But I am Protected?
 

A problem probably on both sides of the pond. From the BBC of 25 Mar 2007: What happens if someone gets access to your brokerage account and pilfers it? You are 100% responsible for the losses. Brokerage need not reimburse you for any of $hundreds of thousand in losses. That is the law.

Where are best places to phish for such account passwords? Libraries, hotel computers, etc. Simply put spywear (keystroke recorders) on those computers and wait for a nibble. Keystrokes are recorded, sent overseas, and you brokerage accounts are suddenly empty. Libraries, hotels, and other public computer locations routinely make little effort to clean their machines.

Worse are the so many who automatically assume they are protected.

But tw, what idiot would use a public PC to do their broking or Internet Banking, or Net purchasing? What you say is correct, but that is assuming someone would use a Net café, or one of those pcs set up in shopping malls. Surely no Cellar dweller would be that stupid. :right:

He' preaching to his lurking minions, Dave.;)

True, but what would happen if you didn't have enough money to buy your own computer?

Most financial institutions are implementing stronger security that will ask annoying key questions if they sense you are at a public terminal or not at your usual IP address range.

This is new. Annoying too.

lol...then perhaps internet broking is not their forte! :)

"Never underestimate the power of human stupidity." - Robert Heinlein.

You do so at your peril.

Symantec reportsThis blew my mind. I can get your (or somebody's, maybe not "yours") credit card information for a couple of bucks. An "identity" is less than $20.
...

It doesn't even have to be your "fault". If your data is out there, it's at risk.

AND virtual keyboards to confound keyloggers. i can take a little annoyance, i think

And there are many who just haven't a clue. My MIL has starting using internet banking. It's scary. She wouldn't recognize a phishing email if it stank like a kipper. She would trust anyone who offered to help her. We're sending her to internet security bootcamp when she comes over in a few weeks. it's going to be like teaching the children about stranger danger. I sent my dad some sensitive information by email (coded and split into two), he reassured me that he had got the information and "destroyed the emails" :rolleyes:

12% is a pretty small figure when you think about it. It's like when mass production cars became available and people learned to drive from the manual.

what's her email addy again? i seem to have misplaced it

Speaking of data breaches ... anyone recall the TJ Maxx incident of '06 (someone hacked TJ Maxx's computers just past Christmas and mined all the credit card information)?

I don't know what the other carriers are doing, but Citibank just replaced the cards of every single one of their cardholders that ever made a purchase from TJ Maxx.

Sure. Riiiight.

Here's my take on your observations.

I find the phrase "Virtual keyboard" positively gravid with the potential for the worst kind of abuse, that being a false sense of security. I *think* I can imagine something like you're talking about, that does confound keyloggers, but I can easily think of several ways to call it the same thing that does nothing of the sort.

The sad reality is that convenient and secure practically never live in the same box. They are in inverse proportion to each other. And in those rare scenarios where both values are high, they got that way by adding a lot of money. Convenient, secure, inexpensive. Pick any two, but only two.

What most users find is that something that is annoying will not be used. And the bad guys know this too. Your threshold for annoyance is different than other people's threshold, but it is a difference of degree only. And you have your limit too, as I do, as we all do. Heck, even the lady at the bank told me that she deals with this new level of complexity by answering all the questions, regardless of the question, with the same answer. That's her solution to this security annoyance.

If it sucks to use it, it will not be used. I guaran-damn-tee it.

dude, don't get all bent...it's just for the final password.....after they ask you a question, display your keymark picture with your keymark phrase, which comes after you enter your account number. now take a deep breath

Same people who also use the same password for everything.

I created a form so that each can enter (either via Word or using a pen) unique passwords for each web site (along with lock combinations, vehicle key number, etc). Not one uses it.

Meanwhile, public computers are used frequently for anything. Even if not accessing financial records, that common password is obtained.

I know that some people do, but I have two Net banking accounts (two banks), and each one has a unique id (one bank actually has two), that have nothing to do with my name. These ids must be entered along with the password. One of the banks uses a virtual keyboard for the password. So knowing the password alone, is not enough.

But I agree with you that some people are stupid enough to use the same password for everything. I try to mix mine up, and as far as I recall I do not duplicate a password.

Access Manager is a safe and secure *free* program that I use to store my personal information. It is a Windows program and requires the dot Net framework to be preinstalled, so I know that it will not be usable by everyone here, but many should be able to.

It's true in my case - I use the same password for virtually everything because I don't want to come back to something a year later and not be able to remember it. And then the username is taken, but I can't get the password sent to my email because that has changed, blahblahblah.

Although I have to point out, the worst someone can do with my details is impersonate me on a forum, get promotional cinema tickets or check train times. Not having a credit/ debit card means I look over my shoulder a lot less. I no longer have an internet banking account (when I did in the 90s the password was my first boyfriend's road name - no connection now!) and I was only ever asked two letters from it, as well as another security question.

The only place someone could do vindictive harm now is my ebay account - which has a separate password.

That sucks, my wife shops there. :worried:

I bought a djembe there, hand-carved in Ghana, with a genuine goatskin head. They were selling it as home decor.

Speaking of Phishing
 

I just got this today. It's been tagged with a phishing label and includes a message from Panda with what looks like Polish. Thunderbird thinks it might be a scam.:rolleyes:

Another lovely social engineering attack spotted recently, described here:
There are weak links in the computer's applications, and hardware and also in the users. I'm not pointing fingers, at least I'm not excluding anyone, especially myself. Let's just all be safely paranoid out there, m'kay?

Some companies are changing the way login occurs. For example, login name and password are not on the same page. Others are using graphic login selections. Some are now using internactive questioning for login.

Meanwhile, Kevin Mitnick of the famous book "Takedown" is no[w] doing commercials for an online ID security company. Suddenly the simple password - security from the 1960s - is starting to be replaced by other methods.

Meanwhile the same pathetic companies with completely unacceptable computer voting machines (ie Diebold, Sequoia Voting Systems, ES&S, etc ) have announced nothing.

Did you mean, now doing commercials?