Monday, February 07, 2005
Is it Time to Remind Your Customers About PC Security and Could it Save You Money?
Earthlink, a national Internet Service Provider and Webroot, a Colorado based anti-spyware vendor, have said that the installation of malicious spyware reached an all time high in the last quarter of 2004.
Their report indicates that phishing scammers are increasing their potential in volume and they are being more effective as they steal data and identities.System monitors, such as key loggers and screen grabbers, reflected a 230% increase and Trojans increased 110% over the third quarter. Each marked record highs for the year and the problem is just getting worse.
Earthlink and Webroot scanned PCs with software and found nearly 1 in 6 had some version spyware or a Trojan and were therefore rated as being infected. This means that if these are your internet banking customers, look at every sixth customer as a potential loss claim.
A quick poll by the American Bankers Association showed that in the last two years nearly 28% of banks saw phishing scams at least five times. Half of those saw these scams against them more than 20 times in this period. A few years ago, spyware was used often to see where a user went on the web and what they purchased. But phishers are sending out the spyaware now, used in many attacks.
David Moll, CEO of Webroot, said that the practice of "drive-by downloading continues to be a great danger. It's actually the preferred method of spyware writers now." This is where hackers exploit vulnerabilities in the user's browser, most often Microsoft's Internet Explorer, to infect unwitting user. Does your bank have a system to install patches in the software run on your own computers? Do you emphasize to your customers that they too should ensure that patches are installed when they are available? Doing so may reduce your risks by promoting awareness and good customer service.
In Miami Joe Lopez is suing Bank of America for $90,000. He claims this money was stolen from his online bank account because the bank failed to protect him. "This exposes all the holes in the system," said Avivah Litan, an expert on online fraud for Gartner Inc., Stamford, Conn. "Banks technically aren't responsible for what happens on your PC. But banks can't reasonably expect consumers to protect themselves from cybercriminals." Litan expects cases like Lopez's to pressure banks into adopting stricter security measures for online banking.
The U.S. Secret Service determined that a variant of a virus known as "coreflood" was on his computer when he logged on one day and saw that a wire transfer had taken place, which he had not authorized. Coreflood provides remote access to an infected computer. In this case, it was used to access Lopez's computer, his internet bank account and to wire out the funds.
Lopez's complaint against the bank include breach of contract, negligence, breach of fiduciary duty, fraud and deceit, and intentional misrepresentation. This should cause all banks to review promotional materials for anything that intimates that internet banking is completely safe. You can't say that unless you could also control your customers' machines and everything that is installed and removed from them.
Earthlink, a national Internet Service Provider and Webroot, a Colorado based anti-spyware vendor, have said that the installation of malicious spyware reached an all time high in the last quarter of 2004.
Their report indicates that phishing scammers are increasing their potential in volume and they are being more effective as they steal data and identities.System monitors, such as key loggers and screen grabbers, reflected a 230% increase and Trojans increased 110% over the third quarter. Each marked record highs for the year and the problem is just getting worse.
Earthlink and Webroot scanned PCs with software and found nearly 1 in 6 had some version spyware or a Trojan and were therefore rated as being infected. This means that if these are your internet banking customers, look at every sixth customer as a potential loss claim.
A quick poll by the American Bankers Association showed that in the last two years nearly 28% of banks saw phishing scams at least five times. Half of those saw these scams against them more than 20 times in this period. A few years ago, spyware was used often to see where a user went on the web and what they purchased. But phishers are sending out the spyaware now, used in many attacks.
David Moll, CEO of Webroot, said that the practice of "drive-by downloading continues to be a great danger. It's actually the preferred method of spyware writers now." This is where hackers exploit vulnerabilities in the user's browser, most often Microsoft's Internet Explorer, to infect unwitting user. Does your bank have a system to install patches in the software run on your own computers? Do you emphasize to your customers that they too should ensure that patches are installed when they are available? Doing so may reduce your risks by promoting awareness and good customer service.
In Miami Joe Lopez is suing Bank of America for $90,000. He claims this money was stolen from his online bank account because the bank failed to protect him. "This exposes all the holes in the system," said Avivah Litan, an expert on online fraud for Gartner Inc., Stamford, Conn. "Banks technically aren't responsible for what happens on your PC. But banks can't reasonably expect consumers to protect themselves from cybercriminals." Litan expects cases like Lopez's to pressure banks into adopting stricter security measures for online banking.
The U.S. Secret Service determined that a variant of a virus known as "coreflood" was on his computer when he logged on one day and saw that a wire transfer had taken place, which he had not authorized. Coreflood provides remote access to an infected computer. In this case, it was used to access Lopez's computer, his internet bank account and to wire out the funds.
Lopez's complaint against the bank include breach of contract, negligence, breach of fiduciary duty, fraud and deceit, and intentional misrepresentation. This should cause all banks to review promotional materials for anything that intimates that internet banking is completely safe. You can't say that unless you could also control your customers' machines and everything that is installed and removed from them.
