Gillian Shaw
Sun
A secure Internet website no longer guarantees that consumers are safe from thieving hackers who can empty their bank accounts and pilfer their credit cards, British Columbia‘s Crime Prevention Association warned Thursday.
The association issued the warning following reports of the Silentbanker, a Trojan-horse virus that is stalking computers and giving hackers a front-row seat on transactions between banking customers and their financial institutions.
“This is an ominous threat for business when consumers can’t feel secure any longer,” said Valerie MacLean, executive director of the BC Crime Prevention Association.
“They will no longer be able to feel confident that the locked padlock symbol and the ‘S’ in the website address is actually a secure website.”
The Silentbanker virus performs an updated and considerably more sophisticated version of the age-old banking “phishing” scams, in which people are directed via e-mails to bogus banking sites that can pick up passwords and other critical financial and personal information.
The threat could spread beyond the 400-plus banks worldwide that have been targeted so far, according to the association.
“It can be a major headache for them and it’s not just the banks. The precedent has been set,” said Jeff Burton, the association’s manager of programs and projects.
“I don’t think we can safely say this is restricted to banks.
“The technique these hackers have used to pull this off could be applied to any e-commerce website, I would think.”
Since the Trojan is downloaded to individual computers, usually during routine Web-surfing, consumers have to look to their own computer security, not their bank’s, for protection.
The virus allows hackers to get between the computer user and the bank, so even if a banking client is looking at a secure banking screen with its authentication and the tiny padlock denoting security encryption, there is no guarantee a hacker isn’t picking up information or stealing money and directing it to another account.
“It is worse than phishing. We are not talking about unsolicited e-mails, we are talking about honest-Joe citizens who are doing their banking online and now we have to say to them, ‘Be very careful,'” said Burton.
“The only solution I see is to make sure all your anti-virus software is up to date and to be checking your balances way more frequently than perhaps you do now for any sign that someone has tapped into your bank account.”
The latest twist in online fraud has banks renewing their warnings their clients to update their computer security software and install any patches for such problems as flaws in website browsers and Windows operating systems.
Coast Capital Savings, which is investigating the threat, posted a warning on its website Thursday.
Leung said while there have been no reports of members of his credit union falling victim to Silentbanker, Coast Capital is advising people to ensure their computers are secure.
“The home user is not always aware of the importance of updating their computer,” he said. “If you are working for a company, those things are usually taken care of by the IT staff.
“There are various things you can do at home to protect yourself.”
Leung recommended computer users update their operating-system software, install a firewall and ensure their anti-virus software is updated.
The Canadian Bankers Association said banks here are aware of the new threat, which doesn’t target their networks but rather installs itself on individual computers.
“While banks have extensive security systems in place and work around the clock to protect customers from fraud, consumers have a role to play in protecting themselves as well,” the CBA said in a release. “Banks help by promoting awareness of online security and providing advice on how to make personal computers more secure.”
The Vancouver Sun DIGITAL
You can now listen to every Vancouver Sun story on our new digital edition.
Free to full-week print subscribers or sign up for a 7-day free trial. www.vancouversun.com/digital.
KEEPING SAFE ONLINE
Advice from the Canadian Bankers Association on avoiding online fraud:
– Install and maintain a firewall to guard against unwanted access to your computer.
– Install proven anti-virus, anti-spam and anti-spyware software and keep them updated.
– Install patches and updates to your operating system and applications as they become available from the manufacturers.
– Avoid using a public computer to do financial transactions.
– Log out of online transactions and clear the browser cache after you visit secure sites.
– Change your online banking password regularly, use hard-to-guess passwords (e.g. using a combination of letters and numbers), and never share your password with anyone, even family members.
– Many businesses require that you use 128-bit encryption to access secure websites. Update your Web browser on a frequent basis to ensure you are using the latest browser technology and the highest encryption level.
– Always ensure that you are in a secure environment. Look for the closed-lock or unbroken-key icons on your browser when entering credit-card or other sensitive data. Also make sure that the website address in the address bar begins with https rather than just http. If you don’t see these or if you see a broken key or the open padlock, your transaction is not being securely transmitted across the Internet. (However, in the case of the Silentbanker Trojan, this won’t help because even though a hacker can be eavesdropping on the transaction, the site will still show the security symbols).
– Use common sense and be aware of potential security leaks. You wouldn’t give information to just anyone in the off-line world. Apply the same discretion online.
– Monitor the transactions in your bank account and report anything unusual to your financial institution right away.
© The Vancouver Sun 2008