
Categories
Blog Archives
Criminal hackers clean out bank accounts using spear phishing
August 18th, 2009 - Posted by Robert Siciliano
Robert Siciliano is a NextAdvisor.com Expert Guest Blogger
Phishing continues to become more sophisticated, more effective, and more prevalent. According to Symantec, a 52% increase in phishing scams occurred in July alone. Computerworld reports that basic phishing emails successfully led to corporate bank accounts being completely drained. Criminal hackers waited until Pennsylvania schools administrators were on vacation, then used simple money transfers to liquidate over $440,000 between December 29 and January 2.
Much of the phishing that occurs today is "spear phishing," in which the spammers concentrate on a localized target, generally an individual with control over a company's checkbook. This insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins. That download is almost always a virus with a remote control component , which gives the phisher full access to the user's data, including user names and passwords, credit card and bank account details, and Social Security numbers. The malicious software can attach itself to the victim's web browser, where it waits for the victim to log into a bank site before launching. When the victim does log into his or her bank account, the software sets up new payees and transfers money to the criminal hacker.
In the school hack, the software added 42 people to its payroll during Christmas break and quickly began paying them. The issuing bank received 74 transfer requests during the four day period.
When consumers' bank accounts are emptied, federal regulations limit their liability to $50, as long as the victim reports the theft within a set time frame. But things are a lot more complicated for corporations and other entities. Whether or not the victim is responsible for the missing cash varies from bank to bank.
Protect your yourself. First of all, don't click on any links in an email unless you are 100% sure of its legitimacy. Whenever I receive an electronic statement from a bank or credit card company, I go to my favorites menu or type in the address manually, rather than clicking the link within the email. I take this extra step because I'm only 99.9% sure that the email is legitimate. You should also consider getting a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief. And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. Make sure that your web browser is updated to the latest version, since an outdated web browser is often riddled with holes that worms can crawl through. Make sure that your Internet security software is updated and set to run automatically. And check your bank statements online frequently.
Robert Siciliano, identity theft speaker, discusses phishing.
[youtube]http://www.youtube.com/watch?v=LtlnLQcjMZA[/youtube]
Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.
5 Responses to “Criminal hackers clean out bank accounts using spear phishing”
Leave a Reply
Copyright© 2006 - 2012 NextAdvisor.com - All rights reserved.
Disclosure: NextAdvisor.com is a consumer information site that offers free, independent reviews and ratings of online services. We receive advertising revenue from most of the services we review. Our editors thoroughly research and whenever possible test each service we review and offer their honest opinions about each one. We are independently owned and operated and all opinions expressed on this site are our own.

August 18th, 2009 at 9:55 pm
[...] original here: Criminal hackers clean out bank accounts using spear phishing … Share and [...]
August 18th, 2009 at 10:09 pm
[...] the rest here: Criminal hackers clean out bank accounts using spear phishing … document.write("); Related Posts:AVG Antivirus 8.5 Build 364 (CLEAN) (EXPIRES YEAR 2018) – [...]
November 4th, 2010 at 9:16 pm
Interesting..
October 31st, 2011 at 11:36 am
I was very pleased to find this web site.I wished to regards for this good read!! I definitely enjoying every little bit of it and I have you saved as a favorite to check out new stuff you post.
November 2nd, 2011 at 3:35 am
Excellent beat ! I wish to apprentice even as you amend your web site, how could i subscribe for a blog web site? The account aided me a acceptable deal. I were a little bit acquainted of this your broadcast offered bright transparent concept