Don't Bank on Technology to Protect you.

A secure Internet website no longer guarantees that consumers are safe from thieving hackers who can empty their bank accounts and pilfer their credit cards, British Columbia's Crime Prevention Association warned Thursday.

The association issued the warning following reports of the Silentbanker, a Trojan-horse virus that is stalking computers and giving hackers a front-row seat on transactions between banking customers and their financial institutions.

"This is an ominous threat for business when consumers can't feel secure any longer," said Valerie MacLean, executive director of the BC Crime Prevention Association.

Email to a friendEmail to a friendPrinter friendlyPrinter friendly

Font:

* *

* *

* *

* *

AddThis Social Bookmark Button

"They will no longer be able to feel confident that the locked padlock symbol and the 'S' in the website address is actually a secure website."

The Silentbanker virus performs an updated and considerably more sophisticated version of the age-old banking "phishing" scams, in which people are directed via e-mails to bogus banking sites that can pick up passwords and other critical financial and personal information.

The threat could spread beyond the 400-plus banks worldwide that have been targeted so far, according to the association.

"It can be a major headache for them and it's not just the banks. The precedent has been set," said Jeff Burton, the association's manager of programs and projects.

"I don't think we can safely say this is restricted to banks.

"The technique these hackers have used to pull this off could be applied to any e-commerce website, I would think."

Since the Trojan is downloaded to individual computers, usually during routine Web-surfing, consumers have to look to their own computer security, not their bank's, for protection.

The virus allows hackers to get between the computer user and the bank, so even if a banking client is looking at a secure banking screen with its authentication and the tiny padlock denoting security encryption, there is no guarantee a hacker isn't picking up information or stealing money and directing it to another account.

"It is worse than phishing. We are not talking about unsolicited e-mails, we are talking about honest-Joe citizens who are doing their banking online and now we have to say to them, 'Be very careful,'" said Burton.

"The only solution I see is to make sure all your anti-virus software is up to date and to be checking your balances way more frequently than perhaps you do now for any sign that someone has tapped into your bank account."

The latest twist in online fraud has banks renewing their warnings their clients to update their computer security software and install any patches for such problems as flaws in website browsers and Windows operating systems.

Coast Capital Savings, which is investigating the threat, posted a warning on its website Thursday.

Leung said while there have been no reports of members of his credit union falling victim to Silentbanker, Coast Capital is advising people to ensure their computers are secure.

"The home user is not always aware of the importance of updating their computer," he said. "If you are working for a company, those things are usually taken care of by the IT staff.
There are various things you can do at home to protect yourself."

Leung recommended computer users update their operating-system software, install a firewall and ensure their anti-virus software is updated.

The Canadian Bankers Association said banks here are aware of the new threat, which doesn't target their networks but rather installs itself on individual computers.

"While banks have extensive security systems in place and work around the clock to protect customers from fraud, consumers have a role to play in protecting themselves as well," the CBA said in a release. "Banks help by promoting awareness of online security and providing advice on how to make personal computers more secure."

gshaw@png.canwest.com