My brother was recently a victim of internet fraud where someone had got his log in details for online banking and setup transfers to send money to another account. Now this really surprised me as he is not stupid and runs his business on the internet and wouldn’t have fallen prey to any phishing emails.

He runs anti virus software on his PC but received a key logging program via an email which wasn’t picked up by him or by the software. These key loggers record all the key strokes you make on your PC and then sends the results through to the criminals who then analyze this data trying to strip out usernames and passwords to get access to any online accounts you may have.

Given that the security of most online banks has improved over the years I questioned how they managed to get through. When he logs onto internet banking he has to enter his log in details and then is taken to a separate page which he then has to go through further security and enter random characters from another password via a drop down menu. These menus are very secure and stop key loggers from getting these details hence making your sign in more secure.

So how did they get in? My brothers downfall was due to laziness which I’m sure there are many hundreds of thousands of people who would fit into this category. What he had done was use 1 password across many other accounts he had with people like Ebay, Paypal, Web Hosting accounts etc, because it was easier for him to remember and it was this password which he also used for his online banking drop down menu password.

Now the criminals will be able to see this pattern and used it to get into his bank account. Luckily he caught it quite quickly and the bank were able to instantly return the money but has he have not logged in for some days he might not have been so lucky.

The moral to the story is “Don’t use the same password across multiple accounts“.

Posted in Internet