Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Warning: Don't use common area PC's at hotels to access your invstment accounts
Old 03-20-2007, 07:15 AM   #1
Recycles dryer sheets
ScaredtoQuit's Avatar
 
Join Date: Jan 2007
Posts: 194
Warning: Don't use common area PC's at hotels to access your invstment accounts

I saw a report on television this morning about a new scam that everyone should be aware of. It seems that there's an organized gang of thieves who are installing key loggers at the PC's that many hotels maintain for guests in their "business centers". When a guest uses the PC to access their online bank and investment accounts, the key loggers record the account number and password. Then, a few days later, one of the thieves stops by and retrieves the information. Apparently, quite a few people have had their entire investment account cleaned out. Usually the funds are transferred to eastern Europe where they are virtually impossible to get back.

In the past, I have always shied away from using "common area" computers to access personal bank and investment account information. Now, I've got some real life examples of why this shouldn't be done!

__________________

__________________
ScaredtoQuit is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Re: Warning: Don't use common area PC's at hotels to access your invstment accounts
Old 03-20-2007, 11:12 AM   #2
Full time employment: Posting here.
 
Join Date: Aug 2005
Posts: 942
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts

Thanks for the information. It is a pitty that bad people can spoil a good thing.
__________________

__________________
modhatter is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accou
Old 03-20-2007, 11:26 AM   #3
Thinks s/he gets paid by the post
saluki9's Avatar
 
Join Date: Feb 2005
Posts: 2,032
Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Honestly, who is putting their ID and PIN for their portfolios into a public computer?
__________________
saluki9 is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accou
Old 03-20-2007, 12:19 PM   #4
Recycles dryer sheets
ScaredtoQuit's Avatar
 
Join Date: Jan 2007
Posts: 194
Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Quote:
Originally Posted by saluki9
Honestly, who is putting their ID and PIN for their portfolios into a public computer?
Apparently from the report, lots of people. Remember, what's obvious to you might not be so obvious to others.
__________________
ScaredtoQuit is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts
Old 03-20-2007, 12:26 PM   #5
Recycles dryer sheets
ScaredtoQuit's Avatar
 
Join Date: Jan 2007
Posts: 194
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts

Which reminds me... I actually met a phishing victim, just moments after the crime took place. She got an email from "EBAY" requesting her to verify her name, account number, password, etc. A minute after she had entered her response and pressed "enter", it dawned on her that the email was a phishing solicitation. Because she acted immediately she was able to contact EBAY, unhook her account from her credit card and freeze her account.

The long and the short of it is that even if you are reasonably savvy about such things, if you let your guard down even for a short time, you can get zapped. In other words, the reminder is wholly merited.






__________________
ScaredtoQuit is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts
Old 03-20-2007, 12:39 PM   #6
Thinks s/he gets paid by the post
 
Join Date: Feb 2006
Posts: 1,183
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts

I can see many people doing this. When I was a "Road Warrior" I did total on-line banking. Had my laptop taken a dump, I would have done that in a heartbeat. Now I would know better and only transact from home pc. Of course a few years back this phishing was not put out there in the news like it is now. The funny thing is I was involved in Internet Security with an ultra major bank and we discussed the firewall safety issues on a routine basis! I was lucky and am glad for not having been a victim.
__________________
crazy connie is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accou
Old 03-20-2007, 12:47 PM   #7
Full time employment: Posting here.
 
Join Date: Sep 2006
Posts: 608
Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Quote:
Originally Posted by saluki9
Honestly, who is putting their ID and PIN for their portfolios into a public computer?
Someone who is on the road, without a laptop, and wants to check their
accounts or trade ? Is there any good way to check for a key-logger ?



__________________
JohnEyles is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accou
Old 03-20-2007, 12:54 PM   #8
Recycles dryer sheets
ScaredtoQuit's Avatar
 
Join Date: Jan 2007
Posts: 194
Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Quote:
Originally Posted by RustyShackleford
Someone who is on the road, without a laptop, and wants to check their
accounts or trade ? Is there any good way to check for a key-logger ?
Hard to do on a public computer. You can check for unusual looking hardware devices sticking out of one of the ports or between a periperal (think keyboard) and the cpu. But if it's a software implementation, the only way to be sure if to run a diagnostic using a good spyware program. And even then, you're still at the mercy of how good the spyware program is. Like I said, very hard to do on a public computer.
__________________
ScaredtoQuit is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accou
Old 03-20-2007, 01:18 PM   #9
Thinks s/he gets paid by the post
saluki9's Avatar
 
Join Date: Feb 2005
Posts: 2,032
Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Quote:
Originally Posted by RustyShackleford
Someone who is on the road, without a laptop, and wants to check their
accounts or trade ? Is there any good way to check for a key-logger ?
If this is a normal situation, I would suggest that you should probably deal with a large discount firm with nationwide offices such as Schwab or Fidelity. If not, I would either buy a laptop or wait until you get home.

You might be able to store a spyware app on a USB drive and use that, but then again any public machine that lets you install software probably isn't that safe to begin with.

The moral of the story is this. Using public computers for personal and financial data is a bad idea. If you're involved in any financial transactions that require regular upkeep such as trading futures or options you should be able to buy your own computer to take with you.

__________________
saluki9 is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accou
Old 03-20-2007, 01:49 PM   #10
Recycles dryer sheets
 
Join Date: Dec 2005
Posts: 209
Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Quote:
Originally Posted by RustyShackleford
Someone who is on the road, without a laptop, and wants to check their accounts or trade ? Is there any good way to check for a key-logger ?
If you are technically savy you can boot these computers using a usb key implementation of a paranoid flavor of unix, then establish a VPN connection to the internet. However, this will not offer foolproof protection from hardware keyloggers (it does offer some effective but not foolproof tools). Best to just wait until you get home or use the phone.


see http://www.metropipe.net/ for an example.
__________________
bbuzzard is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts
Old 03-20-2007, 03:02 PM   #11
Moderator Emeritus
Rich_by_the_Bay's Avatar
 
Join Date: Feb 2006
Location: San Francisco
Posts: 8,827
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts

I think it was someone on this board who suggested that if you MUST do this on a public computer, at least scramble your password by doing a bunch of mouse-based selects/replaces in random order to make it harder for the bad guy to figure out the true text.

Like this: p123xyzs, then select xyz with the mouse, type s, select 123, replace with a and so on.

Sounds kind of kludgy but it might help a bit.
__________________
Rich
San Francisco Area
ESR'd March 2010. FIRE'd January 2011.

As if you didn't know..If the above message contains medical content, it's NOT intended as advice, and may not be accurate, applicable or sufficient. Don't rely on it for any purpose. Consult your own doctor for all medical advice.
Rich_by_the_Bay is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accou
Old 03-20-2007, 03:24 PM   #12
Full time employment: Posting here.
bosco's Avatar
 
Join Date: Jul 2005
Posts: 987
Re: Warning: Don't use common area PC's at hotels to access your invstment accou

even buying a laptop doesn't mean you shouldn't be careful.

I've heard that there is a scam where people set up "free" wireless networks at airports etc. People who use them find out the data they transmitted across them has been captured.

So watch out what networks you connect your laptop to as well.
__________________
I have an inferiority complex, but it's not a very good one.
bosco is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accou
Old 03-20-2007, 03:29 PM   #13
Recycles dryer sheets
 
Join Date: Dec 2005
Posts: 209
Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Quote:
Originally Posted by bosco
even buying a laptop doesn't mean you shouldn't be careful.

I've heard that there is a scam where people set up "free" wireless networks at airports etc. People who use them find out the data they transmitted across them has been captured.

So watch out what networks you connect your laptop to as well.
While this is correct, if you area accessing a secure page, the page is encrypted from your computer to the other end. Thus, it does not matter if the message is intercepted. All messages along the internet are out in the open, not just ones on public wifi sites. The public wifi sites are just a little easier to intercept. Hopefully all financial pages you access are encrypted.
__________________
bbuzzard is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts
Old 03-21-2007, 12:07 AM   #14
Recycles dryer sheets
 
Join Date: Apr 2005
Posts: 184
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts

Do any of the investment companies have "limited withdrawl" restrictions electonically that you can sign up for ?

Or "no electronic withdrawl" ?

I would like to see something where large redeptions require phone call from your address on record or verification at local bank or office or fingerprints or DNA (OK, getting a little extreme...).

Many have money under Vanguard or Fidelity for 20+ years with no withdrawls - and don't need or want the convenience of electronic withdrawls (or any withdrals for that matter...).

Something to make it tough if one's account info is compromised.



__________________
Delawaredave is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts
Old 03-21-2007, 02:25 AM   #15
Thinks s/he gets paid by the post
lazygood4nothinbum's Avatar
 
Join Date: Feb 2006
Posts: 3,895
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts

there have been a few threads on similar topic. here's one with some good info in it.

Quote:
Originally Posted by Delawaredave
Do any of the investment companies have "limited withdrawl" restrictions electonically that you can sign up for ?

Or "no electronic withdrawl" ?

I would like to see something where large redeptions require phone call from your address on record or verification at local bank or office or fingerprints or DNA (OK, getting a little extreme...).
i suggested something similar on another post. my thought was to have read-only access on computer so you can easily review your accounts but to have transactions made available only by telephone, either person to person or via dial tones.
__________________
"off with their heads"~~dr. joseph-ignace guillotin

"life should begin with age and its privileges and accumulations, and end with youth and its capacity to splendidly enjoy such advantages."~~mark twain - letter to edward kimmitt 1901
lazygood4nothinbum is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accou
Old 03-21-2007, 07:56 AM   #16
Thinks s/he gets paid by the post
teejayevans's Avatar
 
Join Date: Sep 2006
Posts: 1,222
Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Quote:
Originally Posted by bbuzzard
If you are technically savy you can boot these computers using a usb key implementation of a paranoid flavor of unix, then establish a VPN connection to the internet. However, this will not offer foolproof protection from hardware keyloggers (it does offer some effective but not foolproof tools). Best to just wait until you get home or use the phone.
Why do you need VPN, get a linux live CD, boot it up, unless they modified the
computer hardware, there will be no keylogging or virus to worry about, the
browser (Firefox) encrypts the data. Note, don't use the same password for
sites like this one versus you bank accounts. You only need VPN if you want
to get to your company intRAnet
__________________
teejayevans is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts
Old 03-21-2007, 08:53 AM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts

The fun ranges from:

- Keyloggers
- Form captures with decryption
- Session captures with decryption
- Using equipment to capture screen emissions, allowing recreation of your screen image on a remote viewer
- Using probe tools you can now buy off the shelf to exploit known holes in all of the major operating systems on any local wireless client
- Probe tools that can be used to tap into the dsl/cable stream in 'promiscuous mode' to see what your neighbors are doing

Yada, yada, yada...

If someone wants you, they can get you. Good news is that nobody is that motivated and not many of us are really that interesting.
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts
Old 03-21-2007, 09:39 AM   #18
Recycles dryer sheets
 
Join Date: Feb 2006
Location: Las Vegas
Posts: 50
Re: Warning: Don't use common area PC's at hotels to access your invstment accounts

Som companies, like ETRade, say that they will cover any fraud losses, as long as you didn't give the person the account info/password. I've never had to use this though.

https://us.etrade.com/e/t/welcome/securityguarantee
__________________
It's pronounced JAY-FRIP-JAH.
jphripjah is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accou
Old 03-21-2007, 10:03 AM   #19
Recycles dryer sheets
 
Join Date: Dec 2005
Posts: 209
Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Quote:
Originally Posted by teejayevans
Why do you need VPN?
If you are concerned about people intercepting your non-encrypted web-pages, this is a way to go. It also offers a second layer of security to encrypted web pages. Of course, it is not the only solution.
__________________
bbuzzard is offline   Reply With Quote
Re: Warning: Don't use common area PC's at hotels to access your invstment accou
Old 03-21-2007, 10:08 AM   #20
Recycles dryer sheets
 
Join Date: Dec 2005
Posts: 209
Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Quote:
Originally Posted by teejayevans
unless they modified the computer hardware, there will be no keylogging or virus to worry about
You do not have to modify the keyboard. Hardware keyloggers are very common, existing as usb keys or devices that plug between the keyboard and cpu. Some paranoid linux systems offer ways to assist in defeating these systems, similar but better than the windows on-screen keyboard.

purchase your keylogger here (one of 100s of sites):
http://www.keyghost.com/USB-Keylogger.htm
__________________

__________________
bbuzzard is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 03:16 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.