When the phone rang one afternoon in February, Steve – a 39 year-old copywriter from Worcestershire – was mildly irritated to be interrupted by yet another overseas sales call. The distant voice at the other end of the phone line, however, identified itself as calling from the NatWest fraud department. The bank, it reported, had been contacted by the police to say that an attempt had been made to use Steve’s debit card in the United States, at a hotel bar late one evening. Given that the card had never been used before outside England, the transaction had been automatically declined.
This was not the first time that this situation had occurred, so Steve was reasonably unconcerned, instructing the fraud advisor to cancel the debit card immediately and to issue a replacement. Clearly, he suspected, an online retailer’s security had been breached and the card details stolen but, as NatWest had taken prompt action to prevent the fraudulent transaction, there was no risk of further problems.
The following morning, intending to transfer some money from his account to another bank to access while awaiting the replacement debit card, he logged onto NatWest’s online banking. The log-in process was normal, until a new page appeared asking for Steve to insert his debit card into his card reader to authorise changing the account password. As the existing debit card was now cancelled, Steve contacted the bank to ask for advice.
The call was immediately transferred to the fraud team, who confirmed that the password change request was fake. Furthermore, the advisor could see a sizeable charge to the account pending; if Steve had used his debit card in the card reader as requested, the account would have been emptied.
This was a game changer. It indicated that the source of the fraud was not, in fact, a website hacking or even a plausible phishing attack, but something even more concerning; the theft of the debit card information and online banking details directly from Steve’s computer, probably using a key logger – sophisticated and malicious software that records the characters entered on the keyboard and relays this information to a third party elsewhere in the world.
The solution? Updating antivirus and anti-malware software quickly revealed the presence of a number of infections that, once cleaned, made the computer safe to use online. So, if you are in any doubt about the security of your home PC, it is well worth seeking professional advice, so that you have total confidence that your home computing isn’t about to land you in deep financial water.