Expert Slams Online Bank On ID Fraud

from the yes,-but... dept

Earlier this week we mentioned the case of a South African bank where several accounts were wiped out, after a scammer sent a spam with some keylogger software attached to it. A few people unknowingly installed the software, and had their account info snagged by the scammer. Now, a “security expert” is criticizing the bank for this. The fact that there really was nothing the bank could do doesn’t seem to enter into the picture. The bank wasn’t hacked. It was due to things that happened on each individual’s computer. And, the bank has responded by restoring the money to the accounts. Blaming the bank doesn’t seem fair. The one point that does make sense is that it would have been better if the bank had a more stringent security policy that required a smartcard or some biometric reader. Unfortunately, almost no one has a smartcard reader or biometric reader at home – so no banks will require such a thing, since it pretty much guarantees that no one will use their online banking service (and, that they’ll go to another bank that makes it easier). Yes, security should be better, but it’s hard to see how the bank was at fault in this case.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Expert Slams Online Bank On ID Fraud”

Subscribe: RSS Leave a comment
1 Comment
LittleW0lf says:

Social Hack...

Mike, while I agree the bank couldn’t have been responsible, and really didn’t have anything to do with the social hack, there is something you mentioned before that I think needs to be addressed here.

How did the social engineer target the individuals of the bank? If it was purely fishing, then customers of other banks would have received similar emails and trojans, but it appears (at least from reading the articles,) that the social engineer targeted specific customers of the bank in question, through emails none-the-less.

My bank knows my email address, partly because I gave it to them as part of the effort of obtaining an account with them, but also because I occasionally send emails to them about problems I have while banking with them. They keep some sort of record of customers’ email addresses, because occasionally I get “unsolicited” email from them as well.

However, until I just announced it on a public website, nobody other than my bank or I knew that they had my email address. And even though I have given this information out, most people probably still don’t know which bank I have my account at.

So what I am saying, is that somehow this engineer has already hacked enough into the bank to obtain a listing of customer’s email addresses. And that is the banks problem. They have somehow, through negligence or otherwise, allowed someone to use their records to send directed emails to their customers.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...