There are bad guys in Australia that have given away money in order to use social engineering and harass people with abusive transaction descriptions that appear in online banking records. Australia’s Commonwealth Bank (CBA) revealed the practice today after finding over 8,000 customers had received such messages.
“In a three month period, we identified more than 8,000 CBA customers who received multiple low-value deposits, often less than $1, with potentially abusive messages in the transaction descriptions – in effect using them as a messaging service. All genders were sending and receiving these messages, but the nature ranged from fairly innocuous ‘jokes’ using profanities to serious threats and clear references to domestic and family violence.”
The bank allows transaction descriptions allow up to 18 characters, enough to say some nasty things in a single payment and to add up to something revolting with a few transactions. The bank’s response is changes to its Acceptable Use Policy that state: “It is unacceptable to use our digital services to stalk, harass or intimidate any person and if we see this we may refuse transactions or close a perpetrator’s account entirely.”
An Australian Senate Committee recently closed an inquiry into domestic violence three months early, without conducting hearings or producing a report. A new committee has been formed to again consider the issue. New- school security awareness training can ensure your users can learn how to spot red flags.
The Register has the full story: https://www.theregister.com/20