When my grandma, god bless her soul, hears about a new scam, fraud or any form of financial trickery she immediately calls me up and warns me to stop whatever I’m doing and take notes. To her knowledge I don’t belong to more than one social media network, I don’t buy items online, I don’t apply for credit cards and the big one: I don’t use my debit card. And of course, I do all of these things (all in moderation, of course). These are all perfectly orchestrated white lies that I tell her so that I don’t have to sit through one more speech about about how DANGEROUS all of these things are for you. And grated, yes, all of those things I just mentioned do possess a level of danger and potential harm. But so does crossing the street (don’t tell her, but sometimes I don’t cross at the crosswalk).
Hopefully she’s not keeping up with my articles and reading this post today (Grandma: if you are, I love you and realize the jig is up!) but I bring to you news of a new alert to be forewarned about, checking your bank account online. Really.
An Israeli-based Security firm, Trusteer, found a new and elaborate computer virus that allows fraudsters to not only steal money from your bank account but to also cover its tracks. The virus came to attention after a large, unnamed, US retail bank spotted it and shared it with the firm.
The new virus is similar to that of a SpyEye Trojan horse where a robber swaps out surveillance camera footage to cover their thief-like tracks from security guards, but instead of a video, hackers are preventing bank account holders from noticing any missing money.
The Trojan horse employs a powerful two-step process to commit the electronic crime. First, the virus lies in wait until a customer with an infected computer visits an online banking site, steals their login credentials and tricks the victim into divulging additional personal information such as debit card information. Then, after the stolen card number is used for a fraudulent purchase, the virus intercepts any further visits to the victim’s banking site and scrubs transaction records clean of any fraud. That prevents — or at least delays — consumers from discovering fraud and reporting it to the bank, buying the fraudster critical extra time to complete the crime – Source.
It’s kind of ingenious. But bad. Very, very bad.
Trusteer is calling it a “post transaction” attack since the virus mainly controls what a victim sees after the fraud occurs. Chief technology officer for Trusteer, Amit Klien, says, “I predict that the use of post transaction attack technology will significantly increase as it enables criminals to maximize the amount of fraud they can commit using their initial investment in malware toolkits and infection mechanisms” – Source.
Apparently, if a victim account holder checked their balance at an ATM or even using an uninfected computer they would be able to detect the fraudulent transactions. The virus doesn’t go so far as to impact the bank’s systems but only the web browser on an infected system’s computer.
That being said, paper statements would reveal the fraud. Bad news for trees, good news for banking customers that receive paper statements each month! Sadly, only relying on paper statements could leave you a full calendar month behind when it comes to spotting the fraudulent transactions – Source.
The best way to combat this new virus is to make sure that the computers you use are up to date with the latest and best anti-virus software.
Or, as my grandmother would prefer, if you want money or a balance statement you’re going to have to get it all Jimmy-Stewart-It’s-A-Wonderful-Life-style and walk into a bank.