80 account holders lose Rs 20 lakh to hackers

funskar

Padawan
Courtesy hackers of savings bank accounts, around 80 account holders have lost approximately Rs 20 lakh so far.
This became known on Saturday when police registered a criminal case at city police station.

Police said amounts were withdrawn from branches of State Bank of India and State Bank of Patiala from various branches since May 25.
"The most recent incident was in the main branch of
State Bank of Patiala wherein hackers withdrew an amount of Rs 10.10 lakh from accounts of 23 customers.
A case under sections 406 and 420 of IPC has been
registered,'' inspector Sandeep Kumar,
station house officer (SHO) of city police station, who is investigating the case.


Source - *timesofindia.indiatimes.com/india/80-account-holders-lose-Rs-20-lakh-to-hackers/articleshow/14198237.cms

:wah:
 

techno

Evil Genius
gaya saara rupaya paani main...shayad hi pakar me aye ktuki din ba din unki techonology bi develop kar rahi hai..........
 

ajaymailed

In the zone
If the users were phished, or their stupidity exploited in anyway, its not the Bank's fault. But if it was a server vulnerability on the part of the bank, they HAVE to return the money. Simple as that.
It might be phishing. if they managed to hack server, then i guess 20 lacs is too small an amount.

even after phishing, they somehow managed to get SMS alerts and one time password sent to phone and without users knowing about it.
 
Last edited:

Desmond

Destroy Erase Improve
Staff member
Admin
IMHO, the concept of money itself should be eradicated and replaced with another secured alternative. (Courtesy: Zeitgeist)

It might be phishing. if they managed to hack server, then i guess 20 lacs is too small an amount.

even after phishing, they somehow managed to get SMS alerts and one time password sent to phone and without users knowing about it.

Can you post source about the SMS alerts allegation, please?

This clearly looks like server-side vulnerability. It should not be possible to change the phone numbers without being logged into the system.
Posted via Mobile Device
 

ajaymailed

In the zone
Can you post source about the SMS alerts allegation, please?

This clearly looks like server-side vulnerability. It should not be possible to change the phone numbers without being logged into the system.
phishing is a guess because amount is 20 lacs. if its a sever side issue then its a gr8 source of worry for all SBI customers, penetrating firewalls, getting access to server, extremely dangerous. if he is able to get the information regarding accounts numbers, balances, transfer them into their bank accounts and withdraw.
 
Last edited:

Desmond

Destroy Erase Improve
Staff member
Admin
Does SBI have a OTN system for funds transfers? I don't have SBI account so no idea.
Posted via Mobile Device
 

Gauravs90

geek........
Once logged in sbi online bank acccount one can easily disable high security option which sends password on users mobile. But they will also need second password( SBI uses two passwords to operate online account) to disable high security option which is unlikely to be obtained by phishing.

But high security is not enabled by default!!!!
One have to enable it and I don't think most users enable the high security option.
 

ajaymailed

In the zone
Once logged in sbi online bank acccount one can easily disable high security option which sends password on users mobile. But they will also need second password( SBI uses two passwords to operate online account) to disable high security option which is unlikely to be obtained by phishing.

But high security is not enabled by default!!!!
One have to enable it and I don't think most users enable the high security option.
they should still get messages when someone adds beneficiary for transferring funds . It takes 16 hours to create a new beneficiary and SMS alerts are sent many times in that period to warn user that beneficiary is added.

Does SBI have a OTN system for funds transfers? I don't have SBI account so no idea.
whats OTN System?
 

krazylearner

poor little me
it is not first time that their security is penetrated .In the past a hacker stole about 4 lakhs from the sbi manager account.Also their websites are regularly targeted by russian hackers .Sometimes they shut them temporarily.
 

thetechfreak

Legend Never Ends
This is sad. Just came across this thread. Government Banks should really beef up their Internet security. This is purely UNACCEPTABLE.
 

prasanth11

Broken In
Recently SBI has changed policy for Third party Fund transfer

FAQs on New Beneficiary Addition Process:

What is the change in the beneficiary addition process?
Now you can add and approve only one beneficiary in each of the following categories : SBI, Inter-Bank, VISA and State Bank Group, in a calendar day, which will be activated by the system during the next calendar day. You can commence funds transfer only after activation of beneficiary.

Can a new beneficiary be activated on the same day?

If you wish to activate the beneficiary on the same day, you will have to click on "Branch Activation Form" in "View" tab of corresponding beneficiary category. The duly signed form needs to be submitted to the Branch for immediate activation.

What if I want to add more than one beneficiary in a day?

If you have already added a beneficiary, which is pending for activation, you can add another beneficiary only after the activation of the previous request. If you wish to activate your previous request immediately, you can submit the beneficiary activation request form to your branch.

How will I come to know that the beneficiary added by me has been activated?

You will receive a confirmation SMS advising activation of your beneficiary on your Internet Banking registered mobile number.

Can I transfer funds to beneficiary up to the daily limit of Internet Banking immediately upon activation?

During the first 5 days after activation, you may not transfer more than Rs. 50,000 in the aggregate to the beneficiary added by you. Thereafter, the full per day limit, as set by you, subject to maximum of Rs. 5 lakh, will become available.

Example: If you have added a beneficiary on Monday, it will get activated on Tuesday and till Saturday, you will be able to transfer a total amount of Rs. 50,000 to this beneficiary. From Sunday onwards, you will be able to transfer up to Rs. 5 lakh to this beneficiary per day.


Can I get my newly added beneficiary approved or activated over phone call/ e-mail to Bank or Bank's representative?


No. Such requests will have to be made in writing under your signature, and submitted to the branch which has given Internet Banking to you.


-----

I added a payee on monday,till saturday, SBi sending me reminder sms that a third party payer has added to your account,if you havent added please delete it
 
Top Bottom