Posted on 12/30/2005 8:39:05 AM PST by FerdieMurphy
CHARLOTTE COUNTY — Managing your money on-line can be a risky proposition. One Southwest Florida family found out the hard way after losing more than $50,000 to computer hackers. A simple login in to a familiar web site revealed a nightmare. "We looked at the account and instead of having $119,000, there was only $56,000. At that point I said what's going on?" said Jeanette Miller of Port Charlotte.
(Excerpt) Read more at msnbc.msn.com ...
It's surprising the entire cash balance wasn't stolen!
Maybe it wasn't stolen...maybe the couple forgot they invested in NY Times Company stock.
They felt bad about taking it all?
As expected, the MSNBC article is pretty content-free,
but this looks like a case of keylogging. The crackers
got an applet installed on their PC, logged keystrokes
on the keyboard, and periodically phoned home with
account usernames and passwords.
Unless Windows users have a firewall, anti-virus and
anti-spyware, keep it updated, and run scans often,
they have to assume that their PC is compromised.
If they let the kids use it, it's definitely "owned"
by some cracker somewhere.
You can defeat keystroke loggers with Control-C and Control-V
Maybe s/he only needed $63K.
($119,000 - $56,000 = $63,000)
The police don't think there is any way to track it? Nonsense.
The firm isn't all over this? Their entire business depends on a successful outcome for this problem.
How did the money get out of the account? It can't go out as cash. A transfer? Where did it go to?
I'm in this business and I transact business in these on-line accounts all day. The rest of the story should be interesting.
The reporting in this case is pathetic.
Poorly-written article, but I'd be quite surprised if E Trade doesn't pick up the losses.
Just a guess but maybe withdrawal amounts were restricted to a certain maximum at any one time. It may have also triggered a request for verification if all the money was taken out of the account.
I have friends who tell me how 'secure' online banking has become.....but for me no way in Hades will I do my banking online. Case in point.
*snerk!* And just who told you that?
care to elaborate a bit?
Another suspicous aspect is this line:
"We looked at the account ..."
Unless E-Trade has some pretty bulletproof protocol for
changing passwords, one of the first things done in an
account hijack (e.g. on eBay/PayPal) is to change the
password, and perhaps the contact phone number.
I haven't ever thought about that until I read it here, but it seems to make sense to me. All they'd have is a copy paste action. Now if they had a more robost logging program then yes copy paste is weak. But the problem I see with copy paste of ID/PW is that you have to store them on your machine somewhere to copy paste from. And then you're more at risk of someone getting your password file and then having free reign to all your info.
Good points.
Passwords are easy to change and indeed it is encouraged. In this case, the password has not been changed or the customers would not have been able to log on.
Phone numbers and addresses cannot be changed online. The firms all require verification of identity. SS number, mothers maiden name or the like. Before any money is disbursed to a new address or different payee, a verification is sent to the old address.
If the account had a check writing feature, I would investigate that avenue first.
Something smells in this story.
bump
The person who wrote this story may have wanted some people to think that. If you bought into it based on this story,,,well,,,I'll be kind,,,you need to have more information.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.