Feeds

ANZ Bank coughs up as Broome biz fleeced in man-in-the-middle diddle

Bank's Pay Anyone tool pays fraudsters

Protecting against web application threats using SSL

Fraudsters have nicked $50,000 from a Broome Real Estate business after breaking into the agency's ANZ Bank account and altering payment details.

The cons pulled off a man-in-the-middle attack to gain access to the company's account and change the Pay Anyone bank details associated with a client.

Hutchinson Real Estate general manager Mandy Reed told The Register tech teams were unaware how the fleecing was pulled off.

"They said it was a man-in-the-middle attack but no one can tell us anything else about it," Reed said.

"[Attackers] changed the Pay Anyone bank account details of one of our clients so that the name was normal but the account numbers were different."

The cash was then paid into what appeared to be the client account.

She was unsure if malware such as Citadel, the underground's tool of choice for raiding Oz bank accounts, was installed on a staffer's machine or if an employee fell for a phishing email.

Tech teams were upgrading security measures at the agency but together with police did not know further information about the March attack.

The agency was reimbursed $50,000 by ANZ about 10 days after the attack took place.

In January, Aussie property manager Bob Walters had $50,000 moved out of his account via BPAY by an unknown identity thief.

The crim ported his mobile phone number by exploiting weak identity checks in place at Australian telcos, but was unsuccessful in a bid to furry $145,000 out of Walters' bank account.

Perhaps the most absurb case of Perth real estate rorts occurred in 2010 when audacious hackers sold a man's house using his stolen identity credentials.

Scammers were thought to have stolen Roger Mildenhall's email credentials and title deed documents before contacting his property manager by phone, fax and email and eventually selling his house for half a million dollars. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.