New security warning from Bank of Ireland

25-10-2005

by Ciara O'Brien

Online banking has suffered yet another security blow, as users are warned about a new virus that aims to gather confidential financial information.

Bank of Ireland issued the alert on Monday, warning users that a virus -- unrelated to the bank's online banking website -- could compromise user's accounts.

The Trojan is triggered by logging into a secure or password protected site. It generates a "dummy" page that asks for confidential information, such as security and logon passwords, credit card numbers and account information.

According to the bank, none of its systems have been compromised and there has been no security breach of its website.

A spokesperson for Bank of Ireland confirmed a number of customers had called the bank after noticing irregularities when attempting to log in to their accounts. However, so far, the numbers are relatively low. The spokesperson also pointed out that the bank was not trying to alarm people, but instead felt that users should be aware of the threat.

"Keeping customer information secure is a top priority for us, but it is also important for customers to protect confidential information when online," said Cormac O'Byrne, head of group information security at Bank of Ireland, in a statement. "Everyone who uses the internet should be cautioned to install and keep their anti-virus software updated, ideally on a daily basis. This is essential for those who use their PC's for financial transactions, such as online banking and credit card purchases."

This is the latest blow to confidence for online banking users, who have had to deal with an increasing number of security threats. Earlier this year, Bank of Ireland issued a security alert to its customers regarding an e-mail phishing scam that was attempting to fool users into thinking it came from the bank itself.

And security threats are on the rise, with IBM's Global Business Security Index indicating that the incidence of virus-laden e-mails and criminally-motivated cyber attacks grew by 50 percent in the first half of 2005.

The number of attacks aimed at the financial services, government, manufacturing and healthcare industries, has increased, as malware writers become more focused on stealing important data, identity theft and extorting money.

The report found that there were more than 237 million security attacks in the first half of the year, with about 34 million attacks on the financial services sector. However, on a country-by-country basis, Ireland had the lowest rate of attacks, at 30,000.

A report from SurfControl published in September warned that phishing scams are becoming increasingly sophisticated in a bit to fool people into handing over their confidential information.

That report drew attention to a new "Secured Phishing" threat, which uses the HTTPS protocol to show it is a "secure" cert, and a self-issued security certificate that prompts an alert dialogue box.