Moneybookers, very dubious security

**thelawnet** · 2nd September 2008, 02:01 AM

Something has always struck me as fishy about moneybookers.

Anyway, I have received 'failed login attempt' emails:

"We would like to inform you that a failed login attempt has been made on your Moneybookers account. "

I received these on 14th August, 15th August and 19th August, and contacted moneybookers, they were not helpful, just said:

Please note that our privacy policy does not allow us to provide you with the IP in question.

Please be kindly informed that we have not noticed any suspicious successful logins to your account.

I have received another 'failed login' email today, it seems very strange. Beware of moneybookers.

**anniemac** · 2nd September 2008, 02:32 AM

Might not be Moneybookers. I get emails from Bank of America, Wells Fargo and Chase about failed log in attempts and I don't have an account at any of them. The emails will go on to ask for information that someone could use if I did have an account with these banks.

**chuchu59** · 2nd September 2008, 05:14 AM

When you ask MB a question, they will provide you with wayward answers. Furthermore, contacting them thru their messaging centre is something of a nightmare. They choose to respond to some of your messages and ignore the others.

On the failed login messages though, sometimes I typed in my password erroneously and that message was immediately sent to my email account. There have not been any instances where I have not typed my password wrongly and I was still sent the messages.

**kauphy** · 2nd September 2008, 06:51 AM

its called phishing or something along thoes lines and when you click on a link in the e-mail it takes you to a page that looks like a real log-in thing and then you try to log in and someone gets ur log-in info and takes all ur money thats in ur account or gets all ur info so be careful.

**suzecat** · 2nd September 2008, 10:19 AM

Originally Posted by thelawnet

Something has always struck me as fishy about moneybookers.

Anyway, I have received 'failed login attempt' emails:

"We would like to inform you that a failed login attempt has been made on your Moneybookers account. "

I received these on 14th August, 15th August and 19th August, and contacted moneybookers, they were not helpful, just said:

Please note that our privacy policy does not allow us to provide you with the IP in question.

Please be kindly informed that we have not noticed any suspicious successful logins to your account.

I have received another 'failed login' email today, it seems very strange. Beware of moneybookers.

I have received those emails as well AND I DO NOT HAVE A MB ACCOUNT

. Also getting the others ostensibly from Wells Fargo, Chase, Paypal, BofA, etc. They sure look genuine UNTIL you hover over where they want you to click and the little window shows where the redirect is pointing. So unless you have actually attempted to login to MB and were not successful (thereby prompting the MB system to generate an emal) I would say you are being phished.

**chuchu59** · 2nd September 2008, 10:34 AM

I must say that the paypal one looked very genuine except for the fact that they did not address me by my name. Anyway, I have sent this one back to paypal and they are looking at it.

**thelawnet** · 5th September 2008, 12:26 PM

Originally Posted by suzecat

I have received those emails as well AND I DO NOT HAVE A MB ACCOUNT

. Also getting the others ostensibly from Wells Fargo, Chase, Paypal, BofA, etc. They sure look genuine UNTIL you hover over where they want you to click and the little window shows where the redirect is pointing. So unless you have actually attempted to login to MB and were not successful (thereby prompting the MB system to generate an emal) I would say you are being phished.

I know a fair bit about phishing, and I can say with confidence that it is not phishing, firstly because it is the same as the email you get if you have logged-in incorrectly, secondly because it has my name, not just my email address, and thirdly because the email headers stack up:

Received: by 10.180.243.6 with SMTP id q6cs118466bkh;
Mon, 1 Sep 2008 11:34:34 -0700 (PDT)
Received: by 10.103.213.10 with SMTP id p10mr4582665muq.46.1220294073716;
Mon, 01 Sep 2008 11:34:33 -0700 (PDT)
Return-Path: <no_reply@moneybookers.com>
Received: from mb4.moneybookers.com (mb4.moneybookers.com [83.220.158.6])
by mx.google.com with ESMTP id e8si32023787muf.6.2008.09.01.11.34.32;
Mon, 01 Sep 2008 11:34:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of no_reply@moneybookers.com designates 83.220.158.6 as permitted sender) client-ip=83.220.158.6;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of no_reply@moneybookers.com designates 83.220.158.6 as permitted sender) smtp.mail=no_reply@moneybookers.com
Received: from bunker5.intra.net (bunker5.intra.net [192.168.17.5])
by mb4.moneybookers.com (Postfix) with ESMTP id A9A7920ED62
From: =?UTF-8?B?d3d3Lm1vbg==?=
=?UTF-8?B?ZXlib29rZQ==?=
=?UTF-8?B?cnMuY29tIA==?= <no_reply@moneybookers.com>
Subject: Failed login attempt on your Moneybookers account
Date: Mon, 1 Sep 2008 20:34:31 +0200
Message-ID: <20080901_183431_001655.no_reply@moneybookers.co m>
MIME-Version: 1.0
Content-type: text/plain; charset=utf-8

Compare that with the phishing attempt I received addressed to 'Bath Email Account User' (strange thing to phish as it's quite a small university)

X-Originating-IP: [130.18.2.119]
Authentication-Results: mta301.mail.mud.yahoo.com from=bath.ac.uk; domainkeys=neutral (no sig)
Received: from 130.18.2.119 (EHLO catalpa.its.msstate.edu) (130.18.2.119)
by mta301.mail.mud.yahoo.com with SMTP; Thu, 04 Sep 2008 03:43:38 -0700
Received: from localhost (archive.msstate.edu [130.18.80.18])
by catalpa.its.msstate.edu (8.13.8/8.13.8) with ESMTP id m84Ah7J8013490;
Thu, 4 Sep 2008 05:43:09 -0500
Received: from 196.220.10.250 ([196.220.10.250])
by webmail.msstate.edu (IMP) with HTTP
for <jpd57@mail.msstate.edu>; Thu, 4 Sep 2008 05:43:06 -0500
Message-ID: <1220524986.48bfbbbab92c7@webmail.msstate.edu>
Date: Thu, 4 Sep 2008 05:43:06 -0500
From: Bath Support Team <accounts@bath.ac.uk>
Reply-to: singnet.helpdesk@y7mail.com
Subject: Bath Email Account
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.8
X-Originating-IP: 196.220.10.250

It's easy to see that the latter is phishing, and the former genuine.

There is no question that there has been somebody trying to login to my account, several times, but one wonders why moneybookers bother to tell you when their support won't do anything about it when it happens.

**thelawnet** · 11th September 2008, 11:01 PM

just received another of these emails

**villa10** · 20th September 2008, 02:00 AM

I've asked Moneybookers about the same emails (2) and they told me that indeed there's their security alert.
In my case hackers from another country.
They advice was to change the email.

Now, the hole in security with MB, is that the username that we give for our deals, is the same that we use to login.

At least they have to implement another security step, such a security question after the user/password, to finally access the account.

**slotplayer** · 20th September 2008, 02:15 AM

Originally Posted by chuchu59

I must say that the paypal one looked very genuine except for the fact that they did not address me by my name. Anyway, I have sent this one back to paypal and they are looking at it.

I get those every other day. PayPal is very good at stopping those.

I also get the bank ones quite frequently. Currently I'm getting the millions left to an heir and they need a bank, bla bla bla.