Bigritchie
Recycles dryer sheets
- Joined
- Jun 13, 2007
- Messages
- 377
I got a keylogger once and it was a utter nightmare. Online banking terrifies me now, as do using CCards etc online.
The threat of having someone compromise your laptop is real. You should take the perspective that "Some one is trying to do it". What do you need to do to protect yourself? One way to think about it: You are walking in a very bad urban neighborhood at night. You would feel that you are at risk... right! You would probably take precaution to protect yourself.... I just spoke with an IT person from England, and he suggests that if keyboard loggers are a concern to you, when you put your personal information and passwords into a form, simply put the cursor somewhere else once in a while to do a keystroke.
I agree with what I think your point is here - 'be defensive' . However, I couldn't live my life with that perspective. I'd never leave my bedroom!Chinaco
You should take the perspective that "Some one is trying to do it".
if you have your computer setup to share files at home (on the local network
I personally do not keep sensitive files on my computer.
The subject is kinda like investing (very deep and complicated)... you need to read and self educate. plus: Caveat utilitor - let the user beware.
It is literally a mine field out there. I would not tell you to not use those networks...Just be very careful (i.e., defensive).
Bigritchie
A good indicator too, is if most of your passwords are saved to places like websites where it autologs you in, and all of a sudden everywhere you go, you have to type everything in again, you most likely have a logger.
kcowan
My bank has implemented a set of five challenge/response questions. e.g.
What is your father's middle name?
And the technique that Akeisha describes will work with all known keyloggers. It can be defeated by capturing screenshots, but that makes its operation noticeable. The extra precaution would be to type 145, jkl as described, then insert 23 to complete the pw.
Of course passwords should contain a mix of alpha and numeric:
viz: bqp6t8a3 rather than fluffy
BTW, you know how we hear stories of accounts being cleaned out by an electronic/digital thief, having all your money wired to their hidden account somewhere? How does that actually happen?
I have a trading password that is required. Because I am not a frequent trader, it would be hard to steal it.
I have a trading password that is required. Because I am not a frequent trader, it would be hard to steal it.
I suspect it is authors that have no idea how things actually work. Transfers within the banking system, in my experience, require human intervention to set up a new payee destination unless it is a recognized service provider. So maybe they can prepay my phone bill for me. But they cannot get the money.BTW, you know how we hear stories of accounts being cleaned out by an electronic/digital thief, having all your money wired to their hidden account somewhere? How does that actually happen? In our experience of having money transferred through a wire transfer, there are all these forms we have to fill out, then they check out all the accounts, numbers, names, and so on, then they transfer like 10 cents to be sure it goes through, then they transfer the whole sum. It takes about 10 days or 2 weeks.
The news stories I read say it can happen any time, and in moments. The thief changes your passwords, you cannot get into your account and before you know it, all your retirement savings are gone.
In our experience, when we change our passwords, first, we get notification that that has been done either electronically or by mail or both. If we change our address, we get notification at both the old address and the new one as well. All this takes time. It doesn't happen in an instant...? If someone was trying to have a check cut and sent to their address, I would know something was up long before it happened.
What am I missing here?
Hi Chinaco...
Thanks for the articles, FX. Took a look at them and talked with Billy about 'em.Here are news accounts of two incidents that happened in 2006:
"criminals use personal information such as Social Security numbers to break into accounts. Once in control, they loot the accounts by selling securities and wiring out the proceeds far from the U.S. "
shows that these brokerage houses take these incidents seriously and they will do what they can to make the client whole and keep the industry up to modern needs and threats."E*Trade promised in January that it would reimburse customers for any losses due to fraud in an effort to allay concerns about trading over the Internet or keeping cash in online bank accounts. TD Ameritrade and Schwab offered similar guarantees in February and Fidelity followed in May."
"a pair of Canadian brokerages, including BMO InvestorLine, discovered that someone had gained unauthorized access to a handful of client accounts, and then liquidated the portfolios. "
People who have these brokerage accounts and want to do online trading or wiring or transfer of funds need to become familiar with the nasty phishing phenomenon. If you give up your credit card number, your social security number or your brokerage account number due to a phishing scam..... whew. It's tough."there is no indication that fraudsters had penetrated the security systems at these on-line brokerages." and "One theory is that investors unwittingly gave up their passwords through what is known as a "phishing" e-mail, a scheme that has become increasingly pervasive in the investment industry. "
What an excellent idea.I have a trading password that is required. Because I am not a frequent trader, it would be hard to steal it.
Exactly. Many authors who write about financial subjects (like ER for instance ) don't actually know their subject matter from the inside personal experience point of view.I suspect it is authors that have no idea how things actually work. Transfers within the banking system, in my experience, require human intervention to set up a new payee destination unless it is a recognized service provider. So maybe they can prepay my phone bill for me. But they cannot get the money.
me too.And then since the extra trading password is also required on the investment accounts, they cannot sell my stocks to buy some OTC trash. Possibly other implementations are just a lot looser. I would appreciate anyone with actual experience.
Hey, Chinaco, no problem. I didn't take it as a personal criticism. Everyone has their own way and I'm sorry if you thought I was ripping you a new one...My comments were not a criticism of what you are doing (how you manage your portfolio remotely). It was more of a general safety warning to all; be careful. It may sound overly cautious, but the general approach to security is to be cautious in a proactive way.
Unfortunately, identity theft and fraud are common place today. The perpetrator doesn't have to confront the victim directly and once they have the information, it must be easy to exploit.
For a lightweight laptop (about 2 lbs), for surfing the internet, I keep reading the internet blurbs about the new Asus Eee that will be released in the next few weeks. If the reviews after release come out looking good, I'll be sorely tempted to buy.