Just how dangerous is online banking?

Sure, the Web makes it really simple to manage your money. But, It also makes your account easier to hack into. Here's a look at the risks and realities -- as well as nine smart tips that can help you protect yourself.

Joe Lopez will never forget the day he checked his Bank of America account online and realized that more than $90,000 had vanished.

Months before, the Miami business owner had stopped making weekly visits to his local branch, opting instead to conduct his financial transactions entirely over the Internet.

"I absolutely thought it was safe," Lopez said. "And it was convenient."

What he didn't realize were the risks. A malicious virus had infected his computer and, in a matter of minutes, captured his user name and password -- allowing a hacker to transfer $90,348 to a rogue overseas account.

Lopez got most of his money back months later, after a U.S. federal investigation and, eventually, a lawsuit. But his experience taught him the hard way, he says, what many experts have concluded: "Online banking is a danger."

Since its debut just a decade ago, online banking has become one of the fastest-growing Internet activities. Roughly 43% of people in the U.S. who use the Internet, or about 63 million Americans, do some banking there, according to a 2006 survey by the Pew Internet & American Life Project -- even more than make travel reservations online.

But that growing popularity has also brought increasing anxiety over whether something as private and personal as a bank account can be fully protected in the relatively unregulated and unpoliced world of the Internet.

"It's pretty hard not to do online banking because it is so convenient, and people want convenience," said Atul Prakash, a University of Michigan researcher who conducted a study on the risks of Internet banking. "Nevertheless, there are reasons to worry."

Mia Jozwick, a student at Wagner College in New York City, was duped by a "phishing" e-mail made to look like a message from her bank. Thinking it was an important financial notification, Jozwick responded by firing off her user name and password; she learned it was a scam only after someone emptied her account.

To make matters worse: Thieves were also able to steal her identity, because her password was her Social Security number. It took her a year and help from Identity Theft 911, a service agency, to unravel the mess she found herself in.

How the scams work
Since the birth of electronic commerce, financial institutions have stepped up online security measures to try to make the process less vulnerable to attacks.

Some have spent millions adding more layers of authentication, toughening encryption schemes and going after and shutting down bogus bank sites.

But that hasn't stopped hackers, who continue to look for ways to exploit security gaps.

Among the most popular attacks are phishing schemes that duplicate bank Web sites and ask customers to log on to their accounts. Others send e-mails, purportedly from bank employees, asking for sensitive financial information. Often the two work in tandem, with an e-mail containing a link that directs recipients to a bogus bank site. Both scams are designed to steal user IDs and passwords as a customer types them in, giving a cyber thief access to the person's financial accounts.

Other cyber thieves embed viruses, spyware or "Trojan horses" -- programs that can give thieves unauthorized access to a computer by recording and sending out a user's keystrokes. These programs allow thieves to look over your virtual shoulder as you type in sensitive financial information. Within seconds, your savings and checking accounts, even your investments, could disappear.

How big a problem are we talking about? The numbers are tough to pin down: Experts say there are no reliable studies showing how much money is lost through online banking alone, primarily because banks themselves can't always pinpoint the source of how a crime occurred, whether on the Web or through an ATM.

But various reports offer hints at the magnitude. For instance, about $3.2 billion was lost to phishing attacks in 2007, according to a survey by Gartner, a technology research firm -- with about 3.6 million people losing money to these attacks over 12 months.

"It's a huge business," said Graham Cluley, a senior technology consultant at Sophos, a spam-fighting security firm. "The scammers are literally making millions, and they can be based anywhere in the world."

And the attacks are increasing.

Take the so-called Sinowal Trojan, a virus that injects what seem like legitimate pages on someone's browser, then steals the user's log-in credentials. In probably one of the largest online banking breaches known to date, the virus has compromised 300,000 online bank accounts and about 250,000 credit and debit card accounts over the past three years, according to a study published in October by California's RSA FraudAction Research Lab -- with more than 100,000 online bank accounts hit in the past six months alone.

There are thousands more Trojans out there, many of them specifically targeting online banking customers.

"There is definitely more risk than there was one or two years ago," said Avivah Litan, a Gartner analyst.

She said her clients have told her they've noticed the assaults have doubled in the past six months: "The attacks are so vociferous and manipulative that even the big banks can't stop them."

What are the banks doing?
That's not to say banks are not trying. For a small fee, Bank of America -- the largest online banker in the United States -- recently introduced the SafePass card, a wallet-sized card embedded with a button that, when pressed, sends the customer a six-digit security code via text message. The customer can then enter the code along with his/her user name and password to access an online account. For business accounts or wealthier clients, some banks also offer SecurID, a token-like device that generates a new six-digit code every minute that users need to log in to their accounts.

Bank of America, along with other financial institutions, also has started an alert system advising customers by e-mail or text every time a transaction occurs. "Protecting the safety and security of our customers' information is our top priority," Bank of America spokeswoman Britney Sheehan said.

But not all banks offer the same level of security. "If you are going to do the bulk of your transactions online, you should really shop around to find a bank that has the best security measures," said Anthony Reyes, the CEO of New York's ARC Enterprises, which investigates computer intrusions. "But you have to also make sure you are doing everything right on your side."

Protect yourself
So should you be avoiding online banking altogether? Not so fast: There are risks associated with traditional banking as well.

More than three-quarters of banking fraud stems from offline factors, such as cheque fraud, mail theft or a lost wallet, according to the 2007 Online Banking Security Report, released by Javelin Strategy & Research, a California firm.

"When you're online, even though you have a lot of risks, you're more in control because you can do something about the risk -- you can monitor your accounts, and you can say no to the malicious junk," Javelin President James Van Dyke said. "In the old-fashioned world, such as the paper and mail world, you can't do much to keep prying eyes from looking at those paper cheques and paper statements."

But others point out that online crooks can target thousands, if not millions, of accounts at once, making Web banking the more lucrative target.

"To compromise half a million accounts, you'd have to raid millions of mailboxes -- probably 20 (million) to 30 million in the mail world. But online it could take a matter of seconds," Gartner analyst Litan said. "So in terms of hit rate, online banking is not as safe."

Experts suggest that anyone using online banking should take these steps:

1. When logging on to a bank Web site, a user should look closely at the site's URL to make sure it matches the bank's name. A more secure URL will begin with "https://" and be followed by the bank name. Make sure the bank's padlock is displayed in a corner of the site before you log on.

2. Log on to banks only from a secure computer. Never log on from a public computer in a hotel or cafe, and be careful when logging on to unknown networks with a laptop.

3. If you get a warning e-mail, call your bank -- don't click on any provided links.

4. If your computer is acting strangely -- for instance, reacting slowly or getting pop-ups -- avoid using it for online banking until you can get it checked out.

5. Keep anti-virus and anti-spyware software up to date.

6. Install and maintain a firewall.

7. Never respond to any e-mail that requests personal information.

8. Be leery of fly-by-night, Internet-only banks with high interest rates on savings or chequing accounts. Make sure the bank is FDIC-certified and is insured.

9. And, most importantly, use a different user name and password for each financial account. The password should be complex, with numbers and symbols, and changed regularly.

Still, there are no guarantees.

"It annoys me when people say these consumers are dumb, (that) they fell for it," Litan said. "They are not dumb. These criminals are really good, and you'd have to be a total security geek to stop everything."

One final precaution: Know the rules. Regulations require that banks return money lost to electronic transactions, but the customer has up to 60 days to detect the fraud and two business days to report it. Meanwhile, different banks have their own rules -- look them up before you shift your banking to the Web.

For Lopez, the lesson was painful. As a business owner, he had to sue his bank to try to recover the money; the case settled last year.

Now Lopez is back to old-fashioned banking methods and following up his transactions with phone calls.

"I don't do any online banking anymore. Nothing, zero," he said. "I'm so paranoid."

He also recommends heavy positions in materials stocks, "tied to the strength of emerging markets where infrastructure developments are driving demand for metals and other resources, and rising income levels and meat consumption are pushing up global agricultural prices."

On the negative side, food processors, retailers and other companies that "rely heavily on grain, oil, or other commodities as inputs face increasing costs and thus weaker profits." And rising interest rates are likely to reduce the attractiveness of utility dividends.

Additionally, "financial sector earnings are expected to fall modestly for the first time since 2002," Rubin said. "That compares with expectations just three months ago for a near-double-digit gain for the sector."

Film like ratings for websites?

Film ratings needed for websites: British minister

Britain's culture minister says that websites should be rated in the same way that films are, to protect children from offensive material.

Andy Burnham says his government has plans to discuss the idea of international rules for English-language websites with the administration of U.S. President-elect Barack Obama.

"We have got a real opportunity to make common cause [and] this is an area that is really now coming into full focus," Burnham told Britain's Daily Telegraph newspaper in an article published Saturday.

The minister, who called the internet a "dangerous place," said age-appropriate ratings may be the way to go.

He would also like to see internet-service providers (ISPs) offer parents "child-safe" web services where the only websites accessible are those stamped suitable for children.


Burnham also suggested the internet follow television's example, which often doesn't broadcast violent or sexually charged material prior to 9 p.m. There should also be a set time in which sites such as YouTube or Facebook would have to remove offensive or harmful content, he said.

Burnham has denied that he's attacking free speech.

"The internet has been empowering and democratizing in many ways but we haven't yet got the stakes in the ground to help people navigate their way safely around," Burnham said.

"There is a wider public interest at stake when it involves harm to other people. We have got to get better at defining where the public interest lies and being clear about it."

I really don't see how Mr. Burnham propose we do this? Almost all ideas seem great on paper, but when it comes to practically don't it, it just isn't possibly or do-able (think back to before the Wright brothers finally invented the plane, before that we had people strapping boards to there arms, take a running start, flapping there arms and jumping off cliffs...sure on paper that might sound like a good idea, I mean, the boards are like wings, and if birds, who have wings, can fly like that, why can't people?) How does Mr. Burnham propose we "shut off" internet website content prior to say 9pm so that children and minors are protected from things like that? I'm sure Mr. Burnham must have some sort of idea written out on how he thinks it can be done, I don't think he'd just propose it without a plan? or could he?..hmmm...

Isn't there already something in place for parents to protect there children (I may be wrong, correct me if I am) for offensive, inappropriate content and websites they do not approve of?
Off the top of my head I can name:

- CyberSitter
- NetNanny
- SafeEyes
- Cyber Patrol

And I do know that there are several other quality programs for parents, With these programs already in existance, do we really need to go with rating systems?

What do you guys think about this?

A browser exclusively for black people?

A new version of Mozilla has appeared, being dubbed "Blackbird". It's a browser that offers features and content meant to appeal to members of the African-American (and possibly the African-Canadian) community.

The company that developed BlackBird - a group called 40A Inc, says that the browser is designed to make it easier to find African American related content on the Internet and to interact with other members of the African American community online by sharing stories, news, comments and videos.

Through the use of embedded tools such as "Black Search", Blackbird attempts to provide users with "the best black content available on the web".

It's a controversial idea, which has already stirred up a growing number of comments and a growing number of discussions all over the web.

My initial reaction was fairly negative. Though I'm not black, I do belong to another ethnically distinct minority group. I shuddered at the idea of someone creating and then distributing a South Asian, or a Muslim browser, so that people like me like me can access the best of "South Asian/Muslim" content on the web.

On the other hand, there are already plenty of web sites out there that do just that, but they typically focus on a specific activity like dating for example. Is an ethnically-targeted browser really any different?

I think so.

Blackbird makes the assumption that the web itself can be filtered according to the tastes and interests of a specific ethnic audience. That's a difficult and possibly dangerous assumption to make. I'm not sure how it's even possible to determine a common set of interests, political views, humor, artistic preferences based on someone's skin color or other ethnically-defining characteristic.

Moreover, users who choose to browse the web using Blackbird are essentially identifying themselves as black to every website they visit. An unintentional but significant lapse of privacy.

Ars Technica has a more in-depth look at the new software and spoke with its creator Ed Young, who addressed criticism that Blackbird is exclusionary:

"We call it an 'identity browser,'" Young explained. "I could make a browser for the lovers of Warcraft. Would that be exclusionary of other people? No, I would just be bringing those people closer to the sites and resources that they are probably interested in."

Young makes a good point - there is a long history in the tech world of hardware and software being customized to reflect its users interests. As Ars points out, Blackbird isn't even the first browser that's been purpose-built to serve the needs of a specific group. A version of the social browser Flock called Gloss is designed just for women.

Now, I haven't personally tried Blackbird, and clearly doing so would not give me a greater appreciation for how well the program achieves its goal - I'm just not part of its intended user base.

But if you are, and have tried Blackbird, please let us know what you think of the experience.

From what i've read online and heard, In terms of pure web-browsing functionality, Blackbird is indistinguishable from the other flavours of Mozilla, specifically Firefox. The most notable differences are:


The inclusion of dedicated set of buttons:


- These first two buttons provide quick access to email accounts and social networks like Facebook or MySpace. The "Share" button lets users who have signed up with Blackbird Networks share web pages with other members, which are then organized by category such as "National News" or "Politics". Think of it like a Digg or StumbleUpon but with a specific demographic of voters. Results can be seen in a tab that appears on the left side of the browser window. The "Video" button opens up a similar tab and gives users access to 15 "channels" of which only 5 are currently populated with content. Videos then play in the main browser window. Finally the "Give Back" button is a shortcut to the site "http://dogood.blackbirdhome.com/" which Blackbird calls the "Do Good Channel". It's home to a collection of community service and causes and provides information on how users can get involved and participate. 40A says that "Blackbird will donate 10% of its 2009 revenue to charitable and educational organizations that are serving the African American community."

- The inclusion of a default "Black Search" option in the search bar. Searches conducted with this option simply take you to a custom Google search, which presumably has been tuned to include only sites that are considered in keeping with the African-American audience it caters to. Trying one of the suggested searches by a commenter on "firsts" yielded results from sites such as bet.com, blackplanet.com, ebonyjet.com and blackvoices.com.

- A pre-populated set of bookmarks called "Highly Recommended"

- A news ticker function which apparently isn't all that customizable - the available only options are "on" and "off"

It turns out there is little difference between Blackbird and any other browser in which someone who has taken the time to bookmark sites that have a specific theme or editorial approach.

Something that does set Blackbird apart from other browsers, is the inclusion of advertising in the bottom of the tabbed areas for video and sharing. Presumably this is what the creators are referring to when they note on the download site:

"Blackbird is free for you because it is supported by advertising and sponsorships. You don't pay to use Blackbird."

Whether the notion of an ethno-centric browser is appealing to you or not, Blackbird is at best a mildly interesting approach to building a community. Savvy web users will be unimpressed by its limited feature set. The most compelling feature - the black search - doesn't require Blackbird at all - you can access it here: http://www.blackbirdhome.com/search5.html using any browser you choose to use.

Until next time....