2 million bank accounts robbed

2004-06-15 Thread R. A. Hettinga 
http://www.msnbc.msn.com/id/5184077/

MSNBC

Survey: 2 million bank accounts robbed
Criminals taking advantage of online banking, Gartner says
EXCLUSIVE
By Bob Sullivan
Technology correspondent
MSNBC
Updated: 4:25 a.m. ET June 14, 2004

Nearly 2 million Americans have had their checking accounts raided by
criminals in the past 12 months, according to a soon-to-be released survey
by market research group Gartner. Consumers reported an average loss per
incident of $1,200, pushing total losses higher than $2 billion for the
year.

 advertisement
Gartner researcher Avivah Litan blamed online banking for most of the problem.

There has been a big increase in the abuse of existing checking accounts,
Litan said. What's really scary about it is right now there are no
back-end fraud detection solutions for it.

The survey results, extrapolated from a telephone poll of 5,000 consumers
conducted in April, offer a rare glimpse at the state of bank fraud:
Financial institutions are tight-lipped about fraud losses. But Litan said
the study confirms comments she regularly hears from bank investigators.

The results are consistent with what banks are telling me. ... When I talk
to them, they all nod their heads that this is the area where they are
seeing the most fraud escalation, she said.

'Constant siege'
The trend neatly follows a sharp rise in so-called phishing e-mails, which
attempt to steal consumers' user names and passwords by imitating e-mail
from legitimate financial institutions. A Gartner study released in May
showed at least 1.8 million consumers had been tricked into divulging
personal information in phishing attacks, most within the past year.

Phishing attempts designed specifically to steal bank information began to
skyrocket about 10 months ago, according to Dave Jevans, chair of the
Anti-Phishing Working Group. Overall, phishing e-mails have jumped 4,000
percent in the past six months, and just last month, Citibank overtook eBay
as the most common target. The company faced an average of 16 attacks per
day, and 475 separate phishing attacks during April, an increase of nearly
400 percent from March.

 Citibank didn't immediately return requests for comment.

It's working, there's no doubt about that...There's people who are under
constant siege now, Jevans said. It's like people setting up fake ATMs
everywhere.

 Some days, banks are targeted dozens of times, which not only leads to
identity theft, but also jam-packed customer service telephone lines.

Clearly the issues are far more significant than anyone expected they
would be. Phishing and spoofing (setting up look-alike bank Web sites) are
really getting to people, said Larry Ponemon, founder of privacy think
tank Ponemon Institute, and a bank consultant. It is an epidemic. It's a
very big problem.

Creative ways to drain accounts
But phish isn't the only way criminals gain access to online bank accounts,
according to industry experts. Computer criminals are becoming increasingly
proficient at writing Trojan horse programs and keyloggers that steal
passwords and account information. Such secret malicious programs, which
exerts say are more widespread than many realize, could be the cause of up
to half the account takeovers, Litan speculated.

Such programs can be installed on home users' computers through virus-laden
e-mails. People who do their online banking at public computers, such as at
Internet cafes, are also at risk from this kind of password swiping.
FREE VIDEO * Run at the bank
MSNBC.com's Bob Sullivan reports on online banking theft.

NBC News
The Gartner survey found that more than 4 million consumers reported
suffering checking account takeovers at any time during recent years, with
half that number saying it had happened in the most recent 12-month span --
indicating a sharp increase in the activity.

While consumers who responded to the survey didn't know how the money was
moved out of their checking accounts -- fake ATM cards are another
possibility, for example -- Litan said she suspects a sharp rise in hackers
taking over online bank accounts is the likely cause. 

 Criminals are using creative ways to transfer money out of hijacked
accounts, she said.

A couple of banks tell me (the criminals) set up a bill payment account,
then pay themselves, she said.

 Another method, said U.S. Postal Inspector Barry Mew, takes advantage of
the images of canceled checks made available to online bankers. Imposters
use them to create authentic-looking counterfeit checks; they have an added
air of legitimacy, since the check numbers are appropriately in series.

Enough safeguards?
Online banking, including online bill paying, has spiked in popularity in
recent years, particularly as more financial institutions offer the service
for free. According to Gartner, 45 percent of the 141 million U.S. adults
who use the Internet pay bills online. Consumers like the convenience and
banks like the operating savings. 

 But not everyone is comfortable

Re: 2 million bank accounts robbed

2004-06-15 Thread Jack Lloyd 
So... don't give your account info to organized crime, and don't use Outlook,
and your risk is reduced by, what, 90%? And doing online banking from a Net
cafe... I mean really.

At least some of these numbers seem wrong. If nearly 2 million people got
ripped off last year, and at least 1.8 million people fell for phishing
attacks, then why would keyloggers/viruses cause up to half of the account
compromises? Did nearly a million people fall for phishing attacks and yet were
too stupid to even get their account details correct?

-J

On Tue, Jun 15, 2004 at 12:08:21PM -0400, R. A. Hettinga wrote:
 http://www.msnbc.msn.com/id/5184077/
 
 MSNBC
 
 Survey: 2 million bank accounts robbed
 Criminals taking advantage of online banking, Gartner says
 EXCLUSIVE
 By Bob Sullivan
 Technology correspondent
 MSNBC
 Updated: 4:25 a.m. ET June 14, 2004
 
 Nearly 2 million Americans have had their checking accounts raided by
 criminals in the past 12 months, according to a soon-to-be released survey
 by market research group Gartner. Consumers reported an average loss per
 incident of $1,200, pushing total losses higher than $2 billion for the
 year.
 
  advertisement
 Gartner researcher Avivah Litan blamed online banking for most of the problem.
 
 There has been a big increase in the abuse of existing checking accounts,
 Litan said. What's really scary about it is right now there are no
 back-end fraud detection solutions for it.
 
 The survey results, extrapolated from a telephone poll of 5,000 consumers
 conducted in April, offer a rare glimpse at the state of bank fraud:
 Financial institutions are tight-lipped about fraud losses. But Litan said
 the study confirms comments she regularly hears from bank investigators.
 
 The results are consistent with what banks are telling me. ... When I talk
 to them, they all nod their heads that this is the area where they are
 seeing the most fraud escalation, she said.
 
 'Constant siege'
 The trend neatly follows a sharp rise in so-called phishing e-mails, which
 attempt to steal consumers' user names and passwords by imitating e-mail
 from legitimate financial institutions. A Gartner study released in May
 showed at least 1.8 million consumers had been tricked into divulging
 personal information in phishing attacks, most within the past year.
 
 Phishing attempts designed specifically to steal bank information began to
 skyrocket about 10 months ago, according to Dave Jevans, chair of the
 Anti-Phishing Working Group. Overall, phishing e-mails have jumped 4,000
 percent in the past six months, and just last month, Citibank overtook eBay
 as the most common target. The company faced an average of 16 attacks per
 day, and 475 separate phishing attacks during April, an increase of nearly
 400 percent from March.
 
  Citibank didn't immediately return requests for comment.
 
 It's working, there's no doubt about that...There's people who are under
 constant siege now, Jevans said. It's like people setting up fake ATMs
 everywhere.
 
  Some days, banks are targeted dozens of times, which not only leads to
 identity theft, but also jam-packed customer service telephone lines.
 
 Clearly the issues are far more significant than anyone expected they
 would be. Phishing and spoofing (setting up look-alike bank Web sites) are
 really getting to people, said Larry Ponemon, founder of privacy think
 tank Ponemon Institute, and a bank consultant. It is an epidemic. It's a
 very big problem.
 
 Creative ways to drain accounts
 But phish isn't the only way criminals gain access to online bank accounts,
 according to industry experts. Computer criminals are becoming increasingly
 proficient at writing Trojan horse programs and keyloggers that steal
 passwords and account information. Such secret malicious programs, which
 exerts say are more widespread than many realize, could be the cause of up
 to half the account takeovers, Litan speculated.
 
 Such programs can be installed on home users' computers through virus-laden
 e-mails. People who do their online banking at public computers, such as at
 Internet cafes, are also at risk from this kind of password swiping.
 FREE VIDEO * Run at the bank
 MSNBC.com's Bob Sullivan reports on online banking theft.
 
 NBC News
 The Gartner survey found that more than 4 million consumers reported
 suffering checking account takeovers at any time during recent years, with
 half that number saying it had happened in the most recent 12-month span --
 indicating a sharp increase in the activity.
 
 While consumers who responded to the survey didn't know how the money was
 moved out of their checking accounts -- fake ATM cards are another
 possibility, for example -- Litan said she suspects a sharp rise in hackers
 taking over online bank accounts is the likely cause. 
 
  Criminals are using creative ways to transfer money out of hijacked
 accounts, she said.
 
 A couple of banks tell me (the criminals) set up a bill payment account,
 then pay themselves

Re: 2 million bank accounts robbed

2004-06-15 Thread R. A. Hettinga 
At 12:22 PM -0400 6/15/04, Jack Lloyd wrote:
I mean really.


I'd lay this at the feet of book-entry settlement, but I'm supposed to say
that.

:-)

Cheers,
RAH
-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

2 million bank accounts robbed

2004-06-15 Thread R. A. Hettinga 
http://www.msnbc.msn.com/id/5184077/

MSNBC

Survey: 2 million bank accounts robbed
Criminals taking advantage of online banking, Gartner says
EXCLUSIVE
By Bob Sullivan
Technology correspondent
MSNBC
Updated: 4:25 a.m. ET June 14, 2004

Nearly 2 million Americans have had their checking accounts raided by
criminals in the past 12 months, according to a soon-to-be released survey
by market research group Gartner. Consumers reported an average loss per
incident of $1,200, pushing total losses higher than $2 billion for the
year.

 advertisement
Gartner researcher Avivah Litan blamed online banking for most of the problem.

There has been a big increase in the abuse of existing checking accounts,
Litan said. What's really scary about it is right now there are no
back-end fraud detection solutions for it.

The survey results, extrapolated from a telephone poll of 5,000 consumers
conducted in April, offer a rare glimpse at the state of bank fraud:
Financial institutions are tight-lipped about fraud losses. But Litan said
the study confirms comments she regularly hears from bank investigators.

The results are consistent with what banks are telling me. ... When I talk
to them, they all nod their heads that this is the area where they are
seeing the most fraud escalation, she said.

'Constant siege'
The trend neatly follows a sharp rise in so-called phishing e-mails, which
attempt to steal consumers' user names and passwords by imitating e-mail
from legitimate financial institutions. A Gartner study released in May
showed at least 1.8 million consumers had been tricked into divulging
personal information in phishing attacks, most within the past year.

Phishing attempts designed specifically to steal bank information began to
skyrocket about 10 months ago, according to Dave Jevans, chair of the
Anti-Phishing Working Group. Overall, phishing e-mails have jumped 4,000
percent in the past six months, and just last month, Citibank overtook eBay
as the most common target. The company faced an average of 16 attacks per
day, and 475 separate phishing attacks during April, an increase of nearly
400 percent from March.

 Citibank didn't immediately return requests for comment.

It's working, there's no doubt about that...There's people who are under
constant siege now, Jevans said. It's like people setting up fake ATMs
everywhere.

 Some days, banks are targeted dozens of times, which not only leads to
identity theft, but also jam-packed customer service telephone lines.

Clearly the issues are far more significant than anyone expected they
would be. Phishing and spoofing (setting up look-alike bank Web sites) are
really getting to people, said Larry Ponemon, founder of privacy think
tank Ponemon Institute, and a bank consultant. It is an epidemic. It's a
very big problem.

Creative ways to drain accounts
But phish isn't the only way criminals gain access to online bank accounts,
according to industry experts. Computer criminals are becoming increasingly
proficient at writing Trojan horse programs and keyloggers that steal
passwords and account information. Such secret malicious programs, which
exerts say are more widespread than many realize, could be the cause of up
to half the account takeovers, Litan speculated.

Such programs can be installed on home users' computers through virus-laden
e-mails. People who do their online banking at public computers, such as at
Internet cafes, are also at risk from this kind of password swiping.
FREE VIDEO * Run at the bank
MSNBC.com's Bob Sullivan reports on online banking theft.

NBC News
The Gartner survey found that more than 4 million consumers reported
suffering checking account takeovers at any time during recent years, with
half that number saying it had happened in the most recent 12-month span --
indicating a sharp increase in the activity.

While consumers who responded to the survey didn't know how the money was
moved out of their checking accounts -- fake ATM cards are another
possibility, for example -- Litan said she suspects a sharp rise in hackers
taking over online bank accounts is the likely cause. 

 Criminals are using creative ways to transfer money out of hijacked
accounts, she said.

A couple of banks tell me (the criminals) set up a bill payment account,
then pay themselves, she said.

 Another method, said U.S. Postal Inspector Barry Mew, takes advantage of
the images of canceled checks made available to online bankers. Imposters
use them to create authentic-looking counterfeit checks; they have an added
air of legitimacy, since the check numbers are appropriately in series.

Enough safeguards?
Online banking, including online bill paying, has spiked in popularity in
recent years, particularly as more financial institutions offer the service
for free. According to Gartner, 45 percent of the 141 million U.S. adults
who use the Internet pay bills online. Consumers like the convenience and
banks like the operating savings. 

 But not everyone is comfortable

Re: 2 million bank accounts robbed

2004-06-15 Thread R. A. Hettinga 
At 12:22 PM -0400 6/15/04, Jack Lloyd wrote:
I mean really.


I'd lay this at the feet of book-entry settlement, but I'm supposed to say
that.

:-)

Cheers,
RAH
-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: 2 million bank accounts robbed

2004-06-15 Thread Jack Lloyd 
So... don't give your account info to organized crime, and don't use Outlook,
and your risk is reduced by, what, 90%? And doing online banking from a Net
cafe... I mean really.

At least some of these numbers seem wrong. If nearly 2 million people got
ripped off last year, and at least 1.8 million people fell for phishing
attacks, then why would keyloggers/viruses cause up to half of the account
compromises? Did nearly a million people fall for phishing attacks and yet were
too stupid to even get their account details correct?

-J

On Tue, Jun 15, 2004 at 12:08:21PM -0400, R. A. Hettinga wrote:
 http://www.msnbc.msn.com/id/5184077/
 
 MSNBC
 
 Survey: 2 million bank accounts robbed
 Criminals taking advantage of online banking, Gartner says
 EXCLUSIVE
 By Bob Sullivan
 Technology correspondent
 MSNBC
 Updated: 4:25 a.m. ET June 14, 2004
 
 Nearly 2 million Americans have had their checking accounts raided by
 criminals in the past 12 months, according to a soon-to-be released survey
 by market research group Gartner. Consumers reported an average loss per
 incident of $1,200, pushing total losses higher than $2 billion for the
 year.
 
  advertisement
 Gartner researcher Avivah Litan blamed online banking for most of the problem.
 
 There has been a big increase in the abuse of existing checking accounts,
 Litan said. What's really scary about it is right now there are no
 back-end fraud detection solutions for it.
 
 The survey results, extrapolated from a telephone poll of 5,000 consumers
 conducted in April, offer a rare glimpse at the state of bank fraud:
 Financial institutions are tight-lipped about fraud losses. But Litan said
 the study confirms comments she regularly hears from bank investigators.
 
 The results are consistent with what banks are telling me. ... When I talk
 to them, they all nod their heads that this is the area where they are
 seeing the most fraud escalation, she said.
 
 'Constant siege'
 The trend neatly follows a sharp rise in so-called phishing e-mails, which
 attempt to steal consumers' user names and passwords by imitating e-mail
 from legitimate financial institutions. A Gartner study released in May
 showed at least 1.8 million consumers had been tricked into divulging
 personal information in phishing attacks, most within the past year.
 
 Phishing attempts designed specifically to steal bank information began to
 skyrocket about 10 months ago, according to Dave Jevans, chair of the
 Anti-Phishing Working Group. Overall, phishing e-mails have jumped 4,000
 percent in the past six months, and just last month, Citibank overtook eBay
 as the most common target. The company faced an average of 16 attacks per
 day, and 475 separate phishing attacks during April, an increase of nearly
 400 percent from March.
 
  Citibank didn't immediately return requests for comment.
 
 It's working, there's no doubt about that...There's people who are under
 constant siege now, Jevans said. It's like people setting up fake ATMs
 everywhere.
 
  Some days, banks are targeted dozens of times, which not only leads to
 identity theft, but also jam-packed customer service telephone lines.
 
 Clearly the issues are far more significant than anyone expected they
 would be. Phishing and spoofing (setting up look-alike bank Web sites) are
 really getting to people, said Larry Ponemon, founder of privacy think
 tank Ponemon Institute, and a bank consultant. It is an epidemic. It's a
 very big problem.
 
 Creative ways to drain accounts
 But phish isn't the only way criminals gain access to online bank accounts,
 according to industry experts. Computer criminals are becoming increasingly
 proficient at writing Trojan horse programs and keyloggers that steal
 passwords and account information. Such secret malicious programs, which
 exerts say are more widespread than many realize, could be the cause of up
 to half the account takeovers, Litan speculated.
 
 Such programs can be installed on home users' computers through virus-laden
 e-mails. People who do their online banking at public computers, such as at
 Internet cafes, are also at risk from this kind of password swiping.
 FREE VIDEO * Run at the bank
 MSNBC.com's Bob Sullivan reports on online banking theft.
 
 NBC News
 The Gartner survey found that more than 4 million consumers reported
 suffering checking account takeovers at any time during recent years, with
 half that number saying it had happened in the most recent 12-month span --
 indicating a sharp increase in the activity.
 
 While consumers who responded to the survey didn't know how the money was
 moved out of their checking accounts -- fake ATM cards are another
 possibility, for example -- Litan said she suspects a sharp rise in hackers
 taking over online bank accounts is the likely cause. 
 
  Criminals are using creative ways to transfer money out of hijacked
 accounts, she said.
 
 A couple of banks tell me (the criminals) set up a bill payment account,
 then pay themselves