BMO, Simplii attack: Canadians describe illicit Interac e-transfers out of Simplii accounts

When I first read about this, my thought was that fraudsters were calling into the bank and claiming to have forgotten their passwords

1. you mother’s maiden name (see Facebook)
2. the street you lived on as a child (see Facebook)
3. The name of your first manager (see LinkedIn)

Then simply logged in and transferred money out.

The scale of this theft indicates that I was mistaken. We are talking about tens of thousands in a relatively short time (2-3 days). That would indicate some automated form of attack.

Hmm…. reprogrammed digital assistant?

1. Scan social networks
2. establish answers to identity confirmation questions
3. Have computer phone bank, hold a conversation with help desk, and reset password
4. Immediately login (thanking the help desk agent)
5. Change interact target
6. Send (rand(bal * 0.5,bal*0.15)) to avoid immediate detection

Comments

Mike Barton - 2018-05-29 08:36:21-0400

I am not very surprised as my neighbor in regards to his phone said it has never happened to me before so it will never happen to him. Thick as a plank.

Plaid Sheep - 2018-05-29 16:26:20-0400

This one worries me because I have no control over the matter by the sounds of it. This (appears) to be an attack directly at the bank, rather than tricking people out of money.