Saturday 18 January 2014

Bank computer security isn't good enough

The banks aren't going to up their game. It's partly because they don't know how (bank security has been dreadful for a long time) and partly because it wouldn't be profitable for them to do so. If you want to avoid the sort of hassle that Kewfriend has had, you have to take charge of your own security. And that isn't easy.

As soon as malware is installed on your computer, it can log all your keystrokes and other activity, and send it to a server outside the UK. If someone has your details, they can open a Paypal account (or one of several similar services), using your bank account or credit card, and buy things or transfer money to another account.

You know all those "Do you want a job" spams? That's recruiting money mules. The money mule receives the goods or money. If goods, resells it on Ebay. Then they send 80% of the cash via Western Union (or similar) to the criminal, and at that point, the money is safely laundered and cannot be recovered. Someone will be out of pocket.

So you have to stop malware getting installed on your computer. How? 1) Don't click on any attechments in email, even from people you know, because their account might have been taken over. 2) Don't visit any web sites; even kosher ones show adverts and one of those adverts (coming from another server, not run by the kosher site) can deliver malware. 3) Don't install any software, even from kosher sites, see Kewfriend's experience. But is this practical advice? No.

 So here's what I tell people. Get another computer. £100 will buy you a used laptop on Ebay. It doesn't matter what's on it, because you're going to install Linux from a CD or DVD, thus wiping out all previous stuff on it. Then you use that laptop for anything financial or purchasing, and for nothing else. The combination of A) Linux and B) not using it for most purposes gives you good (although it's never perfect) security.

 It doesn't matter if you don't know Linux. Installing it is easy, the only question you need to answer is, what language do you speak. The rest is automatic. All you're going to be using is the graphical user interface (which is very similar to what you're already used to) and the browser (which is the same as you're used to).

 I'd also suggest using Firefox as your browser, and using Noscript and Adblock Plus. Noscript stops any Javascript from running; Javascript gives remote computers the capability of running programs on your computer, so you would only allow that for sites that you really trust, such as Amazon, Paypal, your bank. Adblock Plus block adverts, which is nice just for that, but even better for security as it stops the attacks via ad servers.


  1. I and many other people received spam malware to addresses which had solely been used for Santander internet banking. Santander reaction: we take our customers' security very seriously and do not disclose their details to other parties. Yeah yeah. Maybe not knowingly.

  2. Or just get a raspberry pi and use that for money stuff