Hacker cleans out bank accounts
20/07/2003 Written by Edwin Lombard
Hundreds of thousands of rands stolen via Internet from Absa clients.
A HACKER is targeting clients of South Africa’s largest bank and has managed to steal hundreds of thousands of rands by breaching their accounts over the Internet.
The Police Commercial Crimes Unit confirmed this week it was investigating nine cases involving thefts from Absa accounts.Absa is the leading South African Internet banker with about 35% of the market and about 300 000 online clients.
Police and bank officials say it appears the perpetrator used “spyware” to gain access to the personal computers of the victims, and, having found out their Internet banking information, had transferred money out of their accounts.
Total losses of R230 000 have been reported to police — but one victim said late on Friday that he had discovered another R300 000 missing from his account.
Another victim, Helene van Tonder, a bookkeeper from Bellville, said her whole R15 000 salary had disappeared from her bank account the day after she was paid.
“When I went to the ATM on June 27, all my money was gone. When I contacted the bank, they said I must go and lay a charge at the police.”
Van Tonder said the bank reimbursed her money and told her that somebody had gained access to her account via the Internet. She had, however, cancelled her Internet account with the bank.
Police spokesman Riaan Pool said police did not yet have all the details of how the hacker had worked but they knew that there was only one perpetrator.
“It is a hacker. The police are following up extremely good clues,” he said.
Absa refused to refer to the culprit as a “hacker” and would only refer to the crime as “identity fraud” committed by a person who had gained access to clients’ accounts through their own personal computers using the Internet.
Absa’s group information security officer, Richard Peasy, said the bank’s “security systems and processes had alerted the bank to suspicious activity before these clients knew about it.
“The transactions were frozen and the process for dealing with potentially fraudulent transactions was instituted,” he said.
However, attorney Harry de Villiers said R300 000 had gone missing from one of his trust accounts when he went to check his statements on Friday. Fortunately, his trust accounts were insured. He said the bank had only alerted him to R10 000 that was mysteriously transferred into one of his accounts earlier in the week.
De Villiers made a report to the police late on Friday. His complaint is in addition to the nine already being investigated by the police.
He said when he checked his accounts more closely later, he discovered that the hacker had transferred amounts of R227 000 and R93 000 to another account.
De Villiers said further inquiries revealed that the person had bought 15 laptop computers by transferring some of the money into the account of the computer company and the rest into an account at a different bank.
Peasy said the crook had gained access to personal information of account holders through their own computers and said it had nothing to do with the bank.
He said the bank had already identified suspects and Absa’s forensic team was working with the police.
“As with other banking channels, no fraud can take place on Internet banking accounts without the fraudster obtaining the client’s Internet banking access account number and PIN number,” he said.
Peasy said it appeared the fraudster had sent unsuspecting clients an e-mail, which, when it was opened, installed software that recorded information.
“It is a new trend called spyware. This has got nothing to do with the bank. It records keystrokes, like your account and PIN number, and then it e-mails the information to a Hotmail mailbox,” he said.
Peasy refused to say how many Absa clients had been defrauded or how much money was involved, saying it was “a forensic issue”.
