Malware capable of stealing your banking credentials is being spread via links posted on Facebook pages. The New York Times reports an uptick in malicious links on popular and seemingly harmless Facebook pages such as NFL fan pages. Users clicking on malicious links may end up downloading the Zeus Trojan, a particularly nasty malware that waits until users navigate to Internet banking sites, then records their login information and transmits it to waiting cyber criminals.
Zeus has been suspected in a number of recent high-profile security breaches in Maine and across the country, including the 2009 breach at Patco Construction Company, which was the subject of a precedent-setting decision by the First Circuit Court of Appeals on who bears the loss when such a breach occurs.
Businesses should be aware of this issue because employees may unwittingly download malware onto computers used to access business banking accounts, and because businesses are not afforded the same protections as consumers in the event of cyber fraud.
There are a number of basic measures that employers, businesses and individuals can take to help protect themselves against banking malware:
Review your Internet-security and software-update protocols with your IT professional and make sure your computer software is up to date and that you have updated Internet security software – preferably including anti-virus, spyware and firewall – running on all computers
Have a dedicated computer from which you conduct all your Internet banking, and permit no other use of this computer. Do not allow employees to access company accounts from any other computer
For businesses, consider purchasing cybersecurity insurance. Commercial general liability policies (aka CGL policies) typically do not provide coverage for cyber theft