Whether business or personal, bank accounts are prone to attacks. Sophisticated malware is joining forces with phishing attacks to put money in bank accounts at risk. Security experts are issuing warnings to secure laptops, computers and smartphones, and be on guard. Banks must constantly monitor firewalls — and their own employees.
Computer hacking can be a very effective way to rob banks, as demonstrated by a sophisticated global heist that led to recent arrests in New York City. The arrests of low-level cash mules were related to two separate thefts totaling $45 million, stolen through ATMs in more than two dozen countries.
These heists involved the electronic hijacking of two prepaid card issuer systems and the pilfering of account information so withdrawal limits on accounts could be raised. The card issuers are most likely to be held accountable for the losses, according to cyber security experts.
The high-profile crime brings an old and troubling question to mind: Is the money in my bank account at risk?
“Absolutely, yes it is,” said George Waller, executive vice president and co-founder of StrikeForce Technologies in Edison, N.J. “This is something we are going to see continue to rise.”
“With any type of account, there is always a chance it can be hacked,” said Laurie Appelbaum, a Dallas-based banking consultant.
“The bank has to be constantly monitoring their firewalls and their own employees to make sure they are protecting their passwords. They need to ensure the have the latest technology because the thieves are smart.”
Many details on how the crooks pulled off the big international heist were not made public.
But in addition to sophisticated malware, it most likely was initiated through one of the most common hacking methods, phishing, or its close cousin spear-phishing, said Waller. “That same process happens every day in the banking industry,” he said.
In phishing attacks, criminals send emails disguised as being from a legitimate company or government agency, and they persuade people to share information such as Social Security numbers, account numbers and passwords.
“It appears that they spear-phished certain employees and got them to open an email,” he said.
For consumers, Federal Reserve Regulation E makes banks responsible to reimburse customers for most losses from online fraud. With business accounts, however, the question of who takes the loss is more likely to be sorted out in a courtroom.
Whether business or personal, bank accounts are prone to attacks.
“Generally speaking, unless the consumer was blatantly at fault and knowingly gave a card and a PIN number to a criminal, he is protected,” said George Tubin, senior security strategist at Trusteer, an Israel-based security company.
“That’s not to say someone won’t take your card and use it at a gas station. There always will be a risk, but the risk is low for consumers,” he said.
The Consumer Federation of America, on May 15 teamed up with Visa Inc. to offer tips for protecting against those phishing attacks, including these:
– BE AWARE THAT SOME CALLS ASKING TO CONFIRM INFORMATION MAY BE LEGITIMATE. For instance, your financial institution may call if there is an unusual purchase on your account to confirm that you made it. But it likely doesn’t need to ask for your account number because it already has it. If you get a message on your voicemail that says it’s from your bank or credit card issuer and asks you to call back, look up the number independently, from your statements, the phone book or online.
– KEEP YOUR GUARD UP. There are many variations of phishing scams. One popular scam involves crooks claiming to be from Internet service providers or tech security companies and asking people for their passwords to fix virus problems on their computers. In another, the scammers pretend to be from the government and tell people that they need their Social Security number to sign them up for new national health care benefits.
– MAKE SURE YOUR COMPUTER, LAPTOP, NOTEPAD AND SMARTPHONE ARE SECURE. Use antivirus and antispyware software on these devices to protect yourself in case you open or click on something that you shouldn’t.
“If someone suddenly appeared at your door asking for your personal information, you’d be suspicious, and rightfully so,” said Susan Grant, director of consumer protection at the Consumer Federation of America. “It should be no different when someone approaches you online.”