Online Banking WARNING - Beware Limbo Trojan
I just spent 1/2 on phone with tech support from my bank (one of the top 5 major banks in America).
Wanted to WARN EVERYONE!!! I just had either the new Limbo trojan or Clickjacking try to steal my online banking ID and password. The way it works is VERY tricky. It's
not obvious like with phishing. You are TOTALLY on your bank site, bank url, even https secured address and no obvious sign you are getting your account jacked unless you know what you are looking for.
SEE WHY THIS IS SUCH A BIG DEAL BELOW in RED
Larry posted a couple days ago about the ClickJacking cross browser exploit that has security experts, Microsoft and Mozilla really concerned. It affects every browser. (THANK YOU LARRY - if I had not read this article I would not have figured this out in time to prevent having my bank account hijacked)
Warning To Disable Browser Plug-Ins - Cross Browser Exploit
Due to reading that post, I disabled all plug-ins and added the noscript plug-in since that is supposedly the only way to stay SOMEWHAT safe. But even though somewhat protected have been afraid to do online banking. Today needed to and was careful to watch what happened.
SOMETHING WAS TRYING TO STEAL MY USER ID. Had it not been for Larry's warning I could have just thought, oh my bank changed this screen around a little or something. I would not have been looking critically. I remembered when I was looking for more info about ClickJacking I found an a article about a new trojan that steals online banking info. So when something odd happened today I went to do more research on both - feeling pretty sure one of them was at play.
I'm pretty sure it was the trojan, not the clickjacking that was trying to steal my banking info. I'll try to tell you what happened so you can be careful.
Went to log in with same user name I always use. It did not take me to the next security screen it always does to ask for next piece of info. It took me to a new screen that looked VERY official on the https//bank site. It had all the normal info you'd expect and links to more info about security and all that.
Thing is, I entered my user name correctly and this page said:
It had never taken me to a page like that and was asking twice in 2 different ways for me to enter my ID.
So luckily since I had read the articles above I was worried. Called tech support. Had her enter my ID to see what screen she got next and she got the next security screen like you are supposed to. So asked her to enter my user name with a typo to compare the error screen it took her to. Very similar but NOT the same. We determined someone was trying to jack me, even though she had NO clue about either of the problems above and checked with her supervisor and he had no idea either.
I told them they need to study up, make all staff aware and put a big warning on the the log in.
WHY THIS IS SUCH A BIG DEAL???
With the economy problems financial experts are saying pull your investments and stick them in the bank. They are also saying spread your money around so you don't exceed the FDIC insurance.
So more people are sticking money in the bank, moving money around, opening new accounts, some are panicking but also the subtle difference I saw on that page - Joe surfer would not in a million years have noticed. I would not even have missed a beat if I was in a hurry and had not read that article. I would have double checked the page was secure and checked to be sure the address bar still showed me on a valid bank page. Then I would have assumed this was a normal error page I'd never seen before and MAY have entered my ID.
The other reason this is a big deal is that this trojan software used to sell for $5,000, now it's only $350. So with the BAD economy, more BAD guys are going to try to find ways to steal. This software makes it cheap and easy to do so! The PCworld article said:
Last of all, it's APPALLING to me that one of the biggest banks in America has no clue about this.
I just spent 1/2 on phone with tech support from my bank (one of the top 5 major banks in America).
Wanted to WARN EVERYONE!!! I just had either the new Limbo trojan or Clickjacking try to steal my online banking ID and password. The way it works is VERY tricky. It's
not obvious like with phishing. You are TOTALLY on your bank site, bank url, even https secured address and no obvious sign you are getting your account jacked unless you know what you are looking for.
SEE WHY THIS IS SUCH A BIG DEAL BELOW in RED
Larry posted a couple days ago about the ClickJacking cross browser exploit that has security experts, Microsoft and Mozilla really concerned. It affects every browser. (THANK YOU LARRY - if I had not read this article I would not have figured this out in time to prevent having my bank account hijacked)
Warning To Disable Browser Plug-Ins - Cross Browser Exploit
Due to reading that post, I disabled all plug-ins and added the noscript plug-in since that is supposedly the only way to stay SOMEWHAT safe. But even though somewhat protected have been afraid to do online banking. Today needed to and was careful to watch what happened.
SOMETHING WAS TRYING TO STEAL MY USER ID. Had it not been for Larry's warning I could have just thought, oh my bank changed this screen around a little or something. I would not have been looking critically. I remembered when I was looking for more info about ClickJacking I found an a article about a new trojan that steals online banking info. So when something odd happened today I went to do more research on both - feeling pretty sure one of them was at play.
Trojan Can Grab Extra Personal Banking Data - PC World
"The Limbo malware integrates itself into a Web browser using a technique called HTML (Hypertext Markup Language) injection, said Uri Rivner, head of new technologies at RSA Consumer Solutions, a division of EMC. Because it's so closely integrated in the browser,
it can operate even while the user is at the real bank site and can actually change the layout of that site, he said.
"Nothing tells you that something is wrong here, with one exception: You're being asked to provide some information that you were never asked to do before," Rivner said during a briefing for reporters and analysts earlier this week. "If you are convinced that you are now communicating with the bank, the fraudsters can get away with anything they like."
I'm pretty sure it was the trojan, not the clickjacking that was trying to steal my banking info. I'll try to tell you what happened so you can be careful.
Went to log in with same user name I always use. It did not take me to the next security screen it always does to ask for next piece of info. It took me to a new screen that looked VERY official on the https//bank site. It had all the normal info you'd expect and links to more info about security and all that.
Thing is, I entered my user name correctly and this page said:
You have not entered your Online ID. Please do so and click the Sign In button.
We didnt recognize the Online ID you entered> Enter another Online ID:
It had never taken me to a page like that and was asking twice in 2 different ways for me to enter my ID.
So luckily since I had read the articles above I was worried. Called tech support. Had her enter my ID to see what screen she got next and she got the next security screen like you are supposed to. So asked her to enter my user name with a typo to compare the error screen it took her to. Very similar but NOT the same. We determined someone was trying to jack me, even though she had NO clue about either of the problems above and checked with her supervisor and he had no idea either.
I told them they need to study up, make all staff aware and put a big warning on the the log in.
WHY THIS IS SUCH A BIG DEAL???
With the economy problems financial experts are saying pull your investments and stick them in the bank. They are also saying spread your money around so you don't exceed the FDIC insurance.
So more people are sticking money in the bank, moving money around, opening new accounts, some are panicking but also the subtle difference I saw on that page - Joe surfer would not in a million years have noticed. I would not even have missed a beat if I was in a hurry and had not read that article. I would have double checked the page was secure and checked to be sure the address bar still showed me on a valid bank page. Then I would have assumed this was a normal error page I'd never seen before and MAY have entered my ID.
The other reason this is a big deal is that this trojan software used to sell for $5,000, now it's only $350. So with the BAD economy, more BAD guys are going to try to find ways to steal. This software makes it cheap and easy to do so! The PCworld article said:
The ease of going into business with this model may dramatically increase the volume of online fraud, he said.
"If phishing were a stock, I would invest in it," Rivner said.
Last of all, it's APPALLING to me that one of the biggest banks in America has no clue about this.