For online thievery, these are halcyon days. Three out of four Americans used the internet in 2010, many of them buying, bonding and banking daily, leaving the web awash in personal information and account numbers. High-tech criminals are hoping to use that data to steal people’s assets. They are surprisingly organized. We want to make sure you are, too.
Company of Thieves
The lone hacker creating binary mayhem from his mom’s basement is a movie staple. Yet much online theft is perpetrated by cabals of keyboard criminals operating from air-conditioned offices in China or Russia — or possibly just next door. Many crooked operations are well-run businesses, almost indistinguishable from bona fide corporations. One Ukraine-based ring had a human resources department and operated a customer support center — in Ohio.
Nations that send the largest volumes of spam. Click to expand
WHERE DOES SPAM COME FROM?
Nations that send the largest volumes of spam.
Fittingly, corporate-style supply chains are not uncommon. “One group might produce the malicious software, or malware, used in cybertheft, then sell it to outside partners,” says David Renz of U.S. Trust’s Technology and Operations group. “These hackers then get the malware onto unprotected devices, often via mass emails, or spam, and collect information to access people’s bank accounts. Stolen money is then laundered by a network of ‘mules,’ often through shell companies. And, in due course, they all get paid for their services.”
Many crooked operations are well-run businesses, almost indistinguishable from bona fide ones.
“Cybercriminals have developed a variety of techniques,” Renz says. “Some have been in use for years. Others are cutting-edge, created to keep up with new technology.” Here’s what to watch for — and how to fight back.
Phishing Rings advertise in email links or pop-up ads. They offer to clean up your supposedly infected hard drive with antivirus software. But first they ask for a credit card number or other details. (Also watch for “vishing” and “smishing” — phishing via smartphone and text.) Do not click on any suspicious emailed links or ads. Do not supply any information solicited in this way.
Malware When you click on some ads, malware downloads to your hard drive. It reports back credit card and banking information. Some viruses automatically access your bank account and remove funds. Avoid suspicious ads. Update your antivirus software regularly. Change your passwords frequently.
Cloned Sites Some emails include links to a site that duplicates, or “spoofs,” the account access page of your financial institution. As the actual page would, the clone will ask you to input your ID and password. Delete suspicious emails. Do not supply any information.
Search Cybercrooks run searches on Google to find publicly available information: your full name and address, names of family members and so forth. Using paid search sites, they can uncover even more. Utilize reputable services to remove most online personal information (100% removal is probably not possible).
Network Criminals monitor social networking sites such as Facebook. High-profile individuals are common targets. Limit the personal information you put on these sites. Avoid including home address, even hometown.
People Thieves might get personal information from someone you know. “It could be an employee, a relative or a worker at your doctor’s office,” Renz says. Shred or securely file all personal documents, including bills; use paperless, online methods where possible. Health providers often ask for a Social Security number; find out if they provide service without it. (It may be required for insurance or other purposes.)
“Cyberthieves use the information they compile to impersonate a bank customer, online or over the phone — even in person,” says Renz. “Fortunately, most banks have processes in place to limit this kind of theft. The procedures at U.S. Trust and Bank of America are some of the most stringent.” They include:
- Spending millions of dollars annually for resources and technology to protect online client information.
- Regularly testing and validating the security of our online systems using a variety of means that include ethical hacking.
- Using a U.S. Trust team that monitors client activity and notifies team members of any suspicious account maintenance or transactions posted to a client account.
- Offering free downloads of various online fraud protection products, including SiteKey, SafePass and Rapport.
- Providing security and privacy information. Sources include Bank of America and the Federal Trade Commission.
- Working with law enforcement globally to investigate specific cases and track down fraud rings.
- Reminding clients to update antivirus software regularly.
- Membership in a number of organizations dedicated to promoting safe internet use, combating cyber crime and identifying high-tech criminals.
In a recent survey of fraud detection and prevention practices among 20 U.S. credit-card issuers, Bank of America received the highest score — 87 points out of 100.*
Protect your assets and personal information. Delete suspicious emails. Do not click on suspicious online advertising. Change your IDs and passwords regularly. Install and update antivirus software regularly. Download fraud protection software available free from Bank of America. Watch for all types of phishing.
Personal and business assets are vulnerable. If you suspect intrusion or theft, contact your advisor immediately. Rest assured that U.S. Trust and Bank of America are doing all they can to protect your assets, too.
Sources: The 2010 Generations report, Pew Internet and American Life project; Internet World Stats; Trend Micro Inc.; Bank Information Security; Internet Crime Complaint Center; Reuters; Financial Crimes Enforcement Network; Bank of America. *Study conducted between April 2, 2011, and May 24, 2011, by Javelin Strategy & Research.
Opinions expressed in this article are those of the featured participants/U.S. Trust and may differ from those of U.S. Trust and/or Bank of America Corporation and its affiliates. The information in this article is general in nature and designed to offer a perspective on broad trends. It is not intended to give you suggestions about your specific portfolio nor serve to provide recommendations to buy or sell securities in this particular sector.