As B.B. states and knowing enough about IT security to be very dangerous, to have pulled off what occurred was not a simple random hack. You had someone who either had enough knowledge about you and your assets to be worth orchestrating social engineering and hacking your accounts Someone knows your personal details, financial details, mobi”e number, email addresss, crypto accounts, wallets private key etc etc Note much of these information can be gleaned from ANY forums. Ie one can ask you for mobile, account details and email addresss when purchasing and the amount of “assets” you are dealing in and look at particular threads to see if your active in other area. After that skill in social engineering and you become a targeted prey.
That sounds like a feature your bank offers, rather then POLi. So most people will not have that. With most banks you only need to verify the first transaction to a new account you're sending money too, after that it doesn't ask for any verification code anymore. I'm sure there are setting for this to change, but that's the default for most. I still think there is a keylogger involved too.
Another quick update, sorry to give it to you guys in drips and drabs but I'm putting it here as I become aware of it. It turns out that my ID wasn't hacked/stolen afterall. The hackers opened an online account with a small Telco called Lebara and I just got off the phone with one of their representitives. They said that the hackers provided a credit card number for verification to port my number onto their service. When I asked for the card number, she gave me the last 4 digits, which did not match to any of my cards. I asked her that I was under the impression that you would need a drivers license + medicare card + a bunch of other ID to port a number, and she said "In cases where a customer cannot provide that information, then we accept a single credit card". This account was opened through their website also. Essentially, this tiny Telco is saying that they'll bend the rules to pick up new customers. This means that if I wanted to, I could port anybodys number onto this company's network using a bogus Credit card ... very disturbing.
It's not POLi's fault that I got hacked, but because they have an insecure network, the hackers were able to get access to my bank account and transfer money onto my exchange account and then buy cryptos with it.
Thanks BB! I still don't know how it happened, but I've got upto date antivirus software on all of my computers so it wasn't a keylogger (unless it's the latest one out there). As far as I can piece it together right now, they didn't have my personal information (apparently you can port a number to some networks with a bogus Credit card number), and I'm waiting on the bank to get back to me to tell me if the hacker used my bank login details at all. Also, no one knew I had a wallet on the exchange website because I didn't tell anyone, so it wasn't someone I know. I'm still trying to piece it together and I'll keep you guys updated on what the bank comes back with.
This is more than disturbing, it is criminal negligence if true. I would suggest you tell your bank in writing how your money was facilitated by Lebara and contact TIO
Hi Ipv6Ready, I thought that initially, but I haven't told anyone that I'm into cryptos (either personally or online). The IP address the Telco gave me is bogus, the hacker figured out a way to hide his IP address when he ported my number to another phone company, so this is someone advanced who knows what they're doing.
Got the same email about an hour ago, and first thing I thought of was this case. No doubt in my mind it's the same exchange Sammy used and this is them reacting
As BB says hiding IP address can be done easily even without programming background. The hardest and most challenging component of your case is the social engineering aspect, AND everything ie what to target, financial details, email addresses, card numbers etc etc has to be lined up before the porting as once a mobile port occurs, the clock is literally ticking on the fraudster. Almost zero hackers and definitely not fraudsters would be able to get all the required information working backwards on random mobile numbers.
I called Lebara asking to speak to a manager, and they told me that a Supervisor would call me back ... but it's been over 1 week now so I'll report this to the TIO tomorrow and ask for some compensation. It looks like this company has more holes in their systems than a sinking ship.
Thanks Bullion Baron for the link. I checked it out, and the other link you sent me on PM and my email was hacked ... but that was 4 years ago and I've changed my password on that account a few times since then so that looks like a dead end for how these hackers got my information. Still appreciate the information though, thanks!
Looks like you guys are with Coinspot! Yes, these are the guys that I was with when my account got hacked ... but so far as I can tell it wasn't their systems that got hacked. My bank account and phone number were connected to them, and that's how the hackers knew the phone number to port and the bank account to withdraw money from, but at this stage I don't think that they fault is with these guys. I'd also like to say, that I've spoken with one of the founders of Coinspot and he has been in contact with me since the hack and these guys have handled the situation PERFECTLY. They've given me all the information that I've asked for, they've gone out of their way to communicate with the police, bank, phone companies, and they've even changed their policies to make sure that no one else gets hacked. They've done everything I could expect of a company and much much more, short of finding the hackers themselves and kicking their teeth in for me. Coinspot are true professionals and you guys are in good hands dealing with them. The police and phone companies on the other hand are useless! I still don't know how my account was compromised, but I'll keep you guys posted on updates.
Sorry to hear about that Sammy. I was wondering does people use coinspot as a wallet? if not, what wallet to use to store different alt coins?
Hi Sammy, sorry to hear about your loss. Thanks for sharing, as this is a timely warning about all types of hacking scams.
Hi everyone, I've finally gotten to the bottom of this, and its actually an easier scam than someone just hacking my computer. What happened was the hackers found some online footprint of mine which included my name and phone number (it's on one of my employers work profile pages, and is information that I've given to dozens of companies I've done business with, local charities and sports teams, and even some stackers in this community via PM). They then jumped onto one of my social media pages and found out my date of birth. They then used my name, phone number and date of birth to convince a Telco to port my number across to them and then had access to everything from emails, bank accounts and my crypto account. So they didn't target my crypto wallet directly, it was just the easiest place to get to and transfer money out of annonomyously before my bank froze my accounts. This is actually becoming more and more common now, check out this article: http://www.news.com.au/technology/g...e/news-story/1dd352585ece2eba3b686ef95adb5e37 Here's a Bankwest warning about it: https://www.bankwest.com.au/media-c...ew-type-of-scam-to-look-out-for-1292493597511 My advise for you guys to make sure that you're phone number is not available anywhere online, and take your date of birth off your social media pages. Antivirus softare didn't help me, nor did 2FA's, nor the other precautions that I took. This is a new level of paranoid that we need to get to now to protect ourselves.
I did that too, but if the hackers have your phone number then they have access to your 2FA messages as well.
Thank you for the update Sammy, I am going to EBay now and remove my original phone number. Be warned everyone, everytime you buy and sell or pay by PayPal you phone number might be just sitting there.