Hosting generously provided by
|
|
Cool hack: Man exploits random deposit verification flows to steal $50,000
|
Posted 5/27/08 by Robert from the 'officespace 4 lyfe' department
"A California man has been indicted for an inventive scheme that allegedly siphoned $50,000 from online brokerage houses E-trade and Schwab.com in six months -- a few pennies at a time.
Michael Largent, of Plumas Lake, California, allegedly exploited a loophole in a common procedure both companies follow when a customer links his brokerage account to a bank account for the first time. To verify that the account number and routing information is correct, the brokerages automatically send small "micro-deposits" of between two cents to one dollar to the account, and ask the customer to verify that they've received it. "
"Largent allegedly used an automated script to open 58,000 online brokerage accounts, linking each of them to a handful of online bank accounts, and accumulating thousands of dollars in micro-deposits.
I know it's only May, but I think the competition for Threat Level's Caper of the Year award is over.
Largent's script allegedly used fake names, addresses and Social Security numbers for the brokerage accounts. Largent allegedly favored cartoon characters for the names, including Johnny Blaze, King of the Hill patriarch Hank Hill, and Rusty Shackelford. That last name is doubly-fake -- it's the alias commonly used by the paranoid exterminator Dale Gribble on King of the Hill. "
This is a great example of a business flaw attack.
Story Link:
Link to this Story:
Link:
News RSS Feed: Web
|
|
|
Information contained on this website may not be copied without explicit permission.
Best Viewed with Netscape.
|
|
|
Subscribe to CGISecurity.com
|
|
|
|
|
|
The Web Security Mailing List
|
|
|
|
|
Contact us
|
Post News, get linkage!
|
|
|
|
