FDIC: Hackers Took More Than $120M in Three Months
Robert McMillan writes on ComputerWorld:
Ongoing computer scams targeting small businesses cost U.S. companies $25 million in the third quarter of 2009, according to the U.S. Federal Deposit Insurance Corporation.More here.
Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over $120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC.
The FDIC receives a variety of confidential reports from financial institutions, which allow it to generate the estimates, Nelson said.
Almost all of the incidents reported to the FDIC "related to malware on online banking customers' PCs," he said. Typically a victim is tricked into visiting a malicious Web site or downloading a Trojan horse program that gives hackers access to their banking passwords. Money is then transferred out of the account using the Automated Clearing House (ACH) system that banks use to process payments between institutions.
Even though banks now force customers to use several forms of authentication, hackers are still stealing money. "Online banking customers are getting too reliant on authentication and on practicing layers of controls," Nelson said.
That's bad news for businesses, which are increasingly on the hook for any losses.