Thursday, May 24, 2007

Hello and a Question for Michael

My beautiful espousa forwarded this message to me from a friend:
Something came up today and I have a quick question for Michael: In a nutshell, someone online accessed my checking account (with Washington Mutual) and drew out 500.00 from USAA (the bank with which I have a savings account, a credit card and renters' insurance.)

I recently did an online electronic transaction from USAA, telling them to remove funds from my Washington Mutual account (like I do every month) to pay off an insurance premium.

Between last night and this morning, a transaction took place whereby 500.00 was transferred via a "USAA Internet Chk" from my WaMu account to an alleged USAA accont somewhere, or probably, just through USAA and out a back door. I have both USAA and Washington Mutual investigating it, but boy, it's a rude way to start someone's morning!

Anyway Michael, if you have a view of what may have happened, I'd love to hear it. The only thing differently I've done recently is to reset my DNS server numbers in my wireless router to those of openDNS.com, a free service that supposedly prevents phishing, etc. I've since reset the router to just get DNS numbers automatically (I'm with Verizon).

Sorry to bother you with this, but you're probably much savvier than any of these folks and might have some insight. As it is, I'm grateful that ------y keeps her money with a separate bank, though we do have other WaMu Joint accounts... Makes us gunshy to use the internet for banking transactions (emphasis is mine) - or at least to maybe designate just one, and then to feed it funds for electronic fund transfers at the time bills come due...

All the best,
N------

This sort of thing is very uncommon, but we always jump to the conclusion that we've been hacked by a criminal. This is the email I sent back to my friend last night:

Hello N------,
  1. Go to a friends house or a system at work and change all of your passwords! Don't use your computer, it may have been compromised.

  2. Never re-use a financial site password with any other site.

  3. Change the password on your router and other network equipment.

  4. Have an expert look at your computer, if it has been compromised you'll need a professional to get it fixed. If it were me, I would back up my data and reinstall from secure media.
If you were not phished then your bank may have been pharmed.

It is very unlikely that an outsider directly compromised the the bank. If you used a unique id and password, a random hacker would not gained access by guessing your password.

There are many possible explanations for your problem.
Someone you know compromised your access:
  • They knew enough about you to access your account. If this is true the bank will be able to follow the money to them.

Some stranger compromised your access:
  • If you used your bank password at a secondary web site the secondary web site might have been compromised, leading to a compromise of your bank account.
  • Your system may have been compromised through an attack launched by a web site that you have visited. These days criminals compromise you via the web and install a program to record the web sites and passwords you use (keystroke logger). Once they captured your bank password they would have set up a transfer to withdraw money from your account.
  • You may have been phished or pharmed. Catbird Pharming ShieldI doubt you were phished, but pharming is very hard to detect. In a pharming attack the criminals impersonate your bank web site by hijacking the infrastructure the site relies on. You think you're visiting WAMU or USAA but in reality you have been redirected to a fraud site.

An employee at one of your banks has exploited a flaw in the bank's security:
  • Banks have several layers of protection to prevent this, but criminals are very creative at exploiting loopholes or flaws in network or web application security.

Either USAA or WAMU has made a transaction error:
  • This doesn't happen often, but it does happen. Personally, I have had my bank process duplicate transactions on more than one occasion. The situation you describe is very suspicious but it may turn out to just be a simple mistake.

Take care and feel free to contact me directly.
So what do you think, did I give my friend good advice?

No comments: