Kasikorn hack attempt (?) small amount debited from K-web shopping card

[jspill]

Received an SMS alert for a 171.41 baht transaction I didn't make (physical card was on my person) at 22:41 25/04/14, used at '@EDGE OF LAKE' (no idea).

Phoned Kasikorn support, they said it was an online transaction (my K-web shopping card), they couldn't cancel that card over the phone, so I logged in to do so. Said 'this may be a hack' and that they'd investigate the transaction and email me, I'll post the email if I get one.

Kasikorn have been hacked in recent months, so you may want to check your online statements for small amounts that may be a 'test' before larger withdrawals later. No further money was taken in the 10 mins it took me to cancel the card. I haven't clicked any phishing email links or downloaded any phone apps recently (which Kasikorn warns on their homepage can steal OTPs). I have no recurring billing set up for anything.

You can check within K-cyber banking under Account Management -> Recent Transactions:

Edited April 25, 2014 by jspill

[partington]

Can you tell us how you know that Kasikorn has been hacked in recent months? Link or source would be good, just to show it isn't hearsay?

[jspill]

Can you tell us how you know that Kasikorn has been hacked in recent months? Link or source would be good, just to show it isn't hearsay?

Referring to the fake app/trojan issues widely reported March 2013 http://www.thaivisa.com/forum/topic/623863-kasikornbank-kbank-issues-a-trojan-warning-to-users-of-smart-phones/

The warning is still displayed at login with a 'September 2013 update'

I'm speaking too loosely when I say 'recent months', but the warning is still there as of today, so one would assume it's still going on?

[partington]

This is NOT Kasikorn being hacked!

This means that a source outside Kasikorn asks you to download or places a program on your computer/phone that mimicks and pretends to be a link to Kasikorn .

It is YOU and your computer or phone that have been hacked, when this happens NOT Kasikorn or its website.

OK panic over...

[jspill]

I'm aware of that although as I said I don't use the kasikorn phone app, haven't downloaded anything, haven't clicked any email links, or received any emails with links in to click.

I think it's fine to post a warning thread with a question mark in the title. Mods can remove the 'Kasikorn have been hacked in recent months' part if they see fit.

Edited April 25, 2014 by jspill

[partington]

Don't want to be pedantic, but there is a new bug called heartbleed going around that in some cases indeed does mean that sites of individual banks have been hacked: that is if you click on a genuine link to a genuine bank's website, your personal detals could be stolen.

This is very different and much more serious than the Trojan which Kasikorn has warned all their customers about for well over a year now, which is why I wanted to know if you had new information.

[jspill]

I don't, Thai banks have been silent since Heartbleed.