What if someone stole money from your bank account and the bank was not responsible for the loss? It could happen. By now, most computer users have heard of keyloggers which record all key strokes one does on their computer. These keyloggers come in various forms. Some need a wealth of IT knowledge to implement and others, your five year old child could implement.
Starting off with the less complex would be the ones that plug into the back of your computer between the actual computer and the keyboard. These are easily installed and removed without the user’s knowledge. After all, how many times do you look at the back of your computer? A maintenance worker, co-worker, or janitor could easily install these and capture all your usernames and passwords that you keyed in during the time the small device was installed.
More complex keyloggers come in the form of a trojan virus. A trojan is a type of virus that can be as simple as code hidden in a trusted piece of software, download, or attachment. Once installed on a user’s computer the options are endless. There are several well known viruses out there that prey specifically on user’s bank accounts. One such virus, the Trojan Clampi, has just led to the theft of $479,000 from the Cumberland County Redevelopment authority.
This virus has also been used to steal $75,000 from an auto parts store in
To prevent yourself from becoming a victim all you need to do is make sure that the trojan is not installed on the company’s computers that are used to access bank information. Easy to say, but hard to implement. In most cases, the criminals are going after the large company bank accounts and do not touch the personal accounts, although they do occasionally. It is more than likely that many of your employees access their personal banking from their work computer, so almost every computer could present a criminal with an opportunity.
For the hardware keyloggers, you could simply look for them on your computer. For the trojan, like the Clampi Trojan, an easy way to alleviate the risk would be for your bank to require a password and something you have to do to gain access to your bank account. This dual form of authentication could be biometric or a smart card. This would make the trojan virtually useless to the criminal because they would be unable to duplicate your biometrics or smart card. Unfortunately, not all banks require this kind of authentication due to cost and complexity. However, several banks do offer dual factor authentication and I recommend you call your bank to inquire whether they offer this type of authentication. The next best thing to do is make sure your computer is secure. The following are nine steps to make sure your computer is secure:
1. Make sure you are running antivirus software on your computer, and that you have installed the latest virus updates.
2. Make sure you have a firewall installed on your computer to monitor the flow of Internet connections into and out of your machine.
3. Download and install any critical updates and security patches from your operating system vendor. You can find all the latest bug fixes and patches for the Windows operating system on the Microsoft website.
4. If you're using a Wi-Fi network, ensure it is password protected and secure, to prevent other people from being able to piggyback off your connection, or worse, hack into your network and access files and information stored on your computer.
5. When surfing the Internet, do not click on any suspicious links, especially unsolicited emails from unknown senders, or on social networking sites, and instant messaging services.
6. Consider using a prepaid credit card when shopping online, to isolate that account from your debit account or those used for online banking. That way, if anyone does make a fraudulent transaction using those card details, they can only spend a restricted amount of money loaded on to the card, and it also operates separately of your current account, meaning not all of your bank details will be compromised.
7. If you do fall prey to Clampi, or other similar viruses, make sure you change your password and login details for all banking and finance accounts that may have been compromised by the infection.
8. Consider using a separate computer for only banking and no other Internet surfing.
9. Consider a third party security assessment.
A third party security assessment for any organization is helpful and needed to make sure your changing Information Technology environment is secure. Even with the best intentions, small IT changes made by your evolving organization could present large risks. A third party security assessment would allow a second set of eyes to verify that changes made do not cause issues in the future. If you would like more information on a third party security assessment please contact me.
Preventing a problem is much better than dealing with the aftermath of those problems.
However - as these things do happen, there is an insurance solution that your agent can talk to you about to protect you from these attacks.
"Cyber Theft" or "Computer Fraud" are endorsements that can be added to an existing crime policies for a very low cost.
Posted by: John Olkowski | October 23, 2009 at 10:50 AM