RIP-OFF ALERT: A pop-up window appears requiring additional authentication when you log in to do some online banking. Is it friend or foe? You need to be extra careful — even at your own bank’s website!
Chase warns that criminals have apparently figured out a new way to steal that is really both very clever and diabolical at the same time, and it goes way beyond simple phishing.
This one even impacted my executive producer, Christa. Here’s how it plays out: At some point, some way, Christa and untold millions of other people ended up with a virus on their computers. That virus stays latent until they sign in to do online banking.
When an infected computer logs into Chase.com, a pop-up window appears that seems to be asking for multi-step authentication. It looks like they’re trying to verify who you are by asking for your driver’s license number, Social Security number, date of birth, and even ATM card number.
So you enter the info, click to continue, and then you’re on your bank’s site as normal. Now the crooks have everything they need to take over your account and do an outbound wire transfer, or engage in full blown identity theft, or any combination of the two thereof.
If you go to any financial website and get a suspicious authentication screen, you need to immediately sign out of the website. Do not do any transactions. What you need to do is run a free computer scan like Microsoft Security Essentials or something similar. Make sure your computer is clean. Then go back and sign in.
But do not do any further authentication until you are sure your computer is clean of this malware.
The other question is, what happens if I already gave up my info when confronted with the pop-up window? In that case, contact your bank, credit union, or brokerage directly and make sure your account is safe.
Finally, all businesses should remove the ability for standby online wire transfers. Businesses should only do wire transfers the old way — in a branch by filling out the paperwork.