[SECURITY ALERT] Hackers targeting bullion customers

Discussion in 'Forum News / Announcements' started by Administrator, Nov 4, 2014.

  1. Lately a number of bullion dealers worldwide have experienced a marked increase in the number of targeting phishing and fraud attempts, specifically aimed at defrauding both bullion dealers (retail and wholesale) and their customers. Jewellery dealers are also being targeted.

    These are more sophisticated attempts than the usual bulk spam mail attempts that most people see daily. Without going into too many details of the particular attack vectors, the attackers are attempting to identify supplier-customer relationships, and attempting to trick customers, both retail and wholesale, into redirecting funds to illicit bank accounts.

    The main source of information for the attacks I'm aware of appear to be through bulk email account hacking, and hackers trawling through hacked email accounts looking for users with high value online spending. Email hackers then target the user's future purchases, setting up email forwarding rules that monitor for emails from particular senders (e.g. an online order confirmation email), and then quickly sending a forged email to the customer with new payment instructions that attempt to divert funds to the hacker when they've detected you have placed an order. This is known as a "man in the middle" attack.

    Dealers are also being directly targeted with hacking attempts - the latest method seen this week is an emailed order with an attachment that contains a trojan file, asking the dealer to open the attachment to read the "gold order" - directly targeting the bullion dealer in an attempt to steal passwords, banking details, and whatever other information could be gleaned. Several dealers spoken to have received such emails in the last week, often emailed to specific individuals at the company - again, usually sourced from compromised email accounts of customers that have previously dealt with said company.

    So how can you protect yourself?

    1. NEVER click on links or attachments in emails without verifying the sender - the email may contain a keystroke logging trojan. These come in many forms - browser scripts, browser add-ons, executable files - just don't click on links from people you don't know, and if you do know them, take a moment to check that the email is from the correct email address. It's not uncommon to see an email like "[email protected]" impersonated by something like "[email protected]" - if you don't open up the sender's details to view the email address, it will just look like any other email from Bob's Bullion.

    2. Change your email passwords regularly. If you see a media report about a public email service being hacked that you use - or any other service where you use the same password that you use for your email, change it. It's not uncommon for one service to be hacked, and if you've used your email address there as the user ID, and the same password you used there is also your email password, a hacker can access your email account without it actually being the subject of a hack attempt in the first place - they just need to get your email address and a password from elsewhere, and they will test to see if it's also your email password. So unique email passwords are a really good idea.

    3. Use two factor authentication on your email. If your email service offers this feature, e.g. using Google Authenticator or similar, activate it. If a hacker does obtain your password, it is useless to them without the second authentication device, such as your phone.

    4. Check your mailbox settings, and see if there are any unexplained email rules set up to forward or delete emails - this is a sure sign that someone has accessed your mail account and is listening in.

    5. Most importantly in relation to this issue, ALWAYS verify unusual email instructions by telephone - if you receive an email asking you to send a bank wire to a different account, or to use PayPal instead of a bank deposit, to send bitcoins to a different address - call and verify. This simple step seems like common sense, but is rarely done. Question and verbally confirm any change in payment instructions you receive via email. Every case I've been told about so far involved the hacker attempting to get money wired offshore, e.g. to Malaysia or the UK, which usually immediately alerts people to the scam, but there have been successful frauds pulled off, usually where the supplier is in one country and the customer in another, so wiring funds to "our other office" doesn't seem so farfetched.

    6. Don't store large quantities of metal at home - for now most of these scam attempts appear to be southeast Asian in origin, so it's not some hacker sitting in Sydney or New York doing this that could come into possession of a delivery address - but there are always risks associated with home storage, and more people on this forum have lost metal stored at home than have ever had it stolen from a dealer or storage facility.

    Don't think that you can hide in the herd - it's ridiculously simple to write scripts that can trawl through purchased or hacked lists of passwords to see if they are valid for email accounts, and then run automated searches for known keywords like bullion dealer email addresses - a list of tens of thousands of stolen passwords can quickly be whittled down to a handful of active email accounts that belong to bullion customers. Protect your email, and stay safe!
     
  2. dccpa

    dccpa Active Member

    Joined:
    Aug 29, 2010
    Messages:
    3,107
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    USA
    Whenever I get a notice from my credit card company or just about any other source other than my clients, I ignore the link and go directly to the source though another web page to verify the authenticity of the message. Even with clients, I will get messages sent by a virus on their computers. Those messages are easy to tell and will have a subject like Hi! They get deleted without being opened.
     
  3. Stacked

    Stacked Member Silver Stacker

    Joined:
    May 26, 2013
    Messages:
    189
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Australia
    Admin - Thank you very much for posting this.

    On 23 Oct I received two emails from Reserve Vault, one being for my locker and the other for my insurance.

    I marked these unread and flagged for follow up so that they would appear at the top of my inbox and I saw these each day.

    On the 29th I wanted to make payment and these two emails had disappeared. I checked the deleted box which hadn't been emptied for months. These invoices had disappeared.

    I called reserve vault the next morning to tell them about this as I felt this was "targeted' and perhaps from their system.? No one else had reported anything.

    I made the payments and was advised that they would resend copies of the invoices and receipts but these were not been received.

    I did receive an email re closures for the G20 and this is still in my inbox, so it would appear that only the emails with an attachment are disappearing!

    Admin per your advice I have just checked my mailbox settings, for any unexplained email rules set up to forward or delete emails and there was nothing obvious. Additionally I don't allow any apps to access this email account.

    HOWEVER I decided to look back at the "activity" on my account. This shows the sessions and "Successful Log On", my IP address, alias as in email and the Browser (showing Explorer and Firefox) was on at the time and this looked legit.until just recently and around the date these emails disappeared.

    And then there was an "Invalid log" on by an "Unknown Browser" and since then recorded in the log are numerous records called "Security Challenge".

    What also has now changed is that while I am currently logged in or had logged on, whilst these records are still showing my IP address and alias ( as in email address), these logs are now ONLY showing "BROWSER APP UNKNOWN" .! So I have hit the "this was not me button" for these and for the "Security Challenges" and have changed my passwordso will continue to monitor the activity log.

    In light of the above I have also decided NEVER to request an appointment at the vault via email and instead phone.

    Thanks again admin and to everyone here, please be observant :)
     

Share This Page