I have recently discovered that I can access my personal email account from work. I can also watch auction items on EBay and post to this blog if I so desire. It wasn’t until recently that I tried it, upon the occasion of needing to get into my hotmail account to print my boarding pass for an upcoming flight. I had not tried it before because when I worked for megabank, it was simply no use. Anytime you tried to access practically any website that was not business-related, a heart-stopping page would pop up with a black background and a flashing message of “web access denied” in red capital letters with a red circle with a slash on it. You almost expected it to sound out a loud warning. It also contained an ominous message about the possibility of being reported for abuse. So needless to say, I was very particular about the sites I visited and I always knew I was just one step away from someone sitting in front of a computer screen in a dark room somewhere in Charlotte watching my every keystroke. After this shock therapy programming, I feel guilty now if I happen to access a personal site, despite the fact that my activities are (almost) always after hours.
My point in bringing up websurfing is to warn you that you might accidentally visit a malicious website and have your online banking credentials compromised. The FBI has observed a trend in which cyber criminals use malware to steal the credentials of small- to medium-sized U.S. businesses and in turn sent unauthorized wires to companies in China. Millions have been lost this way. Transfers are sent through intermediary banks in New York (this is typical for foreign wires) for subsequent settlement to businesses in certain cities in China including: Raohe, Fuyuan, Jixi City, Xunke, Tongjiang, and Dongning. The victims tend to be businesses with accounts at local community banks and credit unions.
If you find you are a victim on this type of breach, you can get help from the FS-ISAC Account Takeover Task Force (ATOTF). They have released a Malware Forensic Vendors Matrix, a list of forensic service providers to assist business clients with the removal of malware on their networks and computers.
Knowing that this could happen is as good a deterrent for me as the flashing lights of the “web access denied” page.