Criminals Target Electronic Banking

By
PETER DIZIKES
January 6, 2006, 1:04 AM ET
4 min read

Oct. 4, 2004 — -- Once upon a time, banking security invoked strong vaults and good safety-deposit boxes. But in the information age, that has changed.

Today, criminals armed with sophisticated technological schemes are finding new ways to steal electronically from banks and their surprised customers. Indeed, with banking transactions becoming ever more decentralized — moving from the teller's window to home or office computers and freestanding ATMs — thieves have more potential targets from which to choose. Often, that means schemes intended to prey on unsuspecting customers.

"Crooks go where security is weakest, by trial and error," said Gail Hillebrand, a senior attorney at the Consumers' Union, the nonprofit group that publishes Consumer Reports.

In the age of networked computers, that means bank security is increasingly a matter of battening down the electronic hatches — and keeping customers informed about the latest criminal trends.

The good news for consumers, though, is that a healthy dose of common sense caution can prevent many potential crimes from ever occurring. This is especially applicable to two areas of modern banking: So-called phishing scams, which take advantage of the popularity of online banking, and schemes using rigged ATMs to obtain bank card information.

Phishing Scams

"Phishing," or "spoofing," is one of the most rapidly growing forms of banking fraud. To indicate the nature of these schemes, the Identity Theft Resource Center, a nonprofit group in San Diego, calls these ploys "account verification scams."

In these cases, a person is sent an unsolicited, official-looking e-mail, purportedly from a financial institution or other business, asking the customer to verify account information via an online form. The request is often accompanied by a warning that the customer's account will be closed if no reply is received.

In reality, however, consumers are sending their data to tricksters who have set up authentic-looking Web forms and are trying to obtain consumers' account information to siphon money from their holdings.

Phishing scams are increasing by 50 percent from month to month, according to the Anti-Phishing Working Group, an industry association of banks and Internet companies that monitors the trend. The consortium's research indicated that an average of about 50 new phishing attacks were spawned every day in June 2004, with a host of prominent company names being used.

And although phishing scams may sound easy to detect, 28 percent of U.S. adults were unable to distinguish between phishing attacks and genuine online forms, according to a national survey commissioned by MailFrontier, a computer security firm based in Palo Alto, Calif.

Observers say this is understandable among customers adapting to online banking.

"It's hard when consumers get legitimate e-mails and then get phony ones," said Hillebrand.

And some worry about senior citizens' susceptibility to phishing.

"These consumers are new to the Internet," Dave Jevan, chairman of the Anti-Phishing Working Group, testified during a March Senate hearing, and "not educated about the new dangers of phishing fraud."

Experts Offer Advice

Still, consumers' groups and government agencies, including the Federal Trade Commission and Federal Bureau of Investigation, offer a number of suggestions for avoiding phishing and other scams:

  • Do not reply to any unsolicited e-mails requesting private financial information, and do not click on links within those e-mails.
  • Contact the institution represented in the e-mail and ask about it, or type in the genuine Web address of the company to contact it about the message.
  • To see if a Web page is genuinely secure, look for the "lock" icon at the bottom of your browser window, and see if the Web address begins "https."
  • Always review your financial statements in a timely manner, to detect any suspicious activity.

    • Similarly, said Jevan, "There is no reason for any site to request your ATM PIN. Any site that requests this is fraudulent."

    ATM Fraud a Danger

    Even apart from such phishing tricks, however, ATM fraud itself remains a serious concern for law enforcement officials. The American Bankers Association has estimated that more than $50 million a year is stolen via schemes involving doctored ATMs.

    Indeed, some ATMs have been rigged with special electronic readers, to pilfer consumers' bank card information. Even in a routine cash withdrawal, data can be stolen. The devices attached to such "fake ATMs," as Hillbrand calls them, "look very real — they are very professional-looking." Law enforcement officials are concerned that this may especially be true of ATMs with low security in convenience stores, gas stations or other businesses.

    To keep your account out of trouble on the ATM front, therefore, consumer advocates suggest more common-sense measures: Monitor your bank account, call your bank immediately if you ever lose your card in an ATM and never accept "help" from bystanders if you encounter a malfunctioning automated teller.

    In exchange for the increased convenience of electronic banking, it seems, consumers must have a greater awareness of the problems they may encounter. Still, as Hillebrand said, "The individual consumer can't do all the protection that's necessary."

    To that end, some financial institutions are looking at new forms of encryption for ATMs and bankcards. Until the next generation of devices arrives, however, consumers wanting old-fashioned banking security would do well to be aware of the new tactics of bank robbers.