Thoughts on an Article in the Wall Street Journal on Online Bank Fraud
I was reading the Wall Street Journal today and they had an interesting article about Online Bank Fraud. It was an article about the dangers of online banking. The premise of the article was a small business owner in California had 100,000 stolen from his bank account. They got about 50,000 of it back. The other 50,000 went to a bank in Europe were mules (someone who gets the stolen money) started to withdraw the money from the bank account.
How this happened is the CFO had some spyware on his computer that transferred his username and password to the hackers. Whenever I read an article like this I always shake my head as common sense was not applied. My first rule of thumb is if you are doing to does online banking make sure that has virus and spyware protection on it. This is a first layer of protection against an attack such as this.
The second thing I would be doing is investing in unified threat management (UTM) or a next generation firewall. Not only do these look for viruses, they also can implement web filtering and prevent the computer from reaching the intended attacker. Web filtering can block access to websites that contain malware and spyware; it can also protect employees from going places they shouldn’t be. Fortinet and Palo Alto networks are two vendors that make Firewall appliances that do what I describe above. Both are very effective in helping prevent an attack such as this.
I would also look a good spam filtering solution. Numerous cloud based (hosted) solutions exist that are very inexpensive. A good spam filter will keep viruses, phishing and other attacks from hitting your email. A phishing attack is the most common. Someone creates an email that looks like your bank in an attempt to collect information. I never open emails from my bank. If they need me, they will call me. Most banks will not contact you for important account information with email. My favorite cloud based email filtering solution is MX Logic. They make an easy to use product that is well supported and very effective.
The third item I would do is making sure you are patching computers monthly. A good patching cycle will insure that we are protecting computers from attacks from vulnerabilities in the software that they are running. Most small businesses should look at a managed service provider. They can automate patching at a low monthly fee and ensure your computers are updated.
The fourth item is a matter of common sense. Most people at times go to websites or click on something they shouldn’t be. My suggestion is if you are doing Internet banking, it should be on a computer that is used the least. If you are going to go to questionable websites, do not do it on the computer you are doing banking. Also, be careful of phishing emails. About 3-4 year ago my wife was close to falling for a phishing email. She was ordering a bunch from EBay at the time. Someone was attempting to act like EBay or PayPal. She was about to enter her Social Security number into a website that was clearly a hacker. I thankful caught it in time and was able to educate her on the dangers.
The big issue in the article is who is responsible for the money loss. The company in the article blames the bank stating they were not secure. I argue that the business was not very smart or secure and the responsibility lies with them. The banks cannot protect against ever attack.
We at JSO can offer advice on how to secure your computers and network to help prevent an attack such as this. An attack like this could put someone out of business or cause their insurance rates to go sky high. The sad thing is this could have been avoided with a little once of prevention.
You can find this article here Wall Street Journal
How this happened is the CFO had some spyware on his computer that transferred his username and password to the hackers. Whenever I read an article like this I always shake my head as common sense was not applied. My first rule of thumb is if you are doing to does online banking make sure that has virus and spyware protection on it. This is a first layer of protection against an attack such as this.
The second thing I would be doing is investing in unified threat management (UTM) or a next generation firewall. Not only do these look for viruses, they also can implement web filtering and prevent the computer from reaching the intended attacker. Web filtering can block access to websites that contain malware and spyware; it can also protect employees from going places they shouldn’t be. Fortinet and Palo Alto networks are two vendors that make Firewall appliances that do what I describe above. Both are very effective in helping prevent an attack such as this.
I would also look a good spam filtering solution. Numerous cloud based (hosted) solutions exist that are very inexpensive. A good spam filter will keep viruses, phishing and other attacks from hitting your email. A phishing attack is the most common. Someone creates an email that looks like your bank in an attempt to collect information. I never open emails from my bank. If they need me, they will call me. Most banks will not contact you for important account information with email. My favorite cloud based email filtering solution is MX Logic. They make an easy to use product that is well supported and very effective.
The third item I would do is making sure you are patching computers monthly. A good patching cycle will insure that we are protecting computers from attacks from vulnerabilities in the software that they are running. Most small businesses should look at a managed service provider. They can automate patching at a low monthly fee and ensure your computers are updated.
The fourth item is a matter of common sense. Most people at times go to websites or click on something they shouldn’t be. My suggestion is if you are doing Internet banking, it should be on a computer that is used the least. If you are going to go to questionable websites, do not do it on the computer you are doing banking. Also, be careful of phishing emails. About 3-4 year ago my wife was close to falling for a phishing email. She was ordering a bunch from EBay at the time. Someone was attempting to act like EBay or PayPal. She was about to enter her Social Security number into a website that was clearly a hacker. I thankful caught it in time and was able to educate her on the dangers.
The big issue in the article is who is responsible for the money loss. The company in the article blames the bank stating they were not secure. I argue that the business was not very smart or secure and the responsibility lies with them. The banks cannot protect against ever attack.
We at JSO can offer advice on how to secure your computers and network to help prevent an attack such as this. An attack like this could put someone out of business or cause their insurance rates to go sky high. The sad thing is this could have been avoided with a little once of prevention.
You can find this article here Wall Street Journal
Labels: Online Bank Fraud
posted by JSO Technology LLC at
10:52 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<$I18N$LinksToThisPost>:
Create a Link
<< Home