MoneyBookers account hacked and emptied...

[Mousey]

As per post #17 of this thread:

I'm afraid my knowledge has not improved since then - i.e. I still don't know the answers to any of those questions.



If you use "Password retrieval" don't they give you a new temporary password?
And wouldn't I have got that password to my own e-mail in-box?
I have no idea how hackers work, all I can say is that after the theft I was still able to log-in with my original e-mail & password - so I do know that they didn't change those details on my account.

I have obviously written back to MB asking for this to be escalated higher, and also to the FSA to see if they can offer any help.
All I can do now is cross my fingers.

KK

I'm sorry KK, I didn't mean to interrogate you. It's just that most of those questions should and could be answered by MB. They know (or should know) if the activity initiated from your computer (usually from a botnet via malware installed on your computer), or from a different IP location. Same with the other stuff... *sigh* I'm just so sorry they're not helping, and it horrifies me that these type hacks seem to be escalating.

And ewallets want us to leave money in our accounts??

I wish you luck with this. Plese let us know if you hear anything further.

[vinylweatherman]

The information needed differs depending on how the hackers work.

To log in to the eWallet and "push" the money out requires all the login information. This can be taken by using a keylogger or similar piece of spyware on the account holder's computer. Hacking the email address can be done by compromising the security of the ISP hosting the email server. It does not necessarily require the user to have been careless. The third way is by setting up an account at a merchant (casino), and "pulling" the money in via a deposit. It seems that casinos tend to check for irregularities upon withdrawal of winnings, so this gives an opportunity for a fraudster to bring the money in and find another way of moving it through the merchant's system other than withdrawing it. With poker, this is often done using a "chipdump" to a receiving account, and hoping it is not obvious enough for the poker operator to spot it before the money leaves the receiving account. It can also be done with a casino, but it is harder and can only move smaller amounts of money. The Microgaming MPV "sit & go" tournaments are the simplest way to approach this, but this would quickly get spotted if larger amounts were involved because these events get relatively little action, and a sudden increase (especially from the same 5 players) would be quickly noticed.
It's possible that the hacker removed the money before figuring out how to get it out, and ended up playing it away instead of benefiting from it.

It seems rather odd, given the close level of cooperation seen between Moneybookers and casinos when it comes to confiscating winnings already paid out, but subsequently recalled due to "bonus abuse", and the sharing of quite detailed inter player transaction history between Moneybookers and casinos, that it took them four MONTHS to track this money through these same merchants and discover that it was too late to retrieve it.

The only option now would be to take Moneybookers to court and show that the loss was due to their negligence in some way, and that they could reasonably have prevented the fraudsters getting away with the money. I am not sure the FSA will be any better than the LGA in this respect, although a complaint to the Financial Ombudsman might carry more weight as a prelude to any court action.

Moneybookers would be forced to turn up and show the court proof that it did all it reasonably could to prevent the fraud, and they may decide to cough up the €880 rather than have their actions examined under the spotlight of a court case. Losing such a case would also set a precedent that could trigger further claims from others who have had their accounts hacked.

[GrandMaster]

As per post #17 of this thread:

I'm afraid my knowledge has not improved since then - i.e. I still don't know the answers to any of those questions.



If you use "Password retrieval" don't they give you a new temporary password?
And wouldn't I have got that password to my own e-mail in-box?
I have no idea how hackers work, all I can say is that after the theft I was still able to log-in with my original e-mail & password - so I do know that they didn't change those details on my account.

I have obviously written back to MB asking for this to be escalated higher, and also to the FSA to see if they can offer any help.
All I can do now is cross my fingers.

KK

The FSA don't deal with individual complaints. Check with the Financial Ombudsman Service if they deal with Moneybookers (it is a FSA authorised e-money issuer). If you file a complaint with the FOS, it won't cost you a penny, but it will cost Moneybookers almost as much as if it had just reimbursed you.

[chayton]

I use MB for the convenience but I have to say that they have the worse customer service on the planet. They lost some funds of mine when I was withdrawing to my bank, I sent an email and got a 'we're looking into it, you'll hear from us in a couple days' mail, then I never heard anything else. I finally called them (on my dime) and after keeping me on hold for 15 minutes they said they couldn't help me and that I'd just have to wait. Eventually the money just showed up in my bank but never did receive a mail back from them or any response at all after that first one.

Their response to you totally sucks KK, there has to be someone you can turn to.

[DiamondGeezer]

I bought security token for my account. Are my funds fully safe now or these hackers or other crackers still could get to my account?

Don't worry as the security tokens generate a unique code for each transaction.

Unlucky KK .

If you deposit like €5k a month they will make you a VIP and send the security token for nothing. Otherwise it is £15. I actually bought one for £15 and am very pleased with it as it makes the system foolproof afaik.

[pinkfloyd]

@geezer sometimes even security tokens dont give you confidence when the place that makes them get hacked http://www.smh.com.au/business/banks...609-1fu2q.html


As a result, said RSA Executive Chairman Arthur W. Coviello, Jr., in an open letter, the company would offer to replace tens of millions of SecureID tokens assigned to most of its 25,000 client organizations.

"On Thursday, June 2, 2011, we were able to confirm that information taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin, a major U.S. government defense contractor," Coviello said.

The letter does not mention the alleged network intrusions at two other defense contractors, Northrop Grumman and L-3 Communications. Neither company has confirmed the break-ins.

[KasinoKing]

Just another very minor update:

I got a letter late last week from the Financial Ombudsman confirming they received my complaint but that they are very busy so it might be a few more weeks yet before I hear anything.

Still have my fingers crossed...
KK

[KasinoKing]

Next minor update:
The Ombudsman phoned me on Friday to say they had started looking at my case!
They then asked me some more questions by e-mail, which I replied too ASAP.

Still hoping this might reach it's final conclusion before a year after the theft took place...
(8 months gone - 4 months to go!)

KK

[Realitybitez]

This is really interesting and scarey Please keep us up to date. I just joined Money brookers recently. Would hate to think its not secure

[PaaskeDKnowUK]

Next minor update:
The Ombudsman phoned me on Friday to say they had started looking at my case!
They then asked me some more questions by e-mail, which I replied too ASAP.

Still hoping this might reach it's final conclusion before a year after the theft took place...
(8 months gone - 4 months to go!)

KK

Was shocked when I first heard about this KK. As I have been using moneybookers for around 9 years now. And never had problems.
I though they were more secure than my own bank Nah thats maybe taking it a bit far

But what I did last year was getting the nice Mastercard which is connected with moneybookers account. (Skrill account)
So I take out money or use them for other things. I actually don't like to have to big amounts on there. Then better to take them out

We don't want to call them moneybookers anymore. Lets get into todays world and call them Skrill (a joke of name if its up to me)

But reason for me to actually post here instead of all my nonsense. Was actually to say I hope the best for you KK. Hope it all works out.
And that you get your money back fingers crossed, and thanks for keeping us updated