Updates:

I had made police report and lodged a report to Public Bank too.

RM2822.16 was transferred out to an account holder name end with Charles on 25th August.

I reported to Bank Negara and Bank Negara ask me to report to FMB.

I reported to FMB and waiting for their news.

I met an inspector and he said that he can't help me much. He will just try his best to check on the 3rd party's account number.

This post has been edited by felicious: Nov 20 2008, 01:08 AM

Easy.
Because you not using original,
so are the hackers. they not original. !

any idea that fellow transfer your $$$ into which account???

wtf.. now im scared..

Singapore's bank better.. for online banking they got give you a special device number which generates a set of number. Whenever you need to ebanking, you need to login with username and password then enter the generated set of number via the device..

No device = no login

Malaysia's maybank2u etc makes me worried also

u mean.. something like hsbc ?

---

Added on September 22, 2008, 2:49 pmi found hsbc troublesome.
why not just take it easy ?
all ebanking transaction will be sms to your phone and your register email.
or just like maybank. deliver the mail to your home address ?



This post has been edited by uncle9: Sep 22 2008, 02:49 PM

i'm sure it's done by hacking into the system, not your account alone.

The fundamental flaw is that there's still risk of being hacked or your pc contains keylogger.

Maybank2u etc need to be like Singapore's POSB bank where they have a device which generates a set of number to login..

This way even the hacker knows your username and password it's still useless without the device..

I think it's not hacking to your system. Maybe some sort of fake website. You got email from "Public bank", ask for you to change your password. From there, they can get your old password and use it to access your online banking account.

u seriuz?? no TAC to u b4? omg, maybe tat hacker hack ur acc and change the TAC to his number. i think all e-banking uses TAC as final confirmation for any e-transactions. and yeah, nowadays so many fraud websites tat has almost the same URL send to u via emails. neva click any link from the email, they will redirect u to their fraud websites.

This post has been edited by typicalsite: Sep 22 2008, 02:55 PM

As troublesome as it is, the two factor authentication (otherwise known as the thingy with random numbers) provides a minimal level of safety - but it's still BETTER than waiting for a TAC via SMS.

password phishing ?
or some backdoor ...

sorry to hear that, but this seems a serious system compromised. But you should be able to track to which account the money is transferred and thus start investigating on that person

only newbie would fall into such trap ...but i think TS is oldskool

Very true, now with advent of key logging software. They have the auto number generated device to prevent this.

Mind to show some screenshots?

Have you logged in from public place like cc/office/starbucks?

If not you log in from home, so someone from your own home stole from you!

Lucky only 2800. Thats still small money compared to other ppl account which run to the 10's of thousands.

sound ridiculous

first, u need to login to ebanking .
second, if u wan to transfer money from ur account to another account, u need TAC. the TAC will send to ur cellphone.

--------

if wan to hack, u need to get the login name and password.
second, goto bank change the TAC's phone number?

i am really wondering how to change the TAC phone number?

i was just talking to my bro how safe is Ebanking this morning.... so proven not safe

there's something 'phishy' about this thread.

that's very unfortunate
sorry to hear it man

Teh Intehnets is Sriuz Bisnuss

so for time being, just ignore to use public bank online banking. maybe have some hole or backdoor. Unless the Public Bank has make a press statement to get back the customer trusted.

eh TS better don't lie to us leh.. later we call team ISA find you

bank wont ganti?

is this for real? if it is then i f to be careful . But the tac thing,its not easy to get it if ur not the person. coz u cant do it online i thnk or prolly im wrong..i thought u f to use an atm machine to do it, evn to change ur mobile phone number. Just say if tht person changed the mobile num, they must f did it thru a atm machine (cant change that thru online system)
so, only some1 who has ur atm card can do tht for sure

It's inside job

Maybe gf or bf or anyone with access to your phone stole money

you have been phished i think.

probably, coz unless u revealed ur details, or gave ur atm card to some1 ,its not easy for an outsider to do so..unless of coz, pb staff itself is involved or ppl close to u

Can anyone give more info about Maybank2u? If a person knows your username and password, can they start withdraw/transfer money?

To change the HP number that were assigned from your MBB TAC, there is only 2 ways:

1. Change through ATM Machine using your ATM card
2. Change it through MB2U but you need to get the TAC number first before you able to proceed to the next page.

So if you got a msg from MBB giving you the TAC number but you never requested for it then someone managed to hack your account but is still safe as the hacker won't be able to do anything w/out the TAC(this is what i presume )

Well technically, they can't do transactions which use TAC. But any other transactions you have saved as your "favourite third party" or "favourite external accounts" they can still do. Also all your registered bills he/she can still pay.

So maybe the hacker can take care of paying some of those bills...

hei RHB internet banking quite save.... coz u need a card which contains another additional pins that only if u are the account holder will have it... its given to u when u apply them at bank...

wif that additional pin only u can perform requesting TAC and also GIRO banking...

registered bill then it must be ur bills. the hackers can pay, but just helping to pay urs. no worry.

just that u have to take care of those registered third party accounts. lol

my ex-gf is a hacker ...she showed me the ways of hacking ...

i once seen her decrypted few thousand of emails from the database of outdated forum

tat is ur hosting...

must be done by own ppl of yours

its safe, as long as you know how to make it safe.


99% of the problems lies between the keyboard and the chair.

TAC can onli be changed/apply at the ATM machine using ur ATM bankcard

Some one is using her acount to purchase item gua

so how actually the hack working?

i wanna try it ma... before the bank block it

really?
I thought TACs are sent to your hp once u wanna make a transaction?

The bank told me it was transferred to someone which I forgot the name.

I'm having internet connection problem, thus I didn't check my email and didn't fall to those fraud.

The transaction was on 25th August, and I only found out about it on 15th Sept.

I just can wait for the bank to go for further investigation and wait for their reply

Screenshot isn't with me now as I am at my hometown and the screenshot is in KL pc

I never go to CC, and I never go to my college CIT to transfer money.

2800 is a big transaction for me. It's the PTPTN money that just banked in to me for me to pay college fees

nothing is perfect, and I am the unlucky person. Got scolded from dad for using ebanking

I wish, but I am not sure

It is transferred to one fella, who I think is Indian, but confirmed not Chinese nor Malay.

I lost my bag during snatch theft on Jan, which includes my IC, phone and ATM cards

yes.. but first you have to register your phone via ATM then onli can get TAC

u lost in JAN and u did't make police report to have that particular ATM card suspended? and you also did't change all banking passwords since then?


and how does the thief can get access to your account via the ATM card.. unless you write the PIN on your ATM card and store other sensitive banking info on your phone.

This post has been edited by jinaun: Sep 22 2008, 06:09 PM

i should really learn how to hack.

1. I don't keep my passwords in my phone.
2. I called to Maybank and Public Bank to cancel my ATM once my bag was snatched.
3. After ATM was cancelled, we have to change our e-banking username and password also.

So, I have no idea on how the hacker manage to transfer that sum of money to another fella. Some of my friends say that my PC was infected by virus and they manage to hack to my account. And about how people can get TAC without getting into my phone, my friend said there's a device which we can insert sim card and hack to my account.

The fella must have known all my details and even know my phone number.

*thinking whether is it because I always put my phone number online?*

really no idea how they done it
they need the ATM to change the phone number, and required password to do so, so it is a insider job?

Don't forget,you might have requested for TAC before and will therefore type it in your computer.The TAC expiry is 2 hours so he might have used that time to quickly transfer your money away before it expires.Clean your computer now as it might contain keylogger

And its a good habit to periodically change password

oh ya did u surf into a fake Public bank website in the internet?
i know how they did it, 1st u key in username and password in the fake website, is just totally same with the original one, then they login your id into a real Public bank website, ok then u request TAC, and they will request at that time, when u key in the real TAC, byebye to your account, they are free to transfer any amount

haiz... ebanking really not that safe...
luckily mine is for online shopping purpose and will not more than RM100 in the bank...

this kind of things is normal la. .... it happen once a while.

dun think so..

in my mind, ebanking still very safe...


if u gonna ask me how ts experienced this if the ebanking is that safe....

then i gonna say.. i also dunno



if u know how this happen, then u might be a hacker dy...

========================================================

phishing is quite match this case. but i dun think ts tat stupid and login into a fake ePB.

so, i assume the hacker got the power to change the TAC phone number and change it back later on.
and of cuz, ts's username n pwd.

nobody safe when online lor...u cn trace bec what the hackers do be4 bt if the hackers newbie leh...if pro i thnk hav delete all log file tat related wif the hacker..usually hacker use phishing bt i thnk hijackng aso cn...

Dun worry, as long as the record of transaction is there, u r safe..

This post has been edited by owenwong84: Sep 22 2008, 06:43 PM

ya... also think that... nobody safe when online... if safe, in this world no more hackers...

btw how TS kena hacked...

any one using hong leong bank account? do they have the TAC number thing? what if you never register for TAC? hackers could use their own cellphone to get the tac number?

will bank responsible for that.??

Pbb just state that they are investigating and were given 30 days.
After 20 days, I ll call them and see how is it..

Sigh, I am really unlucky this year

30 days, that's long
treat those unlucky as a lesson

hmm don be sad dear. Hope everything going fine. Hope you'll get your money back as soon as possible.

yeah. don't be so sad.
the bank sure can retrieve the account.
then its the police job.

for sure they can trace and caught the culprit.
but we're not sure whether you can get the money back.
if you do, it will takes time; subject to court case, subject whether the hackers still got money to pay back or not, subject whether bank will refund your money or not.

Thanks for the concern, dear. I hope I can get back the money, but I really dunno what to do.

If this happens to you guys, what will you guys do? Do the scolding to PBB? Just had a quarrel with family regarding this.

The bank can retrieve the account, it is transferred to an Indian iinm.
Everyone are using ebanking, but why me?!?! Seems like I am the only one in LYN who got hacked in PBE?

I just hope that PBB will refund me the money. It is PBB mistake for their insecure ebanking. Gosh, I really don't have any more confident in PBB.

**OMG!! I start whining around again~.. sorrie**

This post has been edited by felicious: Sep 26 2008, 12:06 AM

Mayb they use a device to copy ur data within 10 feet.

Ur bank deposit should got insured. Try asking about bank deposit insurance, and this insurance can cover or not. I know it's up to 60k, but i dunno if our careless can claim or not.

they should do somthing liek RSA token key every 20 sec generate the number for u !

ohh pity you..im wondering if other internet banking services (maybank2u,cimbclicks etc) are vulnerable to hackers as well.might consider transferring out money or terminate these internet services.

Oh.. never thought deposit bank also have insurance. But this is not my mistake. It's the bank security not good enough.



Yeah, I would like to know too.

so your money gone down the drain ?
any compensation from bank ?

---

Added on September 26, 2008, 11:55 amso your money gone down the drain ?
any compensation from bank ?

This post has been edited by ykc: Sep 26 2008, 11:55 AM

Go to the bank & ask the bank to freeze both ur account & the account which the $$ had transfered to...... they can investigate for u....

TS did u report ur bag stolen case on JAN ? if you never got a TAC i think this is how they transfer ur money. They took ur IC which is stolen last time when u lost ur bag and go to PBB saying they lost an ATM card ask for reissue then get a TAC using the ATM card ? i dun think PBB webpage is so easily hacked and also hack into the TAC system is so impossible if they are so good i doubt they would hack so obviously. they would take money from all bank accounts at a small amount so they get large amount of money for a long time before people would notice.

Still can't get a confirm answer from the bank

They are investigating. The fella says there is no need to freeze my account.

Can I use my old IC to apply ATM card? I thought they will scan the IC first?I had cancelled my IC and they can't do anything with my IC, right. And the PBB is not that stupid to give an ATM card to someone that is so different frm my IC picture.

From what i knoe Public Bank Online security features is not as good and safe as Maybank2u. Heard a few case of this already. The crook only took 2k or he took all of your savings actually?

I think TAC can only be changed at ATM

---

Added on September 26, 2008, 4:45 pmI'm sure you can check your transaction history right?

This post has been edited by karhoe: Sep 26 2008, 04:45 PM

I am poor student, so my account only left around 3K, and that was the money that PTPTN just banked in to me few days. Before I manage to check whether PTPTN banked in money to me or not, my money is already transferred out No money pay college fees

Yea, I check my transaction history and that's how I know that someone transferred my money away

feel bad for u
so how are u gonna settle your school fees?

computer got virus, not secure, pirated (cant update service pack).. ?

those are called hard token. be it hard token/sms tac..all these are to provide 2 level authentication. actually if u ask me, tac is better than hard token. what is the chance of ppl getting ur hard token compared to ur hp. but both also got vulnerabilities as if anyone got ur hp or gained access into the server that generate tac, and worst case the tac is in clear and not incrypted..then mmg sorry la..but all this seldom happen. maybe urself got into phishing site without realising it?

Just do search on google and there are many software/devices to intercept sms.... I personally think tokens are safer than SMS tac as a 2nd factor of authentication

This post has been edited by gilabola: Sep 27 2008, 02:16 AM

TS whn u hv gotten the details frm the bank and the outcome of all this mess.. hope u can share wit us how the procedures and final conclusion came about k.. thanks!!

sry for yr lost.. its a very huge amount!!!

e-Banking is not secure...even my frrens who work in banking sector dun use e-Banking

I have an online bank log-in too but I have never done any online transaction before. I just log-in to check my balance and anything misc.

Am I just as vulnerable?

I'm sorry to hear that. By the way, when was the PTPTN loan credited into your account and also when was it transferred out from your account?

if u want to change the phone number for TAC
u need to do it at the ATM machine
how could the hacker do that???

Loan from parents first? Gosh, I've been loaning a lot of money from them then

If my PC is infected with virus, someone can hack to my PC?

Sure.. I would love to share with everyone

They don't need e-banking also, because they are in bank almost everyday. So, they can transfer or check their banking details by themselves

My screenshot of my transaction is at KL's PC. I forgot when PTPTN credited money to my account, but I just can remember my money is transferred out on 25th August and PTPTN money was credited to my account 2-5 days ago.

I wanna know the answer too. Even PBB staffs can't gimme an answer

seems like not true for all values of t.
are you lying or wad?

first thing.
must not give your password to anyone and acc num if possible
others.
is not your fault.
blame the bank, you get back your money seriously.

and in every time you surf the webbie of the your bank.
please remember to logout.
anyone can breach into your acc info if you left it open like that.
by just closing your browser.

so? apa maciam?

This is what we called as Safety Net in Malaysia, unfortunately if i am not mistaken, Safety Net will pay you IF the bank goes bankrupt, not the fraud.

Don't be sad TS. I got one suggestion for those who using TAC but i not sure can work or not la.

Every time u finish doing transaction, request a new TAC. Cause if your computer were infected with keylogger, they can use the 2 hour or 24 hours time to withdraw money from your accout. New TAC will overwrite the old TAC, if i not mistaken la. Hope this help, i not sure la

akatora is right. Deposit insurance would only cover losses if the banks fail, not due to depositors negligence or if ATM fail

Bank don't wanna take the responsibility. Bank accused that I am the one who did the transaction.

This post has been edited by felicious: Oct 10 2008, 05:23 PM

Wah.....

U make a police report............ then bring to see the highest officer ask them to settle and which account receive the amount

My dad told me that bank don't wanna take responsibility, but I ll look more details about it. Tomorrow, I ll ask my mom to scan me the letter. I ll show what's the content of the letter here.

A foreigner is the one who received the money. That fella is obviously not related to me at all.
E-banking can't be trust, especially from Public Bank. I got scolded by parents everyday about this when I was in hometown.

make written complaint enclosing all your relevant documents to Bank Negara ASAP on Monday morning.

Take the time off to go to Bank Negara yourself, dont email/fax (play play only). Make 4 copies, original to Bank Negara, CC copy to Public Bank and your own file copy for acknowledgment by BN and Public Bank (whichever branch or dept that replied to you) and also their legal department.

Call public bank hq, ask them for the legal dept's address (dont know which floor but same building in jalan ampang).

Do this all yourself and get acknowledgment by all the addressees on your file copy.

Check with police whether they have acted on the police report eg trace the recipient of the money. Get the investigating officer's name and HP number for easy follow-up.

No point to cry anymore.

LET THEM KNOW YOU ARE NOT PLAY PLAY ANYMORE, IT'S TIME FOR HARDBALL TO GET YOUR MONEY BACK.

---

Added on October 10, 2008, 6:14 pmI dont do e-banking so I dont know the procedure but from what i read in this thread, there's supposed to be a TAC to your handphone.

If this is correct, better check with your telco provider to give you all details of calls, smses on the day your money is transferred out.

If there's none from PBB to your handphone, it will prove that it's not transacted by you.

better toughen up or you will have no chance of getting your money back.

This post has been edited by JustAsking: Oct 10 2008, 06:14 PM

I went to Bank Negara last Friday before the Public Bank make the decision.
I sent letter to Public Bank earlier on to enquire on this matter and this is the answer they gave me.
I sent letter to Police last Friday, and wait for their reply. Also, this was done before Public Bank make any decision.


About the telco provider, I am not the holder of this number. This number belongs to my mom. I ll ask my friend who work in DiGi more about it.
Thank you for advice

Tomorrow I ll get the content of the letter and post it up here.