HACKED Money removed from my account

News, chat and debate about the Betfair betting exchange.
User avatar
BetScalper
Posts: 1139
Joined: Sun Jul 02, 2017 10:47 pm

suff22886 wrote:
Thu May 31, 2018 9:35 pm
no 2 step activation, i used to use it but stopped when getting a new phone :( lesson learnt.

it’s hard to ask skrill about it, because they deposited £10 with an unknown skrill account, and withdrew the money to the same one. i can’t see what skrill account, when talking to the “contact us” they said it was my skrill account but that’s been deactivated for years, so that’s confusing.

contacted the online fraud website. i’m sure i would have lost the £800 at the world cup anyways..... but it’s just abit worrying if somebody got access to my files. driving license, card details, bank, family details etc. i was on a public wifi at the time (work wifi)

i doubt i’ll see the money again as the funds have left betfair. skrill won’t give it back i bet.
Public WiFi is a NO NO.

Problem is, its easy access. Trains, Buses, Pubs, Restaurants, Airports, Cafés, Libraries , walking along the street. And the amount of paperwork that's stuck in ones bin before the dustmen turn up.

Everyone thinks their secure. But there not, far from it.
User avatar
Derek27
Posts: 23475
Joined: Wed Aug 30, 2017 11:44 am
Location: UK

Is it worth contacting the police?
User avatar
whimsies
Posts: 179
Joined: Sun Oct 02, 2016 7:37 am
Location: Uk

Keeping separate passwords for betfair and generic online accounts as hackers targets soft accounts for passwords and use them banks, betfair etc as we are creatures of habit.
User avatar
BetScalper
Posts: 1139
Joined: Sun Jul 02, 2017 10:47 pm

I think people are missing the point.

Password security is only half the story these days. If somehow they manage to get remote access to your machine then it doesn't matter what your password is, it could be 20 characters long, using numbers, letters and special characters.

If you have key logging software installed/hidden then its only a matter of time before someone/somewhere empties your on-line accounts.

You need to lock down routers, firewalls, ports and change passwords regularly.

The problem is most people don't know how to protect themselves in the 21st Century.

Why do you think the Police, Banks and other organisations are usually one step behind all the time!!!!!
User avatar
gutuami
Posts: 1858
Joined: Wed Apr 15, 2009 4:06 pm

BetScalper wrote:
Thu May 31, 2018 7:18 pm
Derek27 wrote:
Thu May 31, 2018 7:03 pm
Perhaps it's a reminder to us all to check what accounts we have linked to Betfair and remove accounts not in use. I would think this type of fraud should be quite rare because the fraudster needs access to Betfair and the linked account.
Have you not seen the News night program that followed a hacker/fraudster who sat in Starbucks with a laptop and was able to access/install software on several peoples laptops/smartphones while pretending to use his own laptop and talking on his phone ?

It was funny but at the same time rather scary to watch.
this is also fun to watch. https://www.youtube.com/watch?v=Jwpg-AwJ0Jc

as to suff22886 I would recomend to contact everyone that could help - skrill, bank, police, betfair. fight for your money. there's a good chance that you might get it back.
User avatar
Derek27
Posts: 23475
Joined: Wed Aug 30, 2017 11:44 am
Location: UK

suff22886 wrote:
Thu May 31, 2018 9:35 pm
i’m sure i would have lost the £800 at the world cup anyways.....
Don't talk or think like that - I'm sure you would have spent the money elsewhere if you really believed that.

I agree with gutuami, don't let the thieving bastards get away with it.
User avatar
suff22886
Posts: 9
Joined: Wed Nov 30, 2016 2:27 am

ive contacted the police and fraud team, still waiting on betfair security team..... 2nd day now. i dont really know how to tell skrill as ive got no idea what skrill account was used, its impossible for it to be mine.

I think all is lost. Possible nail on the coffin for my trading days, 10 years of training and trying to be good at it :-(
only way im getting the money back is laying england at the world cup.....
User avatar
ShaunWhite
Posts: 9731
Joined: Sat Sep 03, 2016 3:42 am

If you've got enough to lay England and make your money back you've enough to start a trading bank again. Even 50 quid is a start. Illegitimi non carborundum!

Don't give up on the money. I think BF will refund you. It's chicken feed to them and negative publicity about security is the last thing they need. Fraud teams are usually pretty small and they could have had a spate of these, so don't worry it's been a couple of days.
User avatar
ShaunWhite
Posts: 9731
Joined: Sat Sep 03, 2016 3:42 am

BetScalper wrote:
Thu May 31, 2018 11:56 pm
If you have key logging software installed/hidden then its only a matter of time before someone/somewhere empties your on-line accounts.
If only I could embed some screen mirroring software in Hook I'd have an account that topped itself up. I hope Peter trusts the office cleaner. 8-)
User avatar
mcgoo
Posts: 898
Joined: Thu Jul 18, 2013 12:30 pm

Sorry to hear about that fraud-that truly sucks
One of my better trades was to take a year out and do a MSc in Infosec at Royal Holloway in the UK roughly 20 odd years ago. Since then I have contracted/worked in the UK and Aussie in pure Infosec roles (so as to establish a little credibility in the space :)) for some pretty large concerns.The penetration testers/nefarious code/ social engineering I have seen in that time would scare the pants off most internet highway surfers and probably a lot right off the internet. While I am not among the best in my field I have worked with some of the very best and I can tell you if someone skilled targets you, you can't stop them.They will get to you, it is just a matter of time. Right now the fear stick is out of the way :D, there are basic things (some already referred to on this thread ) you can do to help avoid being a target.The best way to protect yourself is defense in depth; put as many obstacles in the way as you can to make you less attractive as a mark.I think if you are a technical beast- and being a trader you are by default, you need to learn this stuff:
e.g. (Not necessarily n order of importance-just flowing off the top of me head):

1. Multi (2) factor authentication on everything, email, cloud drives, Betfair, cloud machines/VPS. This is one of the best controls out there.Strong passwords are good..passphrases are better but MFA will save your ass.Use different passphrases for different accounts too.Use a password vault/safe if you can't remember passwords (passphrases are easier to remember too though)
2. Install a good anti-malware (virus) application.The well known ones are sufficient,I won't advocate product on here but PM me if you have no clue where to start.Keep it up to date-daily if possible
3. Install/activate a firewall on your machine (and router/modem) and ideally learn how to use client/endpoint firewalls to record what is talking to the Internet. Know/learn your connectivity baseline.There are some good free tools out there to help you do this. If you do this you will be a long way to being less insecure.Ditto re PM above.
4. Never ever click on a link /attachment of the mail /source is from an unknown sender.Learn to look for signs of Phishing emails-even from known contacts.Most are easy to spot
5. Don't enable macros on documents by default.Learn how to turn them off by default and prompt you to activate them.If you are not expecting a macro, don't get curious and enable it.Check with the sender of the file.If you are unsure of the mail/attachment, check with the sender
6. Have a recovery strategy in place. Use cloud/NAS/external storage (with MFA enabled) to store key files/data
7. Patch your operating system and applications(where possible) regularly .This is very important-operating system vulnerabilities can result in you being owned in minutes
8. Learn to use virtualisation or backup /cloning mechanisms to copy your configuration/machine(s) and do this on a regular basis. Ransomware is quite powerless against regular and good backups
9. Never ever click on strange/unknown attachments-yes again-this is usually how most people are done :)
10.Never put your credentials into a site that asks for it when you don't expect to have to supply them and don't use you business/trading credentials when you don't have to. A burn (not essential)email address is a good mechanism/ process for ad-hoc web logins that you won't regularly use ......
11. Keep an eye out for large security incidents that could affect you online. A search for SANS Storm Centre, Threatpost, Hacker news will point you in the right direction
12. Did I mention clicking on links or attachments? :D
13. A great resource to check if your credentials have been caught up in a compromise (Don't panic as the credential may not have been used but do change password and enable MFA) is https://haveibeenpwned.com
13. If you are prompted to install a certificate (learn what https is and how certificates feature), especially on open/public/hotel/cafe etc wireless, Don't unless you understand why you are being prompted and by whom.

Anyway, those (imho) are some of the things that can help reduce your attack surface.( It is not definitive security advice but hope it helps). Try to do most of them. Like trading, education is key and this does affect you.They could mean the difference to your online safety while trading. I am getting the family call to go out so if I think of anything else I have left out I'll edit.Cheers, good luck! :mrgreen:
User avatar
Black Ice
Posts: 258
Joined: Thu Nov 06, 2014 12:35 pm
Location: Newmarket Suffolk

Excuse my ignorance...but what is two step authentication & how do i activate it? Sorry to hear.....
sa7med
Posts: 800
Joined: Thu May 18, 2017 8:01 am

This forum lead to me activate it. You gotta download the google authenticator app on your phone and set it up through your betfair settings. https://support.betfair.com/app/answers ... 126/c/468/
User avatar
BetScalper
Posts: 1139
Joined: Sun Jul 02, 2017 10:47 pm

In the next 5 years, 1 in 4 people will be financially hacked regardless of what security they have.

The authorities and anti-virus companies are always a step behind.

Its the price you will have to pay for being connected to the internet.
User avatar
ShaunWhite
Posts: 9731
Joined: Sat Sep 03, 2016 3:42 am

BetScalper wrote:
Sat Jun 02, 2018 8:51 am
In the next 5 years, 1 in 4 people will be financially hacked regardless of what security they have.
It's funny how wild assumptions become fact once they're on the web page somewhere.
User avatar
BetScalper
Posts: 1139
Joined: Sun Jul 02, 2017 10:47 pm

Post Reply

Return to “Betfair exchange”