Re: Scammers Randomly Target Checking Accounts

["Kurt Grutzmacher" <grutz () jingojango net>]

That is the ultimate in brute forcing. Amazing indeed!

You can already get a directory of all the ABA/Routing numbers[1][2]
(9 digits) so the rest of your brute force would be the 10 digit
account number. Do some research ahead of time with the ABA you're
targeting and find out some different account numbers. I'm pretty sure
they don't just give out random numbers.

Of course the numbers have a format[3][4] so you can easily throw out
the bad ones. How about a WSDL lookup?[5]  :)

Break an account for here[6] and you can verify everything you need to
pull off a good scam. Huh, why do I know all this stuff... ;)

[1] http://www.aba.com/Products/PS98_Routing.htm
[2] http://www.gregthatcher.com/Financial/Default.aspx
[3] http://en.wikipedia.org/wiki/Routing_number
[4] http://www.fedwiredirectory.frb.org/search.cfm
[5] http://www.webservicex.net/aba.asmx?WSDL
[6] http://bettercheck.com/

On 5/3/07, Fergie <fergdawg () netzero net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Holy crap...
>
> Brian Krebs:
>
> [snip]
>
> An alarming report published this week on the official Internet news
> service of the U.S. Air Force highlights the need for consumers to keep a
> close eye on their bank account statements for signs of fraud.
>
> The piece tells the story of an investigation launched after an Colorado
> airman discovered that his bank account was $124.90 less than it should
> have been. The man's bank, a Peterson AFB branch of 5-Star Bank, found that
> scammers apparently generated random account numbers, into which they tried
> to deposit one cent. When one of the tiny deposits clears, the criminals
> know they've hit upon a live account and begin to withdraw funds from it.
>
> Turns out the crooks had automated the process: A 5-Star manager said she'd
> handled approximately 100 phone calls from scam victims since at least
> 2006, and in every case the amount withdrawn was the same and occurred at
> the beginning of the month, no doubt to stay well ahead of the issuance of
> end-of-the-month bank statements.
>
> [snip]
>
> More:
> http://blog.washingtonpost.com/securityfix/2007/05/scammers_randomly_target
> _check.html
>
> - - ferg
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.1 (Build 1012)
>
> wj8DBQFGOix4q1pz9mNUZTMRAsLDAKDRyod+yRfxEuWPIuljW073zqN2uQCeNill
> ptm7M4Zbk6QT/XdQS46Fqzg=
> =WSVI
> -----END PGP SIGNATURE-----
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg(at)netzero.net
>  ferg's tech blog: http://fergdawg.blogspot.com/
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.