The American Bankers Association and the FBI are advising small and midsize businesses that conduct financial transactions over the Internet to dedicate a separate PC used exclusively for online banking.
The reason: Cybergangs have inundated the Internet with “banking Trojans” – malicious programs that enable them to surreptitiously access and manipulate online accounts. A dedicated PC that’s never used for e-mail or Web browsing is much less likely to encounter a banking Trojan.
Internet-enabled ACH and wire transfer fraud have become so acute that the FBI, which is usually reticent to discuss bank losses or even acknowledge ongoing cases, has gone public about the scale of the attacks to bring attention to the problem. The FBI, the Federal Deposit Insurance Corp. and the Federal Reserve have all issued warnings in the past two months.
The victims are mostly small to midsize organizations using online bank accounts supplied by local community banks and credit unions, FBI analysis shows. “The bad guys are still out there breaking into customers’ computers,” says Steven Chabinsky, deputy assistant director of the FBI’s Cyber Division.
The likelihood of any ordinary person getting his or her PC infected by a banking Trojan is so great that Gartner’s Litan tells acquaintances who run small businesses to switch from commercial online accounts to an individual consumer account.