Security scare turns out to be a lot of Skype

Is Skype seeing transaction numbers in an online bank statements as phone numbers?

Last Friday while doing some online banking, I noticed two transactions I'd made recently, one a withdrawal and the other a deposit. The transaction amounts were accurate, and so were the dates. The records even referenced a phone number -- complete with a hyperlink -- that I could click on to make a Skype call to that number.

The only problem was that the records stated that the transactions had taken place in the United Kingdom. I haven't been to the U.K. In fact, both transactions were made at the same Chase ATM in a Dominick's store in Oswego, Illinois.

I called Chase customer service and explained the situation to a customer service rep, who was equally puzzled about what was going on. She accessed my account and assured me she didn't see the U.K. references I could see on my computer. She asked me for a screen shot, which I e-mailed to her so she could verify what was going on. After taking a look at my screen grab, she expressed bafflement, urged me not to click on any links on my screen and transferred me to another rep. He, too was unable to explain what was going on, but assured me that my account didn't appear to be compromised. He told me to change my username and password, offered to cancel my debit card if I wanted to, and gave me his direct line in case I noticed anything else weird.

Changing my username and password made no difference. Then, I did a little checking -- and found that the only time the transactions showed up weirdly was when I used Internet Explorer 7. The screen sort of briefly flickered after I'd logged in and a number with a +44 country code for Great Britain and a hyperlinked "Call" appeared under each of the two transactions.

When I logged in with Firefox, the transactions looked just like every other record, showing the date, the kind of transaction (ATM withdrawal or deposit or point-of-sale) and a reference number. I accessed the account from another computer, first using IE 6 and then using Firefox and everything appeared to be in order.

By now I was thinking maybe the first computer had been infected by a nasty Trojan exploiting an IE7 vulnerability to inject its own code into the bank's traffic and display it on my browser. I also wondered how a seemingly secure banking transaction at one of the largest banks in the U.S. could be co-opted this way. No doubt, with more and more people scrutinizing their online accounts in the wake of a rash of data breaches, I'm not alone in trying to spot anomalies.

Unlike most people, however, I'm regularly in touch with security researchers, so I called several and explained my plight. Their guess: My computer might have indeed been compromised; what I was seeing could well be a classic man-in-the-middle attack or a phishing handoff.

Don Jackson, a security researcher at SecureWorks, told me that several Trojans are floating around online that do just what I had described. The attacks usually target IE. Such Trojans usually hook into browser and network code then install themselves as a browser helper object or as a layered service provider that intercepts network traffic -- even traffic protected by SSL encryption, he said. The Trojans are programmed to do a "find and replace" function for certain transaction details such as destination routing and account numbers. Sources are often changed to hide the activity from the victim or to defeat bank-end fraud-detection mechanisms.

"Often, these find-and-replace functions are custom-coded modules that are developed by the bad guys and downloaded to an existing Trojan infection," Jackson said. The Trojans are designed to capture logs and to reverse-engineer the transaction used by a bank's online applications to find out what data to change to funnel money to themselves. One example of this kind of a Trojan is Torpig, which has mainly targeted customers of European banks but has started to target U.S. bank customers. Another example is called Sinowall.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?