Monday, November 03, 2008

Warning: Bank Fraud

We have seen an increase in the number of banking fraud emails. Most are directed at Bank of America but recently it has expanded to other banks. The email will look something like this:

LaSalle Bank Consumers Warning:

Please be advised that we cannot guarantee the confidentiality of not protected information.

Therefore, we strongly encourage you to update your system.

New Bank of America x.509 privacy certificate for LaSalle Bank consumers can be downloaded from our customer service department.

Proceed to customer service department>> <> .

LaSalle Bank and Bank of America will not be responsible for any damages, if you ignore this warning.

Sincerely, Caroline Blankenship.

2008 LaSalle Bank and Bank of America Community.

I have edited the link above so it doesn't go anywhere. But clicking on the original link would download an SSL certificate to your computer. This certificate allows an encrypted tunnel to be created between you and the bad guys when you visit your bank. Thus allowing them to capture your credentials the next time you log into your online banking site.

To protect yourself you should never click on a link from your bank or credit card company (or ebay or paypal for that matter) rather if you have something you need to do there, go to the site.


As an aside, I've been waiting for the bad guys to figure out how to use SSL to infect our computers. SSL is the encryption used at https websites. It encrypts the data going between you and the website so no one can read it. It is used by every online shopping, banking, tax, etc website on the web. Sounds like a great idea on the surface, but that no one includes your anti-virus, anti-spam and firewall too. So, if the secure website you've gone to turns out to not be so secure there could be bad stuff coming through that tunnel and there's no way to detect it until it's too late. I think that we're going to start to see an uptick on this type of attack. So as usual keep your eyes open be cautious.



Post a Comment

<< Home