Online banking security
A judge in Maine has ruled that a bank that allowed hackers to steal more than $300,000 from a customer’s online account isn’t responsible for the lost money, saying the customer should have done more to protect the account credentials.
Magistrate Judge John Rich sided with Ocean Bank in recommending that the U.S. District Court in Maine grant the bank’s motions for a summary dismissal of a complaint filed by Patco Construction Company. The ruling was reported earlier this month.
The case raises questions about how much security banks and other financial institutions may be reasonably required to provide commercial customers. It could set a precedent for liability in circumstances where customer systems are hacked and banking credentials are stolen. Small and medium-sized businesses around the United States have lost hundreds of millions of dollars in recent years to such activity, known as fraudulent ACH (Automated Clearing House) transfers. (more…)
Using Windows for banking online, increases your risk of theft.
Summary: Carberp malware targets the bank accounts of Windows users
The latest banking malware Carberp has gone through three versions since it came on the scene last year and continues to add on new features.
Banks, businesses and customer may gradually have to accept the fact that Microsoft is not their friend. Losses incurred by security issues alone are said to have cost the economy over one trillion dollars.
Dr. Phillip R. Romig III, Mines’ Chief Information Security Officer, told Mines’ Department Heads recently that cyber-crime is a one-trillion dollar industry that rivals the international drug trade in size and complexity. And cyber-crime is an industry as complex as any other, but fueled and enabled by malware.
Job applications, new vector for breaking into corporate banking
Small businesses have a new scam to worry about: criminal job applicants who want to break into online corporate bank accounts. I have written about this before in the past:
http://jet-computing.com/category/banking/
There is a much larger story here and that is, it seems to be a verboten topic that no one calls out. The reason all this stuff is allowed to occur, is due to Windows OS insecurity flaws. If you were to purchase a product, and that product allows someone to steal money from you, wouldn’t you sue the creator of that product? Of course.. However, due to the End-User License Agreement (EULA) that you agreed upon, you gave up your rights, when you bought a computer with Windows. A EULA is a legal contract between the manufacturer and/or the author and the end user of an application.
Companies are STILL permitting users to open email attachments on computers with significantly important capabilities. This is a flagrant violation of basic IT security principles. This is not the result of some brilliant hacker finding a hole and stealing hundreds of thousands of dollars with it. This is merely poor training and poor IT security on the part of the hiring department. Please understand, anyone who reads this, that it is fundamentally important to nullify such a common and ancient attack vector with basic training and obvious security principles. (more…)
Defensive Computing for Windows Users
One of the best things a Windows user can do for Defensive Computing is to have a bootable copy of Linux on hand. The classic reason being to rescue a broken copy of the operating sytem, but the much more important reason is for on-line banking.
Anyone that does online banking on a Windows machine is taking a huge risk. Don’t take my word for it, read what the FBI, FDCI and American Bankers Association are saying.
- http://jet-computing.com/doing-online-banking-with-windows-why/
- http://jet-computing.com/businesses-should-conduct-online-banking-from-dedicated-computers/
Most likely they don’t understand how sophisticated the bad guys are at writing malware. Or, perhaps, they put way too much trust in their antivirus program. Or, they may fail to appreciate how hard it is to keep all the installed software up to date with the latest patches. Perhaps the worst type of infection, a man-in-the-browser, can even defeat two factor authentication schemes. (more…)
Google Debuts “This Site May Be Compromised” Warning
Google has added a new security feature to its search engine that promises to increase the number of Web page results that are flagged as potentially having been compromised by hackers.
The move is an expansion of a program Google has had in place for years, which appends a “This site may harm your computer” link in search results for sites that Google has determined are hosting malicious software. The new notation – a warning that reads “This site may be compromised” – is designed to include pages that may not be malicious but which indicate that the site might not be completely under the control of the legitimate site owner — such as when spammers inject invisible links or redirects to pharmacy Web sites. (more…)
Doing online banking with Windows? WHY??
If your a business and you bank online *STOP* doing so immediately. There have been too many instances of banks handing over accounts to cyber-thieves, while claiming that they are not to be held responsible, as YOUR computer was not protected sufficiently. (more…)
Businesses Should Conduct Online Banking from Dedicated Computers
The FBI and the American Bankers Association advise:
Following a flurry of incidents where hundreds of thousands of dollars have been siphoned from the bank accounts of small businesses and public institutions, the Federal Bureau of Investigation (FBI) and the American Bankers Association (ABA) advise using dedicated computers for online banking operations. This unusual security model should severely limit the exposure to malware threats for the PCs in question.
The level of Automated Clearing House (ACH) transfers fraud rose significantly during last year prompting serious concerns from the authorities. These fraudulent schemes are complex and usually leave little evidence behind to help investigators or the victims looking to recover their losses. (more…)
