Security scare turns out to be a lot of Skype

Is Skype seeing transaction numbers in an online bank statements as phone numbers?

Last Friday while doing some online banking, I noticed two transactions I'd made recently, one a withdrawal and the other a deposit. The transaction amounts were accurate, and so were the dates. The records even referenced a phone number -- complete with a hyperlink -- that I could click on to make a Skype call to that number.

The only problem was that the records stated that the transactions had taken place in the United Kingdom. I haven't been to the U.K. In fact, both transactions were made at the same Chase ATM in a Dominick's store in Oswego, Illinois.

I called Chase customer service and explained the situation to a customer service rep, who was equally puzzled about what was going on. She accessed my account and assured me she didn't see the U.K. references I could see on my computer. She asked me for a screen shot, which I e-mailed to her so she could verify what was going on. After taking a look at my screen grab, she expressed bafflement, urged me not to click on any links on my screen and transferred me to another rep. He, too was unable to explain what was going on, but assured me that my account didn't appear to be compromised. He told me to change my username and password, offered to cancel my debit card if I wanted to, and gave me his direct line in case I noticed anything else weird.

Changing my username and password made no difference. Then, I did a little checking -- and found that the only time the transactions showed up weirdly was when I used Internet Explorer 7. The screen sort of briefly flickered after I'd logged in and a number with a +44 country code for Great Britain and a hyperlinked "Call" appeared under each of the two transactions.

When I logged in with Firefox, the transactions looked just like every other record, showing the date, the kind of transaction (ATM withdrawal or deposit or point-of-sale) and a reference number. I accessed the account from another computer, first using IE 6 and then using Firefox and everything appeared to be in order.

By now I was thinking maybe the first computer had been infected by a nasty Trojan exploiting an IE7 vulnerability to inject its own code into the bank's traffic and display it on my browser. I also wondered how a seemingly secure banking transaction at one of the largest banks in the U.S. could be co-opted this way. No doubt, with more and more people scrutinizing their online accounts in the wake of a rash of data breaches, I'm not alone in trying to spot anomalies.

Unlike most people, however, I'm regularly in touch with security researchers, so I called several and explained my plight. Their guess: My computer might have indeed been compromised; what I was seeing could well be a classic man-in-the-middle attack or a phishing handoff.

Don Jackson, a security researcher at SecureWorks, told me that several Trojans are floating around online that do just what I had described. The attacks usually target IE. Such Trojans usually hook into browser and network code then install themselves as a browser helper object or as a layered service provider that intercepts network traffic -- even traffic protected by SSL encryption, he said. The Trojans are programmed to do a "find and replace" function for certain transaction details such as destination routing and account numbers. Sources are often changed to hide the activity from the victim or to defeat bank-end fraud-detection mechanisms.

"Often, these find-and-replace functions are custom-coded modules that are developed by the bad guys and downloaded to an existing Trojan infection," Jackson said. The Trojans are designed to capture logs and to reverse-engineer the transaction used by a bank's online applications to find out what data to change to funnel money to themselves. One example of this kind of a Trojan is Torpig, which has mainly targeted customers of European banks but has started to target U.S. bank customers. Another example is called Sinowall.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?