Warning: Don't use common area PC's at hotels to access your invstment accounts

[ScaredtoQuit]

I saw a report on television this morning about a new scam that everyone should be aware of. It seems that there's an organized gang of thieves who are installing key loggers at the PC's that many hotels maintain for guests in their "business centers". When a guest uses the PC to access their online bank and investment accounts, the key loggers record the account number and password. Then, a few days later, one of the thieves stops by and retrieves the information. Apparently, quite a few people have had their entire investment account cleaned out. Usually the funds are transferred to eastern Europe where they are virtually impossible to get back.

In the past, I have always shied away from using "common area" computers to access personal bank and investment account information. Now, I've got some real life examples of why this shouldn't be done!

 

[modhatter]

Thanks for the information. It is a pitty that bad people can spoil a good thing.

 

[saluki9]

Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Honestly, who is putting their ID and PIN for their portfolios into a public computer?

 

[ScaredtoQuit]

Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Honestly, who is putting their ID and PIN for their portfolios into a public computer?

Apparently from the report, lots of people. Remember, what's obvious to you might not be so obvious to others.

 

[ScaredtoQuit]

Which reminds me... I actually met a phishing victim, just moments after the crime took place. She got an email from "EBAY" requesting her to verify her name, account number, password, etc. A minute after she had entered her response and pressed "enter", it dawned on her that the email was a phishing solicitation. Because she acted immediately she was able to contact EBAY, unhook her account from her credit card and freeze her account.

The long and the short of it is that even if you are reasonably savvy about such things, if you let your guard down even for a short time, you can get zapped. In other words, the reminder is wholly merited.

 

[crazy connie]

I can see many people doing this. When I was a "Road Warrior" I did total on-line banking. Had my laptop taken a dump, I would have done that in a heartbeat. Now I would know better and only transact from home pc. Of course a few years back this phishing was not put out there in the news like it is now. The funny thing is I was involved in Internet Security with an ultra major bank and we discussed the firewall safety issues on a routine basis! I was lucky and am glad for not having been a victim.

 

[JohnEyles]

Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Honestly, who is putting their ID and PIN for their portfolios into a public computer?

Someone who is on the road, without a laptop, and wants to check their
accounts or trade ? Is there any good way to check for a key-logger ?

 

[ScaredtoQuit]

Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Someone who is on the road, without a laptop, and wants to check their
accounts or trade ? Is there any good way to check for a key-logger ?

Hard to do on a public computer. You can check for unusual looking hardware devices sticking out of one of the ports or between a periperal (think keyboard) and the cpu. But if it's a software implementation, the only way to be sure if to run a diagnostic using a good spyware program. And even then, you're still at the mercy of how good the spyware program is. Like I said, very hard to do on a public computer.

 

[saluki9]

Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Someone who is on the road, without a laptop, and wants to check their
accounts or trade ? Is there any good way to check for a key-logger ?

If this is a normal situation, I would suggest that you should probably deal with a large discount firm with nationwide offices such as Schwab or Fidelity. If not, I would either buy a laptop or wait until you get home.

You might be able to store a spyware app on a USB drive and use that, but then again any public machine that lets you install software probably isn't that safe to begin with.

The moral of the story is this. Using public computers for personal and financial data is a bad idea. If you're involved in any financial transactions that require regular upkeep such as trading futures or options you should be able to buy your own computer to take with you.

 

[bbuzzard]

Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Someone who is on the road, without a laptop, and wants to check their accounts or trade ? Is there any good way to check for a key-logger ?

If you are technically savy you can boot these computers using a usb key implementation of a paranoid flavor of unix, then establish a VPN connection to the internet. However, this will not offer foolproof protection from hardware keyloggers (it does offer some effective but not foolproof tools). Best to just wait until you get home or use the phone.


see http://www.metropipe.net/ for an example.

 

[Rich_by_the_Bay]

I think it was someone on this board who suggested that if you MUST do this on a public computer, at least scramble your password by doing a bunch of mouse-based selects/replaces in random order to make it harder for the bad guy to figure out the true text.

Like this: p123xyzs, then select xyz with the mouse, type s, select 123, replace with a and so on.

Sounds kind of kludgy but it might help a bit.

 

[bosco]

Re: Warning: Don't use common area PC's at hotels to access your invstment accou

even buying a laptop doesn't mean you shouldn't be careful.

I've heard that there is a scam where people set up "free" wireless networks at airports etc. People who use them find out the data they transmitted across them has been captured.

So watch out what networks you connect your laptop to as well.

 

[bbuzzard]

Re: Warning: Don't use common area PC's at hotels to access your invstment accou

even buying a laptop doesn't mean you shouldn't be careful.

I've heard that there is a scam where people set up "free" wireless networks at airports etc. People who use them find out the data they transmitted across them has been captured.

So watch out what networks you connect your laptop to as well.

While this is correct, if you area accessing a secure page, the page is encrypted from your computer to the other end. Thus, it does not matter if the message is intercepted. All messages along the internet are out in the open, not just ones on public wifi sites. The public wifi sites are just a little easier to intercept. Hopefully all financial pages you access are encrypted.

 

[Delawaredave]

Do any of the investment companies have "limited withdrawl" restrictions electonically that you can sign up for ?

Or "no electronic withdrawl" ?

I would like to see something where large redeptions require phone call from your address on record or verification at local bank or office or fingerprints or DNA (OK, getting a little extreme...).

Many have money under Vanguard or Fidelity for 20+ years with no withdrawls - and don't need or want the convenience of electronic withdrawls (or any withdrals for that matter...).

Something to make it tough if one's account info is compromised.

 

[lazygood4nothinbum]

there have been a few threads on similar topic. here's one with some good info in it.

Do any of the investment companies have "limited withdrawl" restrictions electonically that you can sign up for ?

Or "no electronic withdrawl" ?

I would like to see something where large redeptions require phone call from your address on record or verification at local bank or office or fingerprints or DNA (OK, getting a little extreme...).

i suggested something similar on another post. my thought was to have read-only access on computer so you can easily review your accounts but to have transactions made available only by telephone, either person to person or via dial tones.

 

[teejayevans]

Re: Warning: Don't use common area PC's at hotels to access your invstment accou

If you are technically savy you can boot these computers using a usb key implementation of a paranoid flavor of unix, then establish a VPN connection to the internet. However, this will not offer foolproof protection from hardware keyloggers (it does offer some effective but not foolproof tools). Best to just wait until you get home or use the phone.

Why do you need VPN, get a linux live CD, boot it up, unless they modified the
computer hardware, there will be no keylogging or virus to worry about, the
browser (Firefox) encrypts the data. Note, don't use the same password for
sites like this one versus you bank accounts. You only need VPN if you want
to get to your company intRAnet

 

[cute fuzzy bunny]

The fun ranges from:

- Keyloggers
- Form captures with decryption
- Session captures with decryption
- Using equipment to capture screen emissions, allowing recreation of your screen image on a remote viewer
- Using probe tools you can now buy off the shelf to exploit known holes in all of the major operating systems on any local wireless client
- Probe tools that can be used to tap into the dsl/cable stream in 'promiscuous mode' to see what your neighbors are doing

Yada, yada, yada...

If someone wants you, they can get you. Good news is that nobody is that motivated and not many of us are really that interesting.

 

[jphripjah]

Som companies, like ETRade, say that they will cover any fraud losses, as long as you didn't give the person the account info/password. I've never had to use this though.

https://us.etrade.com/e/t/welcome/securityguarantee

 

[bbuzzard]

Re: Warning: Don't use common area PC's at hotels to access your invstment accou

Why do you need VPN?

If you are concerned about people intercepting your non-encrypted web-pages, this is a way to go. It also offers a second layer of security to encrypted web pages. Of course, it is not the only solution.

 

[bbuzzard]

Re: Warning: Don't use common area PC's at hotels to access your invstment accou

unless they modified the computer hardware, there will be no keylogging or virus to worry about

You do not have to modify the keyboard. Hardware keyloggers are very common, existing as usb keys or devices that plug between the keyboard and cpu. Some paranoid linux systems offer ways to assist in defeating these systems, similar but better than the windows on-screen keyboard.

purchase your keylogger here (one of 100s of sites):
http://www.keyghost.com/USB-Keylogger.htm