Any way to trace back what website I logged on to on August?

That day my housemates are having problem in logging in to PBe too. All of us were trying to log in to PBe to check whether PTPTN bank in money to us already or not. But, I logged on at night and the case happen on noon. And if I went to their phishing website, how he can get my TAC number?

No, IE only keep history after 3 weeks, Firefox only keep history for more than 6 days. If u want to check Firefox, just press CTRL+H. For IE, CTRL+SHIFT+H.



www2 is a secure server which mean all the login will be directed to secure server via http"s" = secure socket layer (SSL) for 128bit strength encrypted connection. If you dont see the "s" on the http, dont login to pbe or the pbe site has no valid digital certificate.

S/he could have used your phone? after all, they know your money will be in. They have access to the PC. Someone installs a redirect (via HOSTS or whatever) and then gets your name and password. Then they use your phone (or a cloned SIM maybe) to get the TAC. I don't suppose anyone called you and asked for your TAC right? Did anyone call and say, "we're testing the line, can you please read the SMS we sent to you?"

I think I had went to phishing website carelessly

My friend and I was logging on to PBe. He clicked it from the yahoomail he received. Just checked the yahoomail and the date the mail is sent is same with the date my money was transferred out. His money was not transferred out, perhaps it is because his bank don't have much money. As for me, I am unlucky. I just log in after he logged out. And so coincidence, PTPTN just banked in RM3.5k to me few days ago. Thus, my money was transferred out.

My friend and I done the same procedure. We log in as usual. However, there is an extra step where I need to apply TAC number to my phone, key in the TAC number and then key in my username and password again. However, I can't log into my PBe and my friend can. Now I understand this is how they get my TAC number. Since TAC can last for 1 day, it still can be used in the afternoon although I received the TAC at night.

I didn't suspect that this is phishing website earlier on, because 2 of my other housemates are having problem in logging in PBe too. Thus, I thought that was just an updates / system down.

This post has been edited by felicious: Nov 20 2008, 01:00 AM

You and your housemates were using the same PC?

Old tricks. Been published in the news many times. Even bank websites prominently advise customers never to click on links in the emails.

so is TS own mistake lar ...

after this i dun even wanna login e-banking fr my office pc. even it's my own personal. just in case. we maybe very careful, but we r just humans and tend to overlook these simple things.. sorry to hear wat happened, TS.

and also cybercafe ...

After 2 months and 15 pages of discussions, TS now baru realised because of phishing website in which many of the forumers had highlighted in the replies.

But TS never recalled it until made a lot of things to prove otherwise.

You are really careless from the beginning until you realised.

摸摸糊糊的过了冤枉路。。。 We also helped TS to think of what would cause that situation....

Rule of thumb, never ever click the link in the email.

Be sure and cautious when dealing with money online., from https to exact website address on IE or Firefox.

Whenever something abnormal than usual, like TS case need to get TAC before log in, then hold back, don't do anything.

I think the case summary would be:

TS log in phishing website, the phising website told TS to get TAC before log in, so TS applied the TAC and log into the phising website, then they have the TAC already, afterwards, TS log in with usual log in name and log in passwords.

So, they have all the details they need to do the con job, log in name, password and TAC already, which enable for them to make the fund transfer, as TAC won't be expired in 1 days or several hours time which lead to the fund transfer.

So in this case, TS won't be able to claim back money from the bank. But need to report as third party account could be useful for police to investigate this matter. But third party account generally won't be the person doing this, they (doing con-job one) probably borrow others person name to create the account only as they are not stupid to leave the trace.

oh and btw, your money is transferred to another guy account? that azshole probably is the one sending the email so, maybe you want to take action against him and check his account, investigate whether they are other complainees? Chances are high IF there are other complainees. If you are alone then, 99.9999999% you wont get back your money.

That third party receiving the fund transfer probably somebody in the street that don't know about the transaction either, it can be somebody give him merely of a few ten ringgit, then use his name/IC to create the account, while the actual behind person or syndicate then can just use ATM card to withdraw the money, which leave no trace of the actual culprit.

No, it is remote chance of getting money even though police can catch the third party person, as those money surely already gone, while bank won't hold responsibility on it.

RHB got a set of number call dot com card. they have to use together with the so call TAC sent to your registered handphone.

TAC for maybank will expired within 2hours...only for one transaction.
off topic.

This post has been edited by NelsonBoy: Nov 20 2008, 12:41 PM

correct me if i'm wrong but aint pbe TAC requested online can only last for 30minutes?and she said transaction is done at noon the next day. This online transaction for such amount,is it like cheque deposit that needs like half a day period to complete and then transaction time recorded? just want to clear things out

It depends on bank policy which can be vary, some last 2 hours, some longer.

I think the thing is, she didn't click on it, her friend did. She said



So basically, her friend clicked on a phishing link, and then she used the same site without checking. What's more interesting is her friend was not affected but she was.

If I was a cop I'd be asking her friend a few questions. The moral of the story I think is, don't trust anyone, and if you're going to college, get your own laptop.

This post has been edited by wodenus: Nov 20 2008, 06:14 PM

that is just one possibility.

we are not chasing the bank now. The day you agreed to use online banking, the bank will not held responsible for any lost transaction of any kind. If felicious wants to pursue further, investigate the third party bank account is only way. I'd appreciate if anyone would offer a practical suggestion other than general explanation towards what is happening now.

can't trace already lar ...

treat it as lesson