“Your information security program is only as strong as your weakest link” said Linda McGlasson of Bank Info Security.
“That weakest link is your customer or your employee sitting at a screen, deciding whether to click on that link that popped up in their instant messaging screen, or direct message box on Twitter, or visit that site that offers free ringtones (and malware as a bonus).“
Recently 10 US financial institutions in California, New York, Pennsylvania and Wisconsin receiving fraudulent text messages or automated phone calls.
On September 28, 2009, the 1st Federal Credit Union of central Pennsylvania reported that it received calls from customers about text messages claiming that their cards were blocked.
Similarly on October 2 phishers sent text messages to mobile phones in the Omaha area, claiming their bank card had been deactivated. Inclded were instructions to call an 877 number to reactivate it. At least one customer lost several hundred dollars.
“Once he changed his PIN, somebody went in and withdrew the money,” said Richard Patterson, president of Greater Omaha Federal Credit Union.
A very convincing automated phone call phishing scam directly named the Liberty Bank.
“Your card has been suspended because we believe it was accessed by a third party. Please press 1 now to be transferred to our security department” the recording, before liting an impressive array of details designed to sound official.
Customers who pressed “1” were asked to enter their credit/debit card number and personal identification number.
“There will be some losses,” Liberty Bank Vice President Jill Hitchman said. “Charges started showing up almost immediately after our customers gave away their card numbers.”
Of course, Liberty responsibly warns its customers to “never reply to email, pop-up messages or phone callers that ask for your personal or financial information. LIBERTY BANK WILL NEVER ask you to disclose your password or pin”.
Spam works because about one out of six respond to messages suspect are spam survey data by the Messaging Anti-Abuse Working Group, an anti-spam trade organization (MAAWG).
A record five million new malware threats were detected in third quarter of 2009 according to the Cloud Security firm, Panda Security. Trojans accounted for 71 percent of all new malware between July and September 2009s bots and other malware are morphing rapidly.
Globally 59% of computers are infected states Panda.
Obviously we need to keep our viral security up to date. This is why Bank Info Security recommends regular, preferably quarterly, programs to remind their customers of secure banking practices.
The problem is that people are the weakest lin. Even normally cautious people may once in a while press a link they normally would ignore.
Since, most of us are not rocket scientists perhaps give oursleves a reality check. Perhaps we should put ourselves through a similar audit of our email and web habits.
People need to be trained to obtain a drivers license so perhaps we need to begin to train people in the rules of internet safety said Linda McGlasson.
She suggests the first very basic tips:
- Keep your operating system up to date with the latest patches;
- Update your anti-virus and anti-spyware regularly, if not daily;
- Install a firewall on your PC;
- Don’t click on links in emails that are from unknown origins (or known origins for that matter).