Jump to content

Recommended Posts

I use the Kaspersky Safe Money option when doing online banking. Since yesterday (21/06) when I log on to my bank I get this....

 

_https://analytics.santander.co.uk/mpz/overschrijvenbetalen.do.pekao24.plmultibank.plroya lbank.com/www.abnamro.nlunicreditoi.bankia.es/es/pofssavecredit.co.uk/POFS-NPS/do/login?11=bankinter.comeine.deutsche-bank.de/trxm/db/invoke/www.facebook.com.cedacri.it/hb.labanquepostale.fr/cbi-org.eubs.com/hb/mainhttps://online.westpac.com.au/esis/Login/SrvPagecash.sea.winbank.grbancopopular.pttps://ib24.csob.cz/bbvanet.cl/bbvanet/Processcotiaonline.scotiabank.com/online.bulbank.bgctfs.com/do/login/EBC_EBC1961/EBC1961.ashx?.bankofamerica.com/?TYPE=www.53.com/sitescobank.com.halifax-online.co.ukzakazi.ml/werz/trmy/fljsecure.bnpparibas.net/banquerroreleveCPP-releve_ccp.eagricola.ptlweb/WebPortalbarclays.pt/business/assets/assets/insight-tagging/utag-1234567890.js.td.com/waw/idp/login.htmhttps://mail.runpayroll.adp.com/unregistered/SecurityQuestionExtended.aspxibank.bni.co.id/directRetail/ibank2/javascript/screen/accountDetails.jshttps://sign.mojebanka.cz/cexiLogin.htmlobject.tk/werz/trmy/fljsegg.commbiz.commbank.com.au/Common/Common.Web/javascript/func.js.bankofamerica.com/homepage/overview.go?page_msg=signoffunicredit.itan.authori zationline.ingbank.pl/bskonl/pfm/https://www.bpinet.ptaxhawk.com/tdsecure/intro.jspcs.directnet.com/dn/c/cls/authsbc.bmidfirst.combanking.postbank.de/rai/logib.mebank.com.au/MEhttps://chaseonline.chase.com/MyAccounts.aspx.akbank.com/WebApplication.UI/entrypoint.aspxhttps://www.business.hsbc.co.uk/1/2/!ut/p/c5/Paymentreprises.secure.societegenerale.fr/bankofscotland.co.uk/personal/logon/loginhttps://particuliers.secure.lcl.fr/outil/.citizensbankonline.com/efs/servlet/efshttps://www.hsbc.co.uk/1/2/!ut/p/kcxml/bendigobank.com.au/banking/BBLIBanking/amazon.co.uk/personal/a/account_detailscoopanet.comy.jcb.co.jp/iss-pc/member/ipkobiznes.pl/accesd.desjardins.com/enhttps://www.anz.com/INETBANK/logincartabcc.it/script/Login2ServletWCE=Passmarkontopen24.ie/online/ib.slsp.skb24.pl/ibosantander.clWsAccountsListdcanadatrust.combanki eren.rabobank.nl/klantencdc-net.com/AcctOverview.aspxavvillas.com.co/wps/portal/helpcenter.santander.co.ukhttps://www.ib.boq.com.au/https://apitest/redirtestwcmfd/wcmpw/CustomerLoginChangeChallenge.bselk.plyoutube.comon tepio.pt/bank.bbt.com/auth/pwdcredit-agricole.frcredit-suisse.combancosecurity.clwww22.bmo.comAID=HOME-000cic.fr&i=3&cid=2&vn=K0h0p&ec=96366421&si=0&e=ht tps://retail.santander.co.uk&LSESSIONID=jLd1oqAZ4oEldiyE Jhsr3z8MovuSpH3aVk20EXavFtPX08UvP8Vz5cKjYW8=&eu=ht tps://retail.santander.co.uk/LOGSUK_NS_ENS/BtoChannelDriver.ssobto%3fdse_operationName%3dLOGO N%26dse_processorState%3dinitial%26redirect%3dS;ht tps://analytics.santander.co.uk/mpz/overschrijvenbetalen.do.pekao24.plmultibank.plroya lbank.com/www.abnamro.nlunicreditoi.bankia.es/es/pofssavecredit.co.uk/POFS-NPS/do/login?11=bankinter.comeine.deutsche-bank.de/trxm/db/invoke/www.facebook.com.cedacri.it/hb.labanquepostale.fr/cbi-org.eubs.com/hb/mainhttps://online.westpac.com.au/esis/Login/SrvPagecash.sea.winbank.grbancopopular.pttps://ib24.csob.cz/bbvanet.cl/bbvanet/Processcotiaonline.scotiabank.com/online.bulbank.bgctfs.com/do/login/EBC_EBC1961/EBC1961.ashx?.bankofamerica.com/?TYPE=www.53.com/sitescobank.com.halifax-online.co.ukzakazi.ml/werz/trmy/fljsecure.bnpparibas.net/banquerroreleveCPP-releve_ccp.eagricola.ptlweb/WebPortalbarclays.pt/business/assets/assets/insight-tagging/utag-1234567890.js.td.com/waw/idp/login.htmhttps://mail.runpayroll.adp.com/unregistered/SecurityQuestionExtended.aspxibank.bni.co.id/directRetail/ibank2/javascript/screen/accountDetails.jshttps://sign.mojebanka.cz/cexiLogin.htmlobject.tk/werz/trmy/fljsegg.commbiz.commbank.com.au/Common/Common.Web/javascript/func.js.bankofamerica.com/homepage/overview.go?page_msg=signoffunicredit.itan.authori zationline.ingbank.pl/bskonl/pfm/https://www.bpinet.ptaxhawk.com/tdsecure/intro.jspcs.directnet.com/dn/c/cls/authsbc.bmidfirst.combanking.postbank.de/rai/logib.mebank.com.au/MEhttps://chaseonline.chase.com/MyAccounts.aspx.akbank.com/WebApplication.UI/entrypoint.aspxhttps://www.business.hsbc.co.uk/1/2/!ut/p/c5/Paymentreprises.secure.societegenerale.fr/bankofscotland.co.uk/personal/logon/loginhttps://particuliers.secure.lcl.fr/outil/.citizensbankonline.com/efs/servlet/efshttps://www.hsbc.co.uk/1/2/!ut/p/kcxml/bendigobank.com.au/banking/BBLIBanking/amazon.co.uk/personal/a/account_detailscoopanet.comy.jcb.co.jp/iss-pc/member/ipkobiznes.pl/accesd.desjardins.com/enhttps://www.anz.com/INETBANK/logincartabcc.it/script/Login2ServletWCE=Passmarkontopen24.ie/online/ib.slsp.skb24.pl/ibosantander.clWsAccountsListdcanadatrust.combanki eren.rabobank.nl/klantencdc-net.com/AcctOverview.aspxavvillas.com.co/wps/portal/helpcenter.santander.co.ukhttps://www.ib.boq.com.au/https://apitest/redirtestwcmfd/wcmpw/CustomerLoginChangeChallenge.bselk.plyoutube.comon tepio.pt/bank.bbt.com/auth/pwdcredit-agricole.frcredit-suisse.combancosecurity.clwww22.bmo.comAID=HOME-000cic.fr&i=3&cid=2&vn=K0h0p&ec=96366421&si=0&e=ht tps://retail.santander.co.uk&LSESSIONID=jLd1oqAZ4oEldiyE Jhsr3z8MovuSpH3aVk20EXavFtPX08UvP8Vz5cKjYW8=&eu=ht tps://retail.santander.co.uk/LOGSUK_NS_ENS/BtoChannelDriver.ssobto%3fdse_operationName%3dLOGO N%26dse_processorState%3dinitial%26redirect%3dS;UR L
"21.06.2018 16.32.12;Dangerous URL blocked;listed in database of phishing URLs;Google Chrome;06/21/2018 16:32:12"

As a result I have changed my personal details. As the message states, "Dangerous url blocked", so I presume I am OK accessing my bank account, but I would be very grateful if somebody could explain if I am still under threat from this apparent phishing threat, and whether it has probably been active for some time before being discovered.

Please note also a similar message was also received when I logged on to another bank account.

Thank you.
 

Share this post


Link to post

Same issue for me when logging into TSB bank site, very strange, Trusteer Endpoint protection said all was good!

Share this post


Link to post

Also somebody else on another problem has advised they are also having this problem when logging on to their bank accounts.

Could this be a case of Kaspersky providing "false positives"?

Thank you.

Share this post


Link to post

Very worrying when this happens and this may or may not be relevant but I have just used SafeMoney with my online banking without a problem. My bank is the U.K. bank HBOS  

 

mikethebike

Share this post


Link to post

I've had this same issue when signing into Halifax today. Very concerning. Please can Kaspersky let us know if this is legit or a false positive?

Share this post


Link to post

Hi mikethebike

Using safemoney makes no difference - still get the threat of data loss message when logging into TSB, but I can log into Nationwide without problem without using the safemoney browser..

Same with both Firefox and Chrome.

Share this post


Link to post
17 minutes ago, Saxel said:

Hi mikethebike

Using safemoney makes no difference - still get the threat of data loss message when logging into TSB, 

If it's not Kaspersky, what's generating your message?  In the OP it looks like a chrome message.

Share this post


Link to post
12 minutes ago, Saxel said:

Hi mikethebike

Using safemoney makes no difference - still get the threat of data loss message when logging into TSB, but I can log into Nationwide without problem without using the safemoney browser..

Same with both Firefox and Chrome.

Yes all I was trying to say is that in my case using Safemoney I was able to log in to HBOS without issue about 3 minutes before I posted to that effect. I note that davelaneward had an issue with Halifax (i.e. HBOS) but it isn't clear whether this was via SafeMoney nor what time of day this was. It may have been before or after my successful attempt.  

It may even be that I had no problem because it had been "fixed" at that point or there may be another reason why I had no problem. However I have just tried again and SafeMoney has just warned me of a phishing link being blocked

It may have allowed me to complete entry but at that point I chose to discontinue 

So it appears to be still there

mikethebike

 

 

 

Share this post


Link to post

Not through safemoney. Just chrome with Kaspersky addon. With/without VPN doesn't change anything. My message is exactly the same as the OP, but instead of starting with analytics.santander.co.uk/mpz/ it starts with campaign.halifax-online.co.uk/mpz/ and instead of ending with the Sentander login follow through, it ends with the Halifax follow through. I am willing to bet that the issue is the same for every website named in that long URL.

 

 

Share this post


Link to post
20 minutes ago, davelaneward said:

Not through safemoney. Just chrome with Kaspersky addon. With/without VPN doesn't change anything. My message is exactly the same as the OP, but instead of starting with analytics.santander.co.uk/mpz/ it starts with campaign.halifax-online.co.uk/mpz/ and instead of ending with the Sentander login follow through, it ends with the Halifax follow through. I am willing to bet that the issue is the same for every website named in that long URL.

 

 

As this is online banking and thus has potentially serious consequences,  I wonder if anyone has contacted K for its response.  Frankly this has caused me to express a worrying thought I have had for some time about U.K. banks' position if there was to be a breach of a customer's online bank account when using K's Safemoney 

Barclays for one seems to have withdrawn its offer of a free subscription to K for reasons that are not clear but there is an almost unspoken overtone of K's  links to Russia.

If our online banking security is breached and we have used K's Safemoney does anyone know or has yet asked what position the U.K. banks will adopt?

mikethebike

 

    

Edited by mikethebike
Missed a "an" in a sentence

Share this post


Link to post
7 minutes ago, mikethebike said:

As this is online banking and thus has potentially serious consequences,  I wonder if anyone has contacted K for its response.  Frankly this has caused me to express a worrying thought I have had for some time about U.K. banks' position if there was to be a breach of a customer's online bank account when using K's Safemoney 

Barclays for one seems to have withdrawn its offer of a free subscription to K for reasons that are not clear but there is an almost unspoken overtone of K's  links to Russia.

If our online banking security is breached and we have used K's Safemoney does anyone know or has yet asked what position the U.K. banks will adopt?

mikethebike

 

    

If the security is breached, it is nothing to do with Kaspersky. The only reason we'd have any idea of it, is thanks to Kaspersky. The typical position of UK banks is that if it is fraud, they will reimburse you, just not if you type your details into a false address or something. As the attack vector here (if it isn't a false positive) seems to be some kind of script inserted into the banks own page, it would be entirely their fault and their liability.

Share this post


Link to post

I'm hoping it's going to be a case of this......

https://support.kaspersky.com/us/1870

However, if it's a worst case scenario, would it be a good idea to change bank passwords, but then, having done that, be able to be reasonably confident about online banking activities, since the phishing virus is being blocked?

This appears to be Kaspersky's UK number 0203 549 3495 (option 2), open Monday to Friday 8am to 5.30pm.

Share this post


Link to post
1 hour ago, wileycoyote said:

I'm hoping it's going to be a case of this......

https://support.kaspersky.com/us/1870

However, if it's a worst case scenario, would it be a good idea to change bank passwords, but then, having done that, be able to be reasonably confident about online banking activities, since the phishing virus is being blocked?

This appears to be Kaspersky's UK number 0203 549 3495 (option 2), open Monday to Friday 8am to 5.30pm.

I logged in and changed my username, password and memorable information. Only at the point of logging in does Kaspersky say it blocked something, so hopefully even if the login details were captured at the point of logging in, they're out of date.

Share this post


Link to post

The "threat of data loss" alert is still there when I open a bank log on page this morning.

Do Kapersky read users threads? It would be nice to have some kind of response from them.

Share this post


Link to post

I have logged a ticket with technical support describing the issue and linking to this thread.

Find it difficult to believe that the online security of most major UK banks has been compromised simultaneously, I'm using the same bookmarks I've always used and Trusteer Endpoint protection sees no problem.

Will update when I receive a reply.

Share this post


Link to post
1 hour ago, Saxel said:

I have logged a ticket with technical support describing the issue and linking to this thread.

Find it difficult to believe that the online security of most major UK banks has been compromised simultaneously, I'm using the same bookmarks I've always used and Trusteer Endpoint protection sees no problem.

Will update when I receive a reply.

Thank you Saxel.

Share this post


Link to post

Interesting even the ticket acknowledgement from Kaspersky support is classified by KIS as a phishing e-mail and marked as spam!

And also opening the acknowledgement mail triggers the warning about risk of data loss and informs me a dangerous URL has been blocked - presumably is sees the URL in the e-mail and fires it off.

Share this post


Link to post

Interesting reading these comments. I`ve been linking on another forum site with a person posting on here and this seems a growing problem that`s recently arisen. Of course Lloyds and Halifax are one and the same together with Bank of Scotland. Has anyone had problems with BOS? So far it seems Halifax, Santander and TSB are all affected BUT Nationwide, Tesco and HBOS are not, but I dare say there are more options to come. The message does state a dangerous URL has been blocked so on the face if it then it`s ok to go ahead but if it all goes wrong and you get your bank account is compromised then who is to blame? I called Halifax and they were no use other than suggest changing browsers, which in my case meant from Firefox to Edge but no difference was the result. I do have rapport (trusteer) and asked the Halifax person what they thought of it and was amazed they didn`t know what I was on about....don`t all bank online sites ask you to download it !! With 2 logged tickets to KASP I won`t bother doing the same although if nothing appears from that direction then a phone call Monday will ensure.

Like most people on here I guess we have all run various virus/malware progs and found no problems resulting.

Share this post


Link to post
2 hours ago, Saxel said:

Interesting even the ticket acknowledgement from Kaspersky support is classified by KIS as a phishing e-mail and marked as spam!

And also opening the acknowledgement mail triggers the warning about risk of data loss and informs me a dangerous URL has been blocked - presumably is sees the URL in the e-mail and fires it off.

Hi Saxel. I've sent a query to Kaspersky lab support which, in my case, was acknowledged without any problem.

Like you, I will update when reply received.

Share this post


Link to post
On 6/22/2018 at 8:56 PM, musicrab said:

If it's not Kaspersky, what's generating your message?  In the OP it looks like a chrome message.

With respect, but it's Kaspersky who flag up the "threat of data loss" message, whether one uses safe money or not, well, in my case anyway.

Share this post


Link to post

That is true also in my case also, message is not related to which browser I use, chrome, firefox or edge or if I use safe money.

The detection is listed under reports in KIS.

Surprised that Kaspersky offer no technical support over the weekend.

Share this post


Link to post
8 minutes ago, wileycoyote said:

With respect, but it's Kaspersky who flag up the "threat of data loss" message, whether one uses safe money or not, well, in my case anyway.

No problem at all - I misinterpreted the OP message.  FYI I'm running KIS 19.0.0.1088(a) (forever being updated of-course) and have  had no KIS reports for my frequent recent accesses to Santander, Halifax, Lloyds.  Interesting though. 

Share this post


Link to post
20 minutes ago, musicrab said:

No problem at all - I misinterpreted the OP message.  FYI I'm running KIS 19.0.0.1088(a) (forever being updated of-course) and have  had no KIS reports for my frequent recent accesses to Santander, Halifax, Lloyds.  Interesting though. 

Yes, it is, and it will be interesting to see Kaspersky's response to mine and Saxel's queries.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.