Banking online? Guard against fraud
By KRISTI ALBERTSON
Secure sites have made the Internet safe for diligent consumers, but scammers are always seeking an edge
The Daily Inter Lake
Amber Hewitt began banking online in January.
She'd always been reluctant to switch to Internet banking, being leery of scams and the possibility of having her identity stolen. But after she tried it, Hewitt became an online-banking convert. She loved the convenience of being able to access her accounts from home and send payments over the Internet.
Hewitt now wishes she'd maintained her initial caution.
After just a few months of checking her accounts and paying bills online, one day while trying to access her account, she was redirected from her bank's Web site to a new page requesting personal information.
Hewitt filled it out, thinking it was just an extra security measure to protect her account. But the page was a fraudulent site, and the person monitoring it had likely recorded every key stroke when she'd entered her sensitive information.
"They've got everything on me, including my mother's maiden name," she said.
About a month ago, she went to her bank's Web site as usual, typing the URL in the address bar at the top of her screen. At the bank's home page, Hewitt entered her name and password, but instead of accessing her account information, she was redirected to a page she'd never seen before.
The new page asked her for more information, claiming the bank wanted to verify that Hewitt was who she claimed to be. It was a little unusual since she'd never had to go through this extra step before, but Hewitt appreciated the bank's concern for her account security.
"I actually felt pretty safe, thinking, 'Yeah, they're going to make sure my account's not going to be hacked into,'" she said. "And it looked so legit, you know?"
The page's format and fonts matched the styles on the bank's home page. The bank's logo was there. The small lock box in the lower right-hand corner indicated that the page was secure.
Hewitt typed in the requested information, including her Social Security number and account number. When she tried to send the information, though, the page went blank.
"I thought it was just our computer acting up," she said. She and her husband had been trying to install wireless Internet and a Web cam, a process that had given them trouble with their computer already. Hewitt figured her inability to access her bank accounts had something to do with the computer's configuration, especially after she had no trouble banking from a computer at work.
The Hewitts hired someone to work on their computer, and about two weeks after she'd been redirected from the bank Web site, she was eager to start banking over the Internet again.
"The guy had just been to the house and worked on the computer, and I thought, 'Yea - I can finally do bill pay,'" she said.
When her husband entered their name and password, though, that same screen popped up, asking for more information. This time, Hewitt was suspicious, so she called the bank and learned she'd been had.
Online fraud and identity theft aren't new hazards. Last year, the cost of fraud in the United States was $56.6 billion, according to information from the Council of Better Business Bureaus and Javelin Strategy and Research. Two years ago, the cost was $53.2 billion.
The amount stolen is rising, but the number of victims is decreasing. In the United States, 8.9 million adults were victims of identity fraud last year, down from 10.1 million in 2003.
Hewitt was relatively lucky; a few of her checks bounced but she suffered no major financial loss. She had her accounts changed almost immediately, and because she notified the bank within 60 days, its time limit for reporting fraud, the bank is making sure she won't lose any money.
Even though Hewitt had bad luck, 90 percent of identity fraud cases happen through traditional off-line channels, not via the Internet.
Online transactions are safer than off-line, especially when a person is using a secure connection, said Arnold Bjork, owner of CrestonTech, a new Web development company in the Flathead Valley.
A secure connection is like working with a set of keys, he explained. The system is set up so the person's computer has one key, and the site it's working with has the other. The data sent between the two are encrypted.
"The key is like the formula for the encryption," Bjork said. "Someone outside that line of communication can never get both keys. Between a legitimate site and a computer, it's virtually impossible to snoop."
The site Hewitt was redirected to from her bank's home page was not a legitimate site. Someone purchased a domain name that was similar to the bank's and designed it to look like the original, right down to the lock box in the corner.
"Anybody can make a Web site with a lock," Bjork said. "You just put an 's' behind the http."
The 's' stands for secure, but that doesn't mean the page is safe. To learn if it is secure, users should click on the lock box. A window will pop up saying it's invalid if the site isn't legitimate, Bjork said.
What's especially frustrating for Hewitt is that she was aware of online fraud and safety issues. She knew not to click on a link if she received an e-mail that appeared to be from her bank requesting more information.
This technique, "phishing," deceives many people each year, even though financial institutions do not request information that way.
"When you actually become a victim trying to access a site that looks secure, that's frustrating," Hewitt said.
Being redirected from a legitimate site to a fraudulent page is rare. When it does happen, it likely means the computer's anti-virus software isn't up to date, and that a virus has infected it.
This is what happened with Hewitt's computer. But even if the virus is removed, she is hesitant to return to paying bills over the Internet.
"I'm scared to do anything on the computer now," she said. "It's definitely changed how I'm doing things."
Reporter Kristi Albertson may be reached at 758-4438 or by e-mail at kalbertson@dailyinterlake.com.