Sad Scary State of Bank Security

Who needs guns, threatening notes to rob a bank when you can do it with just your fingertips inside your home?

1SA hacking ring in the eastern portion of Europe may be the most successful team of bank robbers to date, having purportedly robbed $1 billion from multiple banks. This can only be done by infecting computers with malicious software (malware) and sucking out all the money.

Obviously, these hackers aren’t dumb criminals, but they also play on poor security measures of the banks. Apparently, the success of the hackers’ attack was contingent upon an employee clicking on a malicious link in an e-mail or opening a malment in the e-mail (“malment” = malicious attachment).

And that’s exactly what happened; someone fell for the oldest cyber trick in the book. This could have been prevented by not only having Microsoft updates done on a regular basis and having updated antivirus, but educating employees.

The next step in the chain reaction was the triggering of Carbanak, a virus that installs software that logs keystrokes…figuring out passwords this way. But Carbanak also captured screenshots.

How could banks let something like this happen?

Let’s Dissect this Robbery

The thieves sent out phishing e-mails—those containing malicious links or attachments—that are designed to trick people into clicking on them because the messages look legitimate. The crime ring just sat back and waited, knowing it was only a matter of time before someone clicked on one of their malments.

The keylogging gave the thieves all the information they needed to drain the banks. Boy, they sure broke in easily! All because the banks didn’t keep their devices security updated, leaving an unpatched opening—and perhaps the employee(s) who fell for the ruse were doing banking business on the same device they use for personal use—big huge mistake.

And whose fault is that? The bank’s; we can’t expect the run-of-the-mill employee to have built-in knowledge about how hacking rings work and that it’s a gateway to cyber theft if one mixes business activities and personal activities on the same computer. Learn from their mistakes. Update your devices and don’t click links in emails.

Robert Siciliano is an identity theft expert to discussing  identity theft prevention. Disclosures.

10 Tips to Secure Online Banking

Online banking or mobile banking reduces expenses by allowing customers to review transactions, transfer funds, pay bills and check balances without having to walk into a bank branch or make phone calls to a bank’s customer service call center.

Mobile banking, m-banking or SMS banking refers to online banking that occurs via mobile phone or smartphone rather than with a PC. The earliest mobile banking services were offered over SMS, but with the introduction of smartphones and Apple iOS, mobile banking is being offered primarily through applications as opposed to over text messages or a mobile browser.

As convenient as this is, you still need to consider security.

  1. Set a passlock that times out in one minute to access your mobile.
  2. Set your computer’s and mobile’s operating systems to automatically update critical security patches.
  3. Make sure your PC’s firewall is turned on and protecting two-way traffic.
  4. Always run antivirus software on your PC and mobile, and set it to update virus definitions automatically.
  5. Run a protected wireless network. Don’t bank with your mobile on a public Wi-Fi network. Use a free service such as Hotspot Shield VPN.
  6. Never click on links within the body of an email. Instead, go to your favorites menu or type familiar addresses into the address bar.
  7. Beware of SMiShing, which is like phishing but in the form of malicious text messages instead.
  8. Download your bank’s mobile application so you can be sure you are visiting the real bank every time and not a copycat site. Do not check the box offering to remember your login information.
  9. Check your online bank statements frequently.

10. Use strong passwords with numbers and uppercase/lowercase letters and characters.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Clients Alert Banks to Fraud

In a perfect world there would be no sickness, nothing would ever break, everyone would get along, yummy food wouldn’t make you fat, and there’d be no crime. However, there are forces over which you and I have no control and we have to struggle simply to maintain balance.

In a perfect world, a bank wouldn’t need you or me to help detect fraud.

According to a survey of banks and credit unions, 23% learn of fraud through their own auditing processes. This means that more than three quarters of all bank fraud is detected either by customers or third parties. Just 32% of banks felt prepared to prevent online bank fraud.

That’s far from perfect, which means you, the customer, must pay close attention to your accounts.

Check your online statements frequently. I no longer receive paper statements and I don’t wait for my monthly online statement, either. Once a week, I check each individual account online. Check your investment accounts, credit cards, checking and savings account, and any other account that holds your money or grants you credit.

Create a bookmarks folder with links to all your accounts and set a consistent time to check each account, every week. Monday mornings, Wednesday afternoons, or Friday afternoons work for me.

Sign up for Mint. This service helps track activity on your bank and credit card accounts and sends notifications of any transactions involving any linked account.

The moment you spot a discrepancy, contact the institution and remedy the issue. Remember, as accommodating as a lender may be, they will often put up a fight before crediting your account for any losses. Persistence pays off.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses identity theft in front of the National Speakers Association. Disclosures