5. So if hacker got online user name and password, they can do the transfer already because HP is in their hand.

6. So main question and key area is how they obtain those username and password. TS write in the HP or on the stolen stuff?

Are you sure its being done by e-banking?
First of all, I would say its impossible. Even though its just 5digit TAC, how many times he had to tried in order to get the right one. Must be through your atm or something. The chance of guessing the correct tac code is very small leh.. 1/99999.

I think should be related to the staff in Public bank. Because it's not easy to hack in one account, some more need TAC, that fellow able to get the TAC no as well.

I join others here who don't understand how the hacker got the TAC.
Two ways I can think of:-

1) Hacker intercepts SMS sent to victim's mobile phone.
2) Hacker uses keylogger to obtain user/pass/PAC and use it while victim is still logged in to e-banking.

For item #2, here's a quote from PBB website.

felicious:

it has been few weeks already but you still haven't get back your money. i think you should put your concern now on how to get back your money rather than how the hacker hack your money.

the excuse from pbb refuse to return your money is because they claim that the transaction is made by yourself.

things you should do is:

1. you have to ask them for prove, what evidence can shows that the transaction is done by yourself? for example: the TAC should be tie to your phone number, not other ppl's phone number. find out the prove can shows that the transaction is not made by yourself. remember everything done in black and white, don't communicate with them by oral only.

2. if at the end pbb refuse to settle for u, give them some pressure. find their big boss, let them know you are not easily to compromise and going to publish this case on news paper. brand name is very important for a company, if they ignore you then just go ahead. i got some fren working in news paper company

3. seek for help from your fren or relative see anyone got know anybody is lawyer, ask advise from lawyer see is there anyway claim back your money trough law

dun go to the branch office...straight go DIGI HQ...show them dat u are really serious in this matter...

1.cancel all ur online transaction ,
2.dont use credit card
3.stop giving away ur lil ,lil imformation about ur detail
  for example ,,ur IC,ur atm number card .make sure no one photostat
  ur CREDIT card ,ur atm and ur IC bec they can trasit ur amount out .
by the scammer,,,i heard frm my friend protect ur identity .

Most probably the culprit doesn't need to do as said on previous posts. Once they have access in the mainframe, direct or indirect, partial or full, they can run imagination wild. Not just PBB, all over the world it is well "covered up".

I hope the TS gets her money back. For those who has huge sum of money, >1k a month savings, keep in somewhere not easy to liquid or not exposed to ebanking.

TS.. please share with us what you when through with the bank. http://www.consumer.com.my/ is good database.

excuse me!!

even DIGI HQ won't reveal anything...serious or not serious!

Only Police are allowed to get info from them....

Guess u better hire a lawyer and if u win,bill PB the lawyer fee as well....

if not...go for BN or PKR or DAP for help......it might help!!!!! very very much..

No. Both DiGi and PBB (and any other company) will not reveal information to customer. They will only reveal to police, investigation, court order, etc. Unless you have insider help.

Otherwise all companies will be very busy preparing information for every Tom, d*** and Harry.

Even in my previous case, the bank will only report the reasons to BNM. I only get the report/results from the investigation. Not the details though.

We refer to your police report dated 17-09-2008 on the above subject matter and would advise that we are unable to accede to your request for a refund as there was no breach in Bank's Internet Banking Website system security at this or any other time. The identified transaction was conducted using your valid PBeBank.com Internet Banking User ID and password and there were no irregularities to the transaction.

Nevertheless, we shall be lodging a police report on the alleged fraud to facilitate a joint police investigation into your claim

Fwd the letter to police officer in charge.

Ask them to investigate the telco side and bank side, which side are at fault?

Give Public Bank a visit and make a talk with their technical department probably?

I think he forgot to log off when using e-banking. You think a professional hacker want to take RM2000.00 meh when they can target RM2M. Last time i went to CIMB bank and they got some computer for e-banking, some ass also forgot to log off also.

---

Added on October 14, 2008, 7:52 pm
Report to bank negara. You got plenty of form to fill up there. As for as i know for Credit card bank can claims insurance but for personal acccount i am not to sure..

hMm...issit an PBB insider job?? Hmmm.....then they will have all pwd, username and tac also rite? ahha.....
weird lor....the least digi shd tell u where did they deliver the TAC to ma. It didnt appear in your HP rite? Then it must have went sumwer...else like i asid, didnt go anywer at all. Insider job :/

Or did u check wif any of your family members if they took out money from your acc? Coz last time when i was working in a bank, the mother reported that her credit card got fraud. Later after all investigations, we found out rupanya the daughter "stole" her card and used a great deal out of it :/

Then ask them to freeze the other person account, ask him for testimony. I believe with police report, you can request for relevant documents and information about the other person account, ask police to summon him out.

TS is not the only victim. I know a guy who lost rm1k over the last weekend. PBB account as well.

Maybe TS might want to pay Michael Chong (MCA) a visit.

On intercepting SMS, it is not so easy especially if TS's phone is always on. If really the TAC was requested may I suggest TS to check the phone number configured or request a TAC now and see whether she receives it.

The TAC generation I believe is via

[Bank database] -> [TAC Server] -> [Telco] -> [User Phone]

Thus possible points of failure are

1) Bank Database -> phone number for TAC changed
                          -> Another option that can be considered is maybe PBB system has a bug and the transaction has erronously been credited from her account. Ie. Login, Password, TAC all correct, only account number wrong.

2) TAC server -> Make to generate TAC to a different number (dummy message sent to server etc.)

3) Telco -> Tapping into physical systems
             
4) Phone -> lost

Have you checked that the registered phone number on file is still your actual number? The TAC part is the most puzzling to me because it's effectively a one-use temporary password, so it should be impossible to steal. If PB's security protocols are working, then it should be impossible for even any of its staff to do this because they won't have access to plaintext versions of any customers' passwords. The likeliest explanation is still the simplest, in my opinion. Someone close to you got a hold of your phone during the time the transaction happened and transferred the money. Your problem is that there was such a huge gap in time between when you discovered the theft and when the transaction actually happened. If possible, try to remember what you did during the day of the transaction and whether or not you left your phone with someone.

After you log out from PB, did u perform clear cache and clear temp internet files ?

The third part is not robbing or stealing from TS account. So police can't do it. It is just a E-transfer.
TS must prove it is a fraud case which until now TS has no strong position except no TAC being received. TS needs to prove those transaction is carried withouts TAC or TAC never obtained.
That's why we need to investigate how this fraud case being carried out also.

You must think from the other side, from police (enforcer) perspective, what if TS is telling lie or TS transferred the money but claim not doing after that and claim compensation from banks or TS actually transferred but regretted and try to make amend by telling lie? or whatever other reason.
Although I knew TS is not falling into these category, but from a police (as an enforcer), you must think from neutral point. No offence to TS or anyone.
Just like someone had mentioned about credit card fraud as earlier post, it is not a fraud after all.

Are you sure that you did not received the TAC message? Try going to MCMC and ask them to check whether the TAC message sent by PB server was received successfully to the registered phone number.

Every mobile telco should keep a record of all sent and received messages. If the telco says the message was successfully sent to your mobile number, it could be that someone has cloned your sim card.

These days, sim card cloning is highly unlikely but there is always a possibility.

---

Added on October 19, 2008, 2:25 amBtw, what phone are you using? Is it a Symbian or JAD/JAR enabled phone? There's a possibility that your phone might be hijacked.

Maybe can prove by the telco co that msg didnt send to your HP?
If its a police case already, i think they will help kua?

But honestly i dun understand y dun the bank check with the 3rd party acc where the funds had transferred to, Wouldnt hurt to clarify one ma rite. Last time my mom's PBB acc also got sudden funds masuk. She gotto scream her lungs out at the officer to check on the case....else they wont care. Ya...she gotto scream eventho the funds was given to her FREE (BIG AMT...hahaha...many zeros is all i can say) and ya its also PBB...too bad mom is not here anymore, else i could have asked her about it for u. Btw, this happened 20 years back.....no ebanking then. Maybe you can use the harsh way and insist that they check it out for u, your rights what since its your money they have lost. If me I will proly make a big newspaper case out of it...2k is small, but this is a big matter aint it, millions could have been transferred instead! Go MCa or something....

Oh...btw i told one of my fren about your case, he told me that after you make the police report, please report to BNM (BANK Negara) They will definately take action. So please do....go report the case to BNM. And u can also inform PBB that u r reporting to BNM, usually these banks are "scared" when matters go to BNM, they might speed up their work. Update us yar!!

You should called up BNM to updates, check with police station as well, we're as concern as you do, because we're internet banking users too.

No need. Perhaps a call to enquire about their investigation status would be relatively faster compare to the snail mail?

IP that requested the TAC?

how about ebroking?
i juz want t o apply 1 pbb ebroking a/c

nigerians.... erm sorry i mean if u have any sort of enquiry whatsoever from nigeria for online biz be super duper careful. they r super famous for online fraud. just google them up to see what i mean.

they'll pose as so many different ppl with different names n use various methods to draw your attention. if u receive a deal o offer that sounds too good to be true, it probably is. they may not say they r from nigeria in the beginning. but if u entertain their emails n later all seems to head that direction. pull the brakes minus ABS....

point..... have nothing to do with anything o anyone from there.

hmm w/o tarc? how abt the money transfer to wat acc also not show?

MCMC have authority over the Telco company. You might want to give a call to MCMC.

If your phone was hijacked, most probably your PC was also hijacked by a Trojan or Keylogger. Keep in mind that custom made or custom programmed keylogger and trojans can be undetectable. If someone hijacked your phone and PC the person is probably a close friend or relative that has knowledge in the IT Industry and has direct access to your PC and Phone.

Btw, you might want to take a look at CyberSecurity Malaysia. They may be able to help with the investigation.

Did you logon your account from Cyber cafes, etc? PC's and places that are not safe might potentially be risky.

Btw will the bank give u back the money? I meant insurance. There is no way the hacker can receive the TAC. Maybe he infiltrate to database server. I had been told that Maybank also got hacked by African hacker. Not sure where did this black men got the hacking skill or our banking security is low.

How they proceed the case now and how well the progress? Did they manage to find out ur acc been hacked?

wait wait.. I read a few pages back, I dont know how your login is being hacked. You give us insufficient information and we cannot give your proper assumption. How do you think you get hacked? u used online banking at cc or starbucks using wireless connection?

---

Added on November 10, 2008, 6:30 pm
I come to the conclusion that the person who stole her money is close-acquaintances if, it's not the work of insider. Think of it, the hacker can penetrate double security layer.

Yes. Contact CyberSecurity at +603-89926888 for more info.
Also, you have to keep calling the Police at least once every 2 days. To you, RM 2K+ is a priority but to the Police, it is just a small & low priority case. Keep calling them...it's better to speak to the same officer/inspector that is leading your case so you don't have to explain everything all over again to a 'clerk/desk' police officer who gives the same reply every time.

where was the last time you used e-banking and you found out that your is being hacked?

maybe you should check with your celco provider if you actually received the TAC.

Received email phishing for Maybank2u password.

I have attached the images of the phishing email at my blog:

Phishing

---

Added on November 14, 2008, 12:54 pmAs far as I can remember, Maybank did not request email from customers. So how can customers receive email from them?

after reading all 14 pages...how come they get your TAC number?....and u dont even do online banking on that day isn't?....pening aleady...

last hope was asking Digi telco to comfirm that day u got the TAc or not ...