We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
NATWEST online banking - rapport safety software not so safe
chris_wales
Posts: 20 Forumite
Hi, Just thought I would alert all fellow natwest online customers to an issue i had a few weeks ago.
After installing (on natwests recommendation) thier rapport security software supplied by trusteer, the software gives you a green "go ahead" when you sign into online banking that the page is indeed natwest and secure etc.
HOWEVER... i had a virus on my pc, and when i went to the online login was prompted to enter full sort code, account number and date of birth etc. but rapport was giving the green light as if to say was all safe to do so.
Obviously i wasnt stupid enough to do so, so i contacted natwest, they said i had a virus and disabled my online access to my account, when questioned about rapport they said it wouldnt give me the green light to go ahead unless all was ok, so i had to send screen shots to thier phising department.
After sending screen shots of the page i was prompted with I had several urgent emails from trusteer requesting web conferences and phone calls as i had highlighted a serious flaw in the software that allowed something called "frame injection".
basically rapport checks where the requested webpage comes from, ie natwest, and gives the green light, however a virus could inject a new frame onto that page overlaying the original login requesting further details, and rapport wont pick it up! Of course the details you input dont go to natwest but to some peice of scum somewhere intent on ripping you off!
So... if your asked for anything your not normally asked for, even if rapport is green and says its ok, dont believe it!
Know its pretty obvious, but if it saves just 1 of you from being fleeced then worth my time posting this!
After installing (on natwests recommendation) thier rapport security software supplied by trusteer, the software gives you a green "go ahead" when you sign into online banking that the page is indeed natwest and secure etc.
HOWEVER... i had a virus on my pc, and when i went to the online login was prompted to enter full sort code, account number and date of birth etc. but rapport was giving the green light as if to say was all safe to do so.
Obviously i wasnt stupid enough to do so, so i contacted natwest, they said i had a virus and disabled my online access to my account, when questioned about rapport they said it wouldnt give me the green light to go ahead unless all was ok, so i had to send screen shots to thier phising department.
After sending screen shots of the page i was prompted with I had several urgent emails from trusteer requesting web conferences and phone calls as i had highlighted a serious flaw in the software that allowed something called "frame injection".
basically rapport checks where the requested webpage comes from, ie natwest, and gives the green light, however a virus could inject a new frame onto that page overlaying the original login requesting further details, and rapport wont pick it up! Of course the details you input dont go to natwest but to some peice of scum somewhere intent on ripping you off!
So... if your asked for anything your not normally asked for, even if rapport is green and says its ok, dont believe it!
Know its pretty obvious, but if it saves just 1 of you from being fleeced then worth my time posting this!
0
Comments
-
Which is one of the many reasons why such software is unnecessary and misleading. If you were not quite as savvy as you are, you'd have been phished. Poor show from banks, in my view. If you can't trust the software the bank supplies to say "Yup, this is us!", what's the point?Starting Debt: ~£20,000 01/01/2009. DFD: 20/11/2009 :j
Do something amazing. GIVE BLOOD.0 -
have to admit was very clevily done, i dread to think how much natwest paid for that software from trusteer, and i can only estimate in excess of a few hundred thousand, but imagine the conversation they had when realised it didnt stop phishing as it probably promised to do, i reckon that was a nightmare day for a lot of people at trusteer lol!
Now i realise why i had the head of technical support email me non stop for 2 days requesting web conference and remote access to my pc!!!
Should have agreed but asked for a fee for my time, like £5000, bet theyd have paid it lol0 -
I like to think that knowing my bank login process inside out (and PINSentry adding a bit of randomness to the pool), using OpenDNS with phshing protection turned on, Google Chrome with phishing protection (albeit I think they both use the phishtank database), I'm faaaaairly safe.
That's more than 95% of the population has or does though, I suspect.Starting Debt: ~£20,000 01/01/2009. DFD: 20/11/2009 :j
Do something amazing. GIVE BLOOD.0 -
This will be of interest on the main Rapport thread, so have added a link there
( http://forums.moneysavingexpert.com/showthread.html?t=1579343 )~cottager0 -
chris_wales wrote: »have to admit was very clevily done, i dread to think how much natwest paid for that software from trusteer, and i can only estimate in excess of a few hundred thousand, but imagine the conversation they had when realised it didnt stop phishing as it probably promised to do, i reckon that was a nightmare day for a lot of people at trusteer lol!
Now i realise why i had the head of technical support email me non stop for 2 days requesting web conference and remote access to my pc!!!
Should have agreed but asked for a fee for my time, like £5000, bet theyd have paid it lol
what I'd like to know is whether the fake page appeared from you clicking on a link somewhere (such as an e-mail) or whether you manually went to natwest.com (nwolb.com) and got the fake data entry page.
Personally, I think it was the former rather than the latter since I really doubt the URL would have shown as nwolb.com because the site uses an SSL certificate and I would *hope* even Trusteer isn't so stupid as to not be able to validate the data coming over the connection against the SSL cert.
What it does show however is that if you get directed to a phishing site, Trusteer isn't always clever enough to recognise it as being a phishing site.0 -
It wasn't really a phishing site, it was a virus on the OP's machine modifying the webpage in the browser on the fly. The bottom line is that it isn't possible to do internet banking safely on an infected machine.What it does show however is that if you get directed to a phishing site, Trusteer isn't always clever enough to recognise it as being a phishing site.0 -
what I'd like to know is whether the fake page appeared from you clicking on a link somewhere (such as an e-mail) or whether you manually went to natwest.com (nwolb.com) and got the fake data entry page
wasnt from a link, i went to natwest.com and clicked on log in for online banking same as i did every day.0 -
It wasn't really a phishing site, it was a virus on the OP's machine modifying the webpage in the browser on the fly. The bottom line is that it isn't possible to do internet banking safely on an infected machine.
possible but unlikely, it's much simpler to modify the computer's hosts file to make the DNS address resolve to a different IP, frankly it's pathetic that Trusteer don't have a hard-coded list of IPs that the nwolb.com DNS address should resolve to0 -
That wouldn't work, even if Rapport was just performing a rudimentary check on the SSL certificate. An attack like this would require the browser to set up a genuine TLS connection with nwolb.com in the first instance.possible but unlikely, it's much simpler to modify the computer's hosts file to make the DNS address resolve to a different IP, frankly it's pathetic that Trusteer don't have a hard-coded list of IPs that the nwolb.com DNS address should resolve to0 -
possible but unlikely, it's much simpler to modify the computer's hosts file to make the DNS address resolve to a different IP
Except that is exactly the sort of attack that Rapport is supposed to detect. Security has improved, people are wising up to "normal" phishing and suchlike and becoming slightly more wary (checking the padlock icon, not ignoring certificate warnings, etc) so the scammers are upping their game.
This sort of attack is real and is happening.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.8K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.7K Work, Benefits & Business
- 619.4K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards