunteers trying to keep up with things.

to which other sites are redirected, as is this one

http://wezembeek-oppem.info/fileadmin/red.html  which wouldn't surprise us because the site is under construction but probably not secured

 

Permalink | |  Print |  Facebook | | | | Pin it! |

03/20/2008

The biggest Belgian Bankhackers were using simple keyloggers

Security experts are praising Sumitomo Mitsui Banking Corp. for
admitting that it was the target of a failed $424 million hacking
attempt.

According to media reports, the U.K.'s National High Tech Crime Unit
(NHTCU) has issued a warning to large banks to guard against
keylogging, the method adopted by the would-be thieves in an attack on
the Japanese bank's London systems. The intruders tried to transfer
money out of the bank via 10 accounts around the world.

Keyloggers record every keystroke made on a computer and are commonly
used to steal passwords. Eighteen months ago, U.S. games developer
Valve had the source code to its latest version of Half-Life stolen
after a virus delivered a keystroke recorder program into Valve's
founder's computer
http://lists.jammed.com/ISN/2005/03/0081.html 
Well that seems like one of the best targeted attacks so far because if you find 10 accounts that together hold that kind of money
So rich people and enterprises, this lesson will go the world around
Better 1 very rich account broken than 100 smaller ones 

Permalink | |  Print |  Facebook | | | | Pin it! |

03/14/2008

Fake Diploma mills and non accredited educational institutions

Today there is a story in our newspapers about a Belgian that is connected to a diploma mill that is being investigated in the US 

With the web everybody can claim they have an accredition or whatever proof that they can deliver valid degrees and whatever as long as you pay. It is not always that clear to everybody who has the legal power to do this in which country for how long. There are some online sources with some tips that can be followed, but you should also look at different other websites about diploma mills. The reason of their success is that they are used to get application visa's for the US and sometimes that seem to work for a while.

Wikipedia has some good arcitles here and here

But it shows also that some sites that claim to give you some information about the sites are just doing so without any checking. This is the case for zoominfo.com -  Eours.com  which has a mirror on onlineeducationfacts.com So you really should trust more the official information sites and lists of fake insitutions.

You can find official information about accredition in any country here

 But you can also make fakedegrees for whatever university here for a price.

Permalink | |  Print |  Facebook | | | | Pin it! |

02/27/2008

Belgian crooks defrauding others

You have crooks in every country, but according to the history in this dutch forum it looks like a whole lot of work to get them busted. Banks that aren't responsive and don't seem to work with the ecops and the Dutch police that doesn't automatically transmit the information to the Belgian ecops. They should know that the Belgian ecops have enough power if the proof is captured to act immediately.

They send stupid not helping messages like this to their victims

"Geachte mevrouw, De wet op de privacy en de discretieplicht opgelegd aan de banken, zeg maarbankgeheim, verbieden ons informatie over eventuele cliënten mede te delenaan derden.Indien u opgelicht werd staat het u vrij klacht neer te leggen bij depolitie. De politiediensten hebben trouwens een speciale computer crimeunit opgericht om dit soort zaken te behandelen.Ook kan u bij de provider via dewelke u de aankoop deed, klacht neerleggentegen de verkoper.Wij hopen u met deze informatie van dienst te zijn geweest.Met vriendelijke groeten,  KBC Cliëntenservice - PCSBrusselsesteenweg 100B-3000 Leuven Christiane ReyskensHoofdadviseur Cliëntenservice Tel.: +32(0)16 86 68 71Fax: +32(0)16 86 30 38christiane.reyskens@kbc.be "

So if you are the victim of someone using a Belgian ISP, server, .be domainname, emailaddress or bank account.

Who are you gonna call ?   the http://www.ECOPS.be   

or should we call them FRAUDBUSTERS ?  

Maybe Ecops should give the responsable bankpeople a few hours of training how to ask the right information and send that to the right institutions in the right format.  That shouldn't be too hard ?

Permalink | |  Print |  Facebook | | | | Pin it! |