Thursday, December 6, 2012

Don't bank from your phone

Hackers stole 36 million euros via banking trojans:
Check Point has revealed how a sophisticated malware attack was used to steal an estimated €36 million from over 30,000 customers of over 30 banks in Italy, Spain, Germany and Holland over summer this year.

The theft used malware to target the PCs and mobile devices of banking customers. The attack also took advantage of SMS messages used by banks as part of customers’ secure login and authentication process.
A lot of this was via targeted attacks on people's cell phones.  My recommendation is that you do not ever use your cell phone to do online banking.  Ever.

The reason is that lost/stolen/compromised ATM cards are well understood and you'll probably have limited loss exposure with one of these.  Online trojans draining your account is a different story, and your bank may or may not cover your loss.

Credit card is best - you will actually have no liability at all if you report it as soon as you get your bill.


Old NFO said...

Excellent point!

wolfwalker said...

" My recommendation is that you do not ever use your cell phone to do online banking. Ever."

I won't do online banking over any connection that involves radio transmissions. Not my cellphone, and not my WiFi laptop. Hard-wire cable connections only. And I run a full malware check before I do anything else. Every time.

Alan said...

I always use a credit card too. Also, I NEVER have anything automatically paid for from my bank account. I have everything bill to the card then make one payment from the bank account. That keeps my bank transactions minimized so weird ones are easy to spot, plus cash back on the card.

Some banks will let you set up account alerts for large/unusual withdrawals or transfers. Do that.

Also, if your bank doesn't use two factor authentication you should switch to one that does.

Jake (formerly Riposte3) said...

Having separate accounts for bills vs. daily living is a good idea, too. An account that you use on a day-to-day basis is more vulnerable simply due to how frequently it's exposed. Have emergency funds in each account (or, even better, a third account), so that if either one is compromised you're able to get by until things get straightened out, especially if there's a delay.