Jersey City, NJ, October 01, 2009 - Malicious software now replaces old-fashioned confidence games, enabling hackers to empty bank accounts with ease.
In the old days, con artists devised elaborate scams involving dropping envelopes full of money in front of the unwary, or promoting undeveloped swampland in Florida. The labor-intensive one-victim-at-a-time approach is outdated. Today, con artists infect hundreds or thousands of personal computers with key logging software, recording every key each Internet user taps. This way they collect information about bank account numbers and passwords.
Armed with confidential information, thieves plunder bank accounts at will, and rapidly, as unsuspecting small businesses and school districts around the United States are learning to their dismay.
"The cyber criminals have spotted a very high value yet very soft target" said Melih Abdulhayoglu, CEO of Comodo, in a recent video about bilked school districts at comodo.tv/small-business/schools-get-hacked-students-and-taxpayers-lose/. "They inject…malicious executables into school districts' systems, and they take over their bank details and they siphon off money,
"It's a sad, sad, sad day," said Abdulhayoglu, when money from innocent organizations goes "straight into cyber criminals' pockets."
"We don't have to suffer at the hands of cyber criminals…all we need is prevention as the first line of defense."
Such prevention is available both for banking institutions and for their online depositors.
Online depositors should protect their personal computers from malicious executable files, otherwise known as malware, by using top-quality firewall and antivirus software. Such software should prevent software such as keyloggers from installing itself in a computer.
By law, one single password is not enough protection for online banking. To guard against hacker incursions, banks are required to demand more ID when communicating securely with customers online. The Federal Financial Institutions Examination Council (FFIEC) requires that banks and credit unions only allow customers to access their accounts if they use at least one other identification factor in addition to the passwords.
Requiring that the customer enter a password is a layer of protection called "authentication"- ensuring that the customer is authentic. In addition, the financial institution must authenticate again by asking for at least one other piece of information. The information can be something the customer "is" such as a fingerprint, or something the customer "has" such as a physical key.
When hackers stole $588,000 from Patco Construction Co. in Maine in May 2009, Patco's attorneys advised it to sue its bank for not requiring adequate authentication.
"The case is ongoing," said Abdulhayoglu. "Whoever wins, the lawsuit will still be expensive and time-consuming, and both sides will wish they could have prevented it."
"Unfortunately, it's difficult to stop a determined thief. But prevention-based software can often mitigate risk, making the Internet safer for us all."
The Comodo companies provide the infrastructure that is essential in enabling e-merchants, other Internet-connected companies, software companies, and individual consumers to interact and conduct business via the Internet safely and securely. The Comodo companies offer PKI SSL, Code Signing, Content Verification and Email Certificate; award winning PC Security software; Vulnerability Scanning services for PCI Compliance; secure e-mail and fax services.
Continual innovation, a core competence in PKI, and a commitment to reversing the growth of Internet-crime distinguish the Comodo companies as vital players in the Internet's ongoing development. Comodo secures and authenticates online transactions and communications for over 200,000 business customers and 3,000,000 users of our desktop security products.
For additional information on Comodo - Creating Trust Online® visit Comodo.com
For more information, reporters and analysts may contact:
Office: +1 (888) 266-6361