$479,000 heist from small business bank account lends weight to calls for online banking 'lock-down'
According to local press reports, the Trojan was installed through a fake Web site purporting to belong to Cumberland County Redevelopment Authority's bank, M&T.There's a better way.
Use a separate machine for online banking.
The HomeATM SLIM plugs into your laptops USB port and becomes
that desperately needed "separate machine"...
Finextra: Criminals have stolen more than $479,000 from a Pennsylvania housing development authority after infecting its computer system with the notorious Clampi Trojan. The crime is the latest in a rash of heists from small business banking users in the US, which has led some industry bodies to suggest radical lock-down procedures for companies banking online.
Once installed, Clampi stole passcodes which were used to transfer the money to bank accounts set up by the hackers at 11 different financial institutions. About $109,000 has been recovered since the money was taken on 22 September.
The incident is just the tip of the iceberg, if Bryan Krebs of the Washington Post's SecurityFix blog is to be believed. He reports multiple cases of small business and non-profit organisations failling victim to similar sophisticated Trjoan attacks.
Concern over the upsurge in crybercrime has moved the bank-backed Financial Services Information Sharing and Analysis Centre to issue a confidential alert to members about the dangers posed to small businesses when banking online.
The note recommends that commercial banking customers should be induced to "carry out all online activity from a standalone, hardened and locked-down computer from which e-mail and Web browsing is not possible".
So, your choices are: Buy a separate PC for online banking for hundreds or thousands of dollars...or ask your bank to give you a HomeATM SLIM for free. (or you can buy it for $25.00...but HomeATM feels your bank should give it to you for free)