Be on guard for online wire transfer scam
Flickr user Todd Ehlers
(MoneyWatch) Computer security firm RSA is warning of an imminent cyber attack that could target customers of 30 banks. The scheme is part of a wider online assault of unprecedented scale and organization, according to the company.
The attack is expected to make use of a relatively little known Trojan malware that will have the ability to duplicate the victim's PC settings on remote machines, allowing criminals to mimic customers' time zone, screen resolution, browser cookies, IP address and more. Attackers will place fraudulent wire transfers and then prevent victims from getting notifications or confirmations through the use of what RSA refers to as VoIP, or voice-over-Internet Protocol phone-flooding software.
- Essential PC security tips (send to your parents)
- Why secret questions are your No. 1 security flaw
- Beware of Malware Masquerading as Microsoft Security Essentials
According to RSA, the gang behind the scam is recruiting as many as 100 "botmasters" to help orchestrate the attack, each one funded by an "inventor" who will supply the necessary hardware and software.
It appears American banks are particularly being targeted because their security is weaker than that of European institutions. For instance, few U.S. bank websites require two-factor authentication, or 2FA, while in Europe such protection is almost universally mandatory. 2FA requires users to log in using two or more different kinds of authentication, such as knowledge (like a password) and possession (such as a one-time code you can only get from your mobile phone).
Of course, it's unclear how large or successful this attack might be, but it should serve as a reminder just how fragile our online security is. Prepare for this, and other, attacks by:
- Ensuring you have unique and strong passwords for all of your financial accounts.
- Never clicking links that lead to your bank in email; navigate to the website yourself to minimize the risk of falling to prey a fake site, an online scam known as phishing.
- If your financial institution offers it, sign up for0two factor authentication.
Photo courtesy of Flickr user Todd Ehlers
Popular on MoneyWatch
- When it comes to vacations, the U.S. stinks
- Reverse cell phone lookup service is free and simple
- Amy's Baking Company could face legal 'nightmare'
- Snapple co-founder Leonard Marsh dies at 80
- TGI Fridays nailed for doctoring booze
- IMF chief named key witness in French payoff case
- Ellen DeGeneres buys Brad Pitt's Malibu home
- Amy's Baking Company: Post-meltdown PR campaign