Home page logo

interesting-people logo Interesting People mailing list archives

Modern Bank Security
From: David Farber <dave () farber net>
Date: Fri, 12 Sep 2008 08:28:31 -0400

Begin forwarded message:

From: eekid () aol com
Date: September 11, 2008 11:27:47 PM EDT
To: dave () farber net
Subject: Modern Bank Security

Prof. Farber

My wife is a bank manager and recently had a very interesting security experience. Last week a customer came to her bank to cash a large check ($114,000) written on an account from another bank. The customer wanted to deposit the check but to immediately draw funds from the amount. Before allowing this she attempted to verify funds, she called the bank the check was written on and was told their policy was not to verify funds (this is common). The customer needed the money and had a second phone number for the same bank and he dialed it on my wife's office phone while on speaker.

Keep in mind the check came from a company and was not an account held by the customer attempting to cash it. The call was answered with an automated menu which started with a request to enter the bank account number. The customer looked at the bottom of the check and entered the account number. Then the automated voice requested the first 5 digits of the account holders social security number or TIN. The customer not having that information pressed the 0 button several times in an attempt to get to an operator. Immediately, the automated voice said, "Your balance is $846,000, press 2 to transfer funds". With only an account number from a check and pressing several zero's the man had full control of the company's bank account in a matter of seconds. My wife a long term bank manager was stunned.

She called the number back to see if the flaw was repeatable or some digital hiccup. Again it gave her access to the account. She immediately called the company and told them of the problem and urged them to contact their bank immediately.

Scay stuff!


Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

  By Date           By Thread  

Current thread:
  • Modern Bank Security David Farber (Sep 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]