(Press Release) The financial and banking industries are on high alert Friday as a massive cyberattack continues, with potentially millions of customers of Bank of America, PNC and Wells Fargo finding themselves blocked from banking online.
"There is an elevated level of threat," said Doug Johnson, a vice president and senior adviser of the American Bankers Association. "The threat level is now high."
"This is twice as large as any flood we have ever seen," said Dick Clarke, an ABC News consultant and former cybersecurity czar.
Sources told ABC News that the so-called denial of service attacks had been caused by hackers from the Middle East who had secretly transmitted signals commandeering thousands of computers worldwide.
Those computers -- or "zombies" -- were then used to overwhelm bank websites with a barrage of electronic traffic.
Different banks have been targeted on different days.
This comes just a day after a local BBB employee was the victim of a fraudulent phone call claiming to be from Wells Fargo Bank. The caller attempts to retrieve your account information on the grounds that her account had been compromised.
This is an automated message supposedly from Wells Fargo. When the victim called back, the automated response picked up her name from Caller ID and asked for personal information.
The victim was well versed in fraud and scams and knew the call was obviously fraudulent as banks will not use an automated call to retrieve personal information.
Be aware that if you choose to bank via phone or online, BBB serving Central California recommends the following guidelines to help protect the computers used to access bank accounts online:
1. Initiate a "dual control" payment process with your bank and employees. Ensure that all payments are initiated from your bank accounts only after the authorization of two employees. One employee will authorize the creation of the payment file and a second employee will be responsible for authorizing the release of the file. This process should be in place regardless of the type of payment being initiated-including checks, wire transfers, fund transfers, payroll files, ACH (Automated Clearing House) payments, etc.
2. Have dedicated workstations. If possible, restrict the use of certain workstations and laptops to be utilized solely for online banking and payments. For example, a workstation or laptop used for online banking should not be used for web browsing or social networking.
3. Use robust authentication methods and vendors. Make sure your financial service providers allow for "multi-factor authentication." This means that you need more than just a username and password to access your account.
4. Update virus protection and security software. Ensure that all anti-spyware, anti-malware, and security software and mechanisms are robust and up-to-date for all computer workstations and laptops used for online banking and payments. Also, implement a process to periodically confirm they remain up-to-date. Security patches are often available via automatic updates.
5. Reconcile accounts daily. Monitor and reconcile accounts daily against expected credits and withdrawals. If you see any kind of unexpected activity on your account, notify your financial institution immediately.
For more tips you can trust, visit cencal.bbb.org or call 800-675-8118