Businesses vulnerable to cyber attacks

Aug 31, 2009 By Susan Tompor

Most of us think cyber crooks cast their phishing lines mostly to try to hook everyday consumers. But some businesses across the country have seen hundreds of thousands of dollars vanish from their bank accounts after cyber attacks.

"These e-mails look legitimate," said Terry Thornton, senior vice president of fraud services for Dallas-based Comerica Bank. "People are falling for it because they look so good."

Business owners, as well as managers of school districts and government entities, need to be aware that cyber attacks have hit online banking accounts of others. They must be diligent about updating antivirus software, as well as training their staff to avoid giving specific account numbers in response to an that looks like it actually came from the bank.

What's essential for business owners to understand is that they do not have the same protections offered to a consumer in such cyber attacks.

"In these types of small-business accounts, the customer loses the money," Thornton said.

While bankers will attempt to rescue the funds, business owners could be out a lot more money than a typical consumer who is hit by a . This applies to business accounts of all sizes, small and large.

So it's key that businesses look for warning signs.

Cyber attacks typically run in waves, Thornton said. Things can be quiet for a while and then suddenly small businesses report fraudulent e-mails.

Criminals who often live overseas are crafting ways to plant on a company's computers and enable the crooks to construct wire transfers to send money to dozens of operators who then launder the money and wire it back to the cyber crooks.

For businesses, the fraud becomes more difficult because business owners do not have protections similar to consumers.

Consumers who bank online in the United States are protected by Regulation E, which generally holds that consumers are not liable for unauthorized transactions against their bank accounts, but the consumer cannot go more than 60 days without reporting suspicious or unauthorized charges or debits.

But if hackers pull out money from the small business' or community's bank account, the bank does not have an obligation to cover that stolen money. That doesn't mean a legal battle won't take place.

The Bullitt County Fiscal Court in Kentucky ended up suing First Federal Savings Bank over an online theft.

Bullitt officials discovered $415,989 missing from its account on June 29. They contend hackers used a malicious code called ZeuS, which allowed them to steal the county's user name and passwords from a county computer and log on through a county Internet connection, according to a report in the Courier-Journal in Louisville.

Less than $10,000 was withdrawn at a time, and payments were deposited in outside of Kentucky.

The suit, which was filed in Bullitt Circuit Court, claims the Elizabethtown-based bank could have prevented the theft if it had not ignored irregularities in Bullitt's payroll account.

The bank disagrees and says its online system is not at fault.

Both consumers and business owners must carefully review their accounts regularly, even daily, to try to spot early on.

Everyone could use yet another lecture on why we all need to be extremely careful about e-mails, text, or instant messages that appear to come from your bank, a government agency, an online seller or another organization that you might recognize.

(c) 2009, Detroit Free Press.
Visit the Freep, the World Wide Web site of the Detroit Free Press, at
Distributed by McClatchy-Tribune Information Services.

Explore further: Austria court throws out Facebook privacy class action suit

Related Stories

Canadian charged in US in Internet gambling case

Aug 06, 2009

A Canadian resident was indicted in the United States on fraud and related charges for processing some 350 million dollars for Internet gambling firms, officials said Thursday.

Networking: Is that bank's URL legitimate?

May 01, 2006

Computer-security professionals at the weekend were working on what is being described as a just-emerging IT problem -- the kind which, if the pros are correct, potentially could imperil all e-commerce across ...

Avoid cyber Grinches, scams and schemes

Nov 18, 2005

As consumers go online in record numbers this holiday to shop and make travel plans, security experts advise that they take a few basic precautions to keep from getting ripped off or have their identity stolen.

Recommended for you

New approach to online compatibility

Jun 30, 2015

Many of the online social networks match users with each other based on common keywords and assumed shared interests based on their activity. A new approach that could help users find new friends and contacts with a greater ...

Most internet anonymity software leaks users' details

Jun 29, 2015

Virtual Private Networks (VPNs) are legal and increasingly popular for individuals wanting to circumvent censorship, avoid mass surveillance or access geographically limited services like Netflix and BBC ...

WikiLeaks says NSA spied on French business

Jun 29, 2015

WikiLeaks has released documents that it says show that the U.S. National Security Agency eavesdropped on France's top finance officials and high-stakes French export bids over a decade in what the group called targeted economic ...

Google gets extended deadline to answer EU case

Jun 29, 2015

Brussels has given Google an extension until mid-August to answer an anti-trust case alleging that the tech giant abuses its search engine's market dominance, a company spokesman said Monday.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.