☰  Help  Calendar  Member List  Search  Portal
 Portal  Search  Member List  Calendar
Hello There, Guest!  Register  Login

HBL ATMs hacked...millions stolen from customers


#1
Bank customers in Karachi have come under duress after reports surfaced a number of ATM users were defrauded after experiencing unauthorized withdrawals from their accounts.

Habib Bank Limited’s six-hundred customers across Pakistan were targeted in this attack which the bank admitted about. Federal Investigation Agency’s cyber-crime wing is initiating a probe into these hacking attacks, reported Express Tribune.

Over 600 customers of HBL are said to have suffered losses close to Rs10 million due to the cyberattack. An FIA official said an ATM at Khayaban-e-Ittehad, Karachi was target of the attack.

Various other cases have also surfaced said to have been reported from Dolmen Mall, Karachi. News of same kind of cyberattack has also been reported in Islamabad.

Other banks including HBL took notice of the hack and blocked ATM cards as safety measure against further losses being incurred.

Over 579 customers have been affected by the cyberattack at HBL at ten ATM locations, said its Chief Marketing Officer Naveed Asghar. Asghar said the attack is being probed and all affected customers who lost less than Rs10 million will be compensated.

The attack was made possible by installing of skimming devices on ATM machines which permits consumer data to be stolen resulting in user ID’s and pin-codes to be leaked.

Asghar emphasized the nature of cyberattack was miniscule, considering HBL customer is around 10 million and assured account holders their debt cards will be replaced on priority and the previous ones have already been blocked, he reiterated.

On another note, State Bank of Pakistan spokesman Abid Qamar said the cyberattack had come to their knowledge via media reports and central bank had contacted HBL to share relevant information with it. He said the central bank will only respond after they receive the information from HBL at the end of these holidays.

[Image: 55a0a8ba0f243-696x418.jpg]

Various bank customers in Islamabad and Karachi are reported to have suffered ATM breach’s after withdrawal of cash from their bank accounts. The cyberattack was brought to their notice after receiving phone calls from their banks.

One customer said he had lost Rs20,000 due to this cyberattack as the bank was too late in responding and blocking the card. Another customer stated hackers had successfully retrieved his data, but the bank was able to foil their bid to withdraw money from his account by timely blocking of his card.

In another customers case, the bank suspecting foul-play, blocked the ATM card as a precautionary measure as they assumed it had been compromised.

A seasoned banker said banks wouldn’t have to face the losses as all kind of deposits were insured with insurance companies, which are liable to pay all claims filed by the banks.
 Reply
#2
Not the first time it has happened and pretty sure not the last.

In 2015 Indian hackers stole thousands of rupees from ATM of HBL Walton Road Branch in Lahore.

Then again it happened in 2016 when hackers managed to compromise critical information of thousands of the bank’s customers. The flaw, they discovered, was through the Visa debit card service and the bank made the decision to switch to UnionPay.However, the hackers seemed to have continued in their efforts as in the start of March, new UnionPay-using cards were issued to the customers with blocked-cards but on the 7th of March 2016, the bank started to block cards again. According to the bank official, this time they found double cards being used against a single number and that is why they took the decision to re-block the cards.

The bank official further revealed that visa debit cards which are current working will also be blocked and the new debit cards will be issued to all customers of the HBL. Soon after, new credit cards will also be issued which will also change to new service from Visa.
 Reply
#3
The correct term for this is "ATM Skimming" and this was done in two parts in case of HBL.

First they installed a card reader where you insert card. So when you are inserting card, you are actually inserting it in fake reader installed by thief rather than bank's.
That reader takes all information from your card like name, card number, expiry etc. BUT not PIN!!!

Because PIN is what you keep it in your mind so for that they installed a tiny hidden camera which recorded what PIN everyone was entering and then BOOM your money is gone!
 Reply
#4
(12-05-2017, 02:18 PM) hussain Wrote: The correct term for this is "ATM Skimming" and this was done in two parts in case of HBL.

First they installed a card reader where you insert card. So when you are inserting card, you are actually inserting it in fake reader installed by thief rather than bank's.
That reader takes all information from your card like name, card number, expiry etc. BUT not PIN!!!

Because PIN is what you keep it in your mind so for that they installed a tiny hidden camera which recorded what PIN everyone was entering and then BOOM your money is gone!


For catching pin it is not known what they did in case of HBL because using camera is not the only way. Sometimes they use fake keypads just like card skimmers. I remember seeing once in MCB ATM on Sharah-e-Faisal Karachi long time back.
 Reply
#5
(12-05-2017, 02:34 PM) KakaSipahi Wrote:
(12-05-2017, 02:18 PM) hussain Wrote: The correct term for this is "ATM Skimming" and this was done in two parts in case of HBL.

First they installed a card reader where you insert card. So when you are inserting card, you are actually inserting it in fake reader installed by thief rather than bank's.
That reader takes all information from your card like name, card number, expiry etc. BUT not PIN!!!

Because PIN is what you keep it in your mind so for that they installed a tiny hidden camera which recorded what PIN everyone was entering and then BOOM your money is gone!


For catching pin it is not known what they did in case of HBL because using camera is not the only way. Sometimes they use fake keypads just like card skimmers. I remember seeing once in MCB ATM on Sharah-e-Faisal Karachi long time back.


You are right and I doubt HBL will release any info regarding this.
 Reply
#6
Here's how a fake looks like

[Image: E-CmgfvTeYFwTFfgtvDJT-HcKBHbnItRaJKTdKPJ...450daf0f36]
 Reply
 
 
Forum Jump:

Users browsing this thread: