“…the attack vector is a “spear phishing” e-mail which contains either an infected file or a link to an infectious Web site. The… recipient is … a person … who can initiate funds transfers on behalf of the business… Once the user opens the attachment, or navigates to the Web site, malware is installed on the user’s computer…, which harvests the user’s corporate online banking credentials. Shortly thereafter, the subject either creates another user account from the stolen credentials or directly initiates a funds transfer masquerading as a legitimate user.
More than ever, anyone doing any sort of online banking needs to be very certain of the security of their computer, network, and the server on the other end of the transaction. Sadly, my personal experience has shown that most people banking online don’t know the first thing about online security, or are concerned for the wrong reasons.
My recommendation is that if you must do online banking, have a computer dedicated to this task. (I usually lose people around here, but bear with me.) The problem is that today some malware can be so insidious that it can remain undetected for long periods of time. A solution is to take an old computer, put a light Linux distribution onto it, and use Firefox or another alternative web browser instead of Internet Explorer on Windows. Readers of my personal blog may think that I am starting to sway toward this becoming a rant, but my recommendation is purely pragmatic. Linux and alternative browsers pose a much smaller attack vector, and, without getting into a religious Windows vs. open source debate, as a result they are more secure.
Think carefully the next time you log on to your bank or credit union account online and ask yourself “If a hacker got access to this account and drained all of the funds available, what would I do?” Is mitigating this risk by recycling an old computer with some free software worth the additional protection that this would afford? My answer is “absolutely.”