SO? What should we do to ‘stay safe’?
Does https-everywhere and ublock and additional 3rd party extension helps?
T.I.A.

back top fishing for better dreams

I for one do not do anything financial on line because I never did think it was secure.  I would suggest everyone go in to your bank and do your business. Its safer. If you have to save time do it somewhere else.  If you want to buy something on line using a credit card. Never use a debit card for anything, You don’t have the same protection as a credit card. I don’t have a debit card.  I use a ATM card to get cash when I need it.

5 users thanked author for this post.

Elly, Bill C., HiFlyer, BobbyB, Seff

jabeattyauditor wrote:

If you don’t setup online access to your financial accounts, someone else will. All the information needed to do so is available at low cost to those who will profit by using it. Plant your flag now, even if you’ll never use the access.

Fantastic point!

1 user thanked author for this post.

HiFlyer

Don’t get me started on this. My bank is asking for Flash in order to let me change my spending limit on my credit card. I thought people used to be shot for such security lapses ?

Also, it’s funny how some of the very worst offenders in the realm of Internet security are major government sites, which millions of tech-illiterate people are forced to use, and which hold extremely sensitive, personal information, the type that hackers would love to get their hands on in order to impersonate you or otherwise harm you. (I’m not in the US.)

My favorite trick is running an SSL Labs test on them. The results are sometimes so appalling as to be laughable.

One particular offender is the monopoly utility company which throws a Google captcha in your face, just in order to let you type your username and password. That captcha is in English — not the country’s language. Google’s captchas are exasperating enough for English-speaking geeks ; now figure a lady born in 1940, with no higher education, no knowledge of foreign languages, and who absolutely needs to log in the blasted site to pay her bills.

7 users thanked author for this post.

Steve, AlexEiffel, Mele20, David F, CADesertRat, Elly, HiFlyer

The bank where one of my accounts is put a link to a security testing site, suggesting that I see how secure my bank is for online banking. That bank, the one who put the link on their website, rated “F” on the security testing site! I told them about it, and they said, “Our IT people assure us that we are secure.”

If their IT people are so clueless as to post a link to a security testing site which rates them an “F”, then I would say that you can’t depend on what their IT folks are telling you!

8 users thanked author for this post.

Steve, AlexEiffel, Kirsty, Cybertooth, CADesertRat, Elly, Seff, HiFlyer

abine.com offers masking of email, credit cards, etc.

$50 maximum loss protection of credit card (by US law) may not exist with some foreign issuers.  YMMV.

• This reply was modified 2 months, 3 weeks ago by  HiFlyer.

1 user thanked author for this post.

Elly

My US bank isn’t even listed on that site although when I go to my bank site it is https.

Yeah I used to do a lot more bill paying and banking online but not anymore. Today much of my bills are paper and I write checks and pay them through the mail system. My bank online system has been hacked at least partially a few times once so bad they had to shut down access. A couple of my utility companies have also noted a couple partial breeches. I am glad Chrome is pushing security, but I also know many sites that should be more protected are not and apparently have not learned from others failures.

1 user thanked author for this post.

HiFlyer

Excerpt From Krebs article:

“Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses.”

https://krebsonsecurity.com/2018/07/hackers-breached-virginia-bank-twice-in-eight-months-stole-2-4m/

1 user thanked author for this post.

Elly

Here’s an open, leading question:

If more security is better, what is the downside of everything having to be encrypted and decrypted?

It takes more communications time to manage the security handshake and more CPU time to encrypt and decrypt data, both on the sending end and on the receiving end.

Thus we are waiting longer for results and things cost incrementally more.

How much more?

– If every message is encrypted, servers aren’t able to handle as much traffic, leading to web site slowdowns and the potential need by those running sites to purchase more expensive service.

– An older client system might be acceptable for use for a little less time.

How much longer are we waiting for websites? How much more are we paying for things? How much more of our lives are wasted?

Food for thought.

-Noel

3 users thanked author for this post.

Steve, walker, Cybertooth

To me, it looks like a list of a few banks with some numbers in pretty colors.  What I don’t see is any information on where the numbers come from or what they  mean.  I assume the numbers might be rating a banks online security instead of physical security.  My bank tracker shows the opposite results.

https://www.bleepingcomputer.com/news/security/leader-of-carbanak-cobalt-hacker-group-who-stole-over-1bil-arrested-in-spain/ ( (Leader of Carbanak (Cobalt) Hacker Group Who Stole Over €1BIL Arrested in Spain – 26 Mar 2018)
https://www.zdnet.com/article/europol-tracks-down-suspected-leader-of-carbanak-malware-campaigns/ (26 March 2018)

Europol announced today that Spanish police has arrested a man suspect of being the mastermind behind the Carbanak hacking group, known for some of the biggest bank cyber-heists in recent years.

Europol said the Carbanak gang —also known as Cobalt— had carried out over 100 hacks across 40 different countries, stealing over €1 billion ($1.24 billion), with a hack average of €10 million ($12.4 million) per heist. …

Once they gained access to these systems, hackers choose one of three methods of stealing money.

The first was to coordinate with money mule groups and make ATMs spit out cash at a predetermined hour and day. Money mules would pick up the funds, some of which would end up back with the Carbanak group after intermediaries took their cuts.

Second, the Carbanak group would transfer money from legitimate accounts to the ones they or their money mules owned, who would then empty accounts at ATMs, or use the accounts to buy expensive products and launder the money.

Third, crooks would use their access to the bank’s internal network to artificially inflate the money balance of accounts created by money mules in advance, without transferring funds from other accounts. Same as before, money mules would empty accounts as soon as possible.

https://www.zdnet.com/article/the-dark-web-how-much-is-your-bank-account-worth/ (20 March 2018)

The Dark Web: How much is your bank account worth?

Researchers explore just how much our bank accounts, identities, and more are worth to customers in the web’s underbelly. …

While card numbers are big business, access to accounts is also hot property.
According to the researchers, accounts with a balance of roughly $3,000 from Bank of America, JPMorgan Chase and Wells Fargo are being hawked for $300, while bank login information for accounts belonging to the same banks with balances of up to $15,000 is being sold for between $200 and $1,000.

http://www.bbc.com/news/business-37891742 (7 Nov 2016 – Tesco Bank’s chief executive has blamed “a systematic, sophisticated attack” for the money taken from 20,000 of its customer accounts.)
https://thehackernews.com/2013/05/the-biggest-bank-robbery-in-history.html (10 May 2013 – A gang of cyber-criminals operating in 26 countries stole $45 million by hacking their way into a database of prepaid debit cards.)

Isolated cases of individual online banking accounts being hacked, identity stolen and drained/looted may not be refunded by the banks, eg … http://says.com/my/news/man-online-banking-account-hacked