For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Subscribe to
Computerworld 40 years of the most authoritative source of news and information for IT leaders.
Fake bank Web sites trick consumers into giving up personal data
or
Other Security Stories
|
|
|
|
July 24, 2000 (Computerworld) -- A hacker doesn't have to break into a bank's computer to steal account numbers and access codes. It may be enough to set up a "spoof" Web site that closely mimics a real bank's, according to a warning issued last week by the Office of the Comptroller of the Currency (OCC).
Some customers have provided financial information to sites that they thought were legitimate Web sites, according to OCC spokesman Dean DeBuck.
The fake sites weren't exact copies of the real bank sites, DeBuck said, though some did look somewhat like the originals.
Companies can take legal action against Web site spoofers, said DeBuck. For example, wwwbankofamerica.com -- just like the real site's address, but without the dot after the "www" -- has already been taken down, but not until after a few unsuspecting consumers were taken in, DeBuck said.
So far, the only losses that the OCC is aware of are of private information such as addresses, said Clifford Wilke, the agency's director of bank technology, with no thefts yet reported of personal account information or access codes.
That doesn't mean it can't happen.
"I'm telling banks to be careful and be aware that other people are out there registering similar names," Wilke said.
To keep an eye out for fraud, some banks regularly check to make sure that there aren't Web sites with similar names luring consumers.
"We are on the lookout," said Scott Scredon, a spokesman for Charlotte, N.C.-based Bank of America Corp.
Waiting for customers to come and complain may not be enough. Some may never know they were duped.
According to Richard Bell, an analyst at Needham, Mass.-based TowerGroup, a Web site spoofer may put up a front end identical to the real bank's, then send the customer back to the real Web site once the personal information is collected.
"The most secure way for consumers to protect themselves is to deal with an institution with a strong commitment to security and one that uses some sort of certificate system that the user participates in," he said.
Not only banks are targets. X.com Corp., owner of the PayPal Web site, was spoofed recently with PayPai.com, said analyst Chris Musto at Lincoln, Mass.-based Gomez Advisors Inc. Users were diverted to the fake site with a link that spelled PayPai with a capital "i" at the end, making it look identical to PayPal on many computer screens.
Musto suggested that companies can take a two-part approach to security -- educate consumers to make sure that they're doing business at the correct Web site, and buy up possible alternative domain names.
Related stories:
- Feds struggle in race with hackers, April 13, 1998
- American Bankers Association to offer online authentication, July 19, 2000
- Survey: Retail fraud more prevalent for online vendors, July 24, 2000
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
|
|
|
|
|
 |
|
All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone |
 See your link here
|
 |
||||||||
| ||||||||
| ||||||||
| ||||||||
|
Why SaaS is Vital to Email and Web Security
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs.
Get this white paper now!
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
- Mozilla launches Firefox 3.0 RC1 early
- Microsoft: Don't misunderstand UAC, other Vista features
- HP confirms XP SP3 endless reboot snafu, promises patch
- More top stories
Security Management ZoneSecurity management is the process of developing a comprehensive data protection plan. It takes into account all potential threats, the existing network environment, the future needs of the organization, and lays out a multi-tiered blueprint to integrate the security technology needed to combat these threats. CDW can help keep your network and data secure. Visit the CDW Security Management Zone now See All Zones
|
 Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.New baits 
|
"Security Directions" virtual trade show2008's Code-Red Security Issues for Protecting the EnterpriseWebcasts, white papers, demos, and more. Presented in a unique 3-d environment. Enter our show right now! Click here to enter
|
 In SecurityThere's plenty of talk about how to behave during a Customs search of your computer and gear, but Jon Espenschied's got tips for securing your data (and privacy) before you reach the border. Click here to read the latest column by Jon Espenschied |
 |
 |
Layered Security Solutions
Although basic network security issues have changed very little over the past decade, the
network security landscape has changed dramatically. Today's IT professionals still have the
primary responsibility of protecting the confidentiality of corporate information, preventing
unauthorized access, and defending the network against attacks. Security experts and analysts agree that a security solution comprised of multiple layers is the best defense against today's increasingly sophisticated attacks.Download this white paper
|
Universal Threat Management - Because Conventional UTM is Not Enough!
This white paper, written by Mark Bouchard of Missing Link Security Services, examines the challenges confronting today's enterprises with respect to managing threats on a network. It also discusses the need for "Universal Threat Management", which is a security solution approach for all physical locations within an enterprise that require threat protection.Download this white paper |
Selecting the Right Threat Management Solution
This short demo will guide you through key considerations for selecting a solution to manage threats on a network. Learn about the popularity of Unified Threat Management (UTM), and how it fits into an overall security solution. Explore critical elements of a network-wide solution for multisite and large network-size deployments and identify the four key features of a threat management solution.View this demo
|
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDG Connect
IDG World Expo
Infoworld
The Industry Standard
ITworld
JavaWorld
LinuxWorld
MacUser
Macworld
Network World
PC World
Playlist
Copyright © 2008 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission of Computerworld Inc. is prohibited.
Computerworld and Computerworld.com and the respective logos are
trademarks of International Data Group Inc.
|
