 Wednesday, November 26, 2003 ( 6:18 AM ) Andy Watch your e-mail in-baskets. Although not up to Microsoft standards I received a fairly good looking message today that I know some people would fall for. It supposedly contains the "November 2003, Cumulative Patch" as an attachment, Update42.exe. What it actually carries is a virus. The MS links and the TRUSTe links I checked worked, adding to the validity. Remember, Microsoft does NOT e-mail patches. You have to download them. # Thursday, November 20, 2003 ( 7:07 AM ) Michele News from Louisville, KY Reading today's local newspaper made it all too clear that Robbery Season is upon us. Just a few miles from my home, a PNC bank branch was robbed by man armed with a semiautomatic handgun. The picture is worth a thousand words -- suspect with hat, dark glasses, gloves, hooded jacket -- not your typical outfit for a bank customer. The news reminded me of another tragic bank robbery that occurred a few years ago, again only a few miles from my home. That time an innocent teller lost her life in a tragic robbery gone awry. If your bank hasn't instituted a voluntary dress code for customers, maybe now is the time to do so. A variety of NO HATS signs can jump start your efforts to get this program moving. # Monday, November 17, 2003 ( 9:32 AM ) Michele Anti-spam legislation may pass soon The House is expected to consider strong anti-spam legislation this week. For those of us at BOL who receive hundreds of emails per day, this is welcome news. Although many financial institutions have instituted mail filtering software which includes virus screening and anti-spam measures, when it comes to spam the solution for the end-user is often times worse than coping with the unwanted mail by hitting the delete button. Many people find that the anti-spam filtering is so stringent that it often precludes them from receiving emails that are wanted. Such has been the case for dozens of BOL'ers who have had to work with IT staff to have their Banker Briefings delivered. If you suddenly find yourself not receiving email from BOL, it may be time to ask you IT area if they installed filtering software. If you need help figuring out what's happened to your email from us, send an email to mpetry@bankersonline.com and we'll try to help. # Thursday, November 13, 2003 ( 6:02 PM ) Andy There has been a lot of press lately on predatory lending and things unfair or deceptive. Here are comments from Fed. Governor Gramlich on balancing subprime lending, a plus, with predatory lending, a minus. For other actions, see the OCC News Release 2003-88 which called for the bank to "reimburse all fees, finance charges and interest paid by affected tax lien customers" which will be approximately $100,000 from loans on which the fees and closing costs the borrowers paid ranged from 22% to 123% of the amounts borrowed and the FTC & HUD - Fairbanks Settlement which if approved will require the Fairbanks corporations to pay $40 million and Basmajian to pay $400,000. # Friday, November 07, 2003 ( 3:47 AM ) Andy Computerworld is reporting a possible new bill entitled the "Corporate Information Security Accountability Act of 2003". I don't see this in Thomas yet, but it has the possibility of adding new IT audit requirements if you are subject to SEC rules. Independent audits would assess information security controls and ensure that basic standards are met. The SEC would determine those standards. They would also define the audit standards within 60 days after the law takes effect. Lots of unknowns, but computer security seems to be moving to new heights like it or not. # Tuesday, November 04, 2003 ( 11:03 AM ) Michele More Phishing Expeditions Worldwide Westpac Bank in New Zealand is the latest target of sophisticated frausters out to steal account information and details from unsuspecting bank customers. According to press accounts of the scam, fraudsters are turning to new levels of sophistication. Both the email and the link to gather the information appear to be from the bank's site. The only indication that the page is a fake is the gibberish characters surrounding the "@" sign in the URL. The URL actually directs users to a page hosted in Russia that was set up to open a pop-up window requesting information from the bank's customers and also redirects users to a legitimate page on the bank's Web site that discloses the bank's privacy policy. If the customer is not paying attention, or inexperienced with the Internet, they may be fooled into thinking the pop−up was produced by the bank. Since its discovery the bank has started a public education campaign designed to alert users to the risks associated with e-mail Internet banking scams. # ( 4:27 AM ) Mary Beth One Man's Trash BOL Guru Sharon Lewis was telling me about a recent series of ID thefts in the Oklahoma City area that were traced back to a local business throwing employment applications into the dumpster behind the business. On the apps, job seekers had related their names, SSNs, addresses, and everything else an ID thief might need to takeover the applicants' identities. When the victims realize the negligent trash disposal led to the ID fraud, lawsuits are inevitable. Do you have any information leaks like this? # ( 4:13 AM ) Mary Beth Snooping on the Scammers Every three months I make a special purchase at my local bookstore. I buy 2600 magazine, which bills itself as "the Hacker's Quarterly", and I would urge every financial institution security officer to do the same to gain insight into some of the exploits that may be coming soon to a computer near you. Think you've got CIP covered because you're requested a DL from new customers? The Marketplace section of 2600 features this "For Sale" ad in the current issue: DRIVER'S LICENSE BAR-BOOK and "fake" ID templates. Includes photos, templates, and information on all security features of every single American and Canadian drivers' licenses. Including information on making "fake" ID's on PVC cards, laminating, making holograms, magnetic stripes, software, and more to make your very own license. Send $25 cash in US funds or an international money order in US funds made out to R.J. Orr and mailed to Driver's Bar Book, PO Box 2306, Station Main, Winnipeg, Mannitoba, R3C 4A6, Canada. Order now and get FREE laminates with every order. We ship worldwide free! Is "R.J. Orr" a customer of your bank? Now you know what he's up to . . . # Monday, November 03, 2003 ( 9:20 AM ) Andy A new E-Banking exam manual has been released. If you have e-services, audit e-services or are considering these, check this out. # ( 8:34 AM ) Michele Learning Connect Webinars Soar Web based seminars have really hit the spot with BOL users. We have over 300 institutions participating in our Introduction to Check 21 Webinar scheduled for this Friday. Mary Beth, Ken and John have been hard at work deciphering the new Check 21 Act and exactly what it will mean for financial institutions. If you have not yet experienced Webinar training, this would be a good one to try. # ( 8:17 AM ) Michele Fraudsters Employ E-Mail Scams Against Bank Customers In a cyber style scam that seems to be becoming all to common, fraudsters are targeting bank customers with the hope that the customers will release personal information to what they believe is a trusted party. The latest bank to be target is ANZ bank in Australia. An e-mail, appearing to be sent from the bank with a spoofed e-mail address of "antifraud@anz.com" and a Subject line of "Attention!" urged customers to update their details for security reasons by clicking on a link which appeared to be anz.com. When customers clicked on the link it actually resolved to a fraudulent address. Authorities closed the site down. It's not just foreign banks that have been targeted for this type of crime. Citibank experienced a similar e-mail scam attempt to target their customers several months ago. The important lesson here, however, is DO YOUR CUSTOMERS KNOW HOW YOU WILL COMMUNICATE WITH THEM ELECTRONICALLY? If not, it may be time for some education to fend off this type of fraud. # ( 8:01 AM ) Michele New $20 Bills Are your tellers trained to spot counterfeits of the new $20 bills? Less than a month after their introduction, criminals are hard at work trying to make counterfeits. Phony bills have turned up in Massachusetts and Indiana. So far all the bad notes have been characterized as "sophisticated" copies that lacked the enhanced anti-counterfeiting features such as the security strip, red−and−blue fibers in the paper, and the watermark. Be sure to have your tellers check out our Money Matters section and take the quiz to see if they could spot a fake note. # |
|