New Security Threat

A new computer virus has been identified that may cause a fraudulent message to display on the user’s computer while they are in the process of paying their bills online. This message attempts to trick users into providing sensitive information such as account numbers and passwords in order to commit fraud.

 

The fraudulent message is generated from a source outside of Online Banking, but an end user may be impacted if they have unknowingly infected their computer with the new virus through activities such as illegally trading software, executing files sent via email, or allowing scripts to execute while browsing the Internet.

 

When an end user whose computer is infected with this virus is using online bill payment, the virus may intercept the browser session and display a fraudulent Web page requesting additional information. This fraudulent Web page appears framed within the bill payment window and prompts the user for sensitive information such as debit card account numbers and passwords. This is an attempt to commit fraud, and the user should not provide the requested information.

 

Online Banking and bill payment provider partners would never ask for this information in the middle of a bill payment transaction. Any deviations from the documented and expected bill pay system behavior may be attempts to commit fraud.

 

Again, this particular fraud attempt would only occur if an end user has the virus on their local computer. The fraud attempt is taking place in a browser window that is outside of the Online Banking system.

 

 

Best Practices for Online Security

To help prevent fraud and to follow best practices for online security, users should:

             

·         Only install software from trusted sources and known origins. Software sent via email is particularly dangerous as viruses are often transmitted via email.

 

·         Install and maintain Antivirus and Anti-Spyware software on your computer.

 

·         Update software to benefit from the latest security protections.

 

·         Pay attention to warning messages presented through your browser. Browser warning messages may indicate a security threat.

 

 

 

August 2007