/ Money

Virus robs online bank accounts – don’t get hit

Hooded hacker looking at a computer screen

Hackers have again punished British bank account holders with a new online sting – a wily little virus that’s stolen thousands of pounds. Time to be even more vigilant.

The notorious ‘Zeus’ virus has struck again, chucking at least £675,000 of our cash into hackers’ pockets. At one unnamed bank, 3,000 victims lost between £1,000 and £3,000 each. Ouch.

And it was all down to a ‘trojan horse’ virus that galloped onto victims’ computers through legitimate websites. And there it lay low until customers logged onto their online bank accounts.

Undetected by traditional security software, the sophisticated virus stole log-in data and transferred cash into dummy accounts. The pesky little virus then covered its tracks by sending customers fake bank statements.

Experts at M86 Security infiltrated the criminals’ Eastern European server and secretly informed the harassed bank two weeks ago – and has now decided to go public. Alas, experts at the security firm say the attacks are still rolling on.

How can I protect my online bank account?

All banks have different security settings and vary in their success at blocking fraudulent attacks. Worryingly, one in four people have been a victim of financial fraud according to previous Which? research, so there’s some words of advice you should take with you when you’re banking online:

  • Access your account from home, not on public computers or unsecured networks.
  • If you experience any problems logging on, telephone your bank – don’t email.
  • Make sure there’s a padlock symbol in your browser before you enter your account details and always log out properly when you’ve finished.
  • If you get ‘phishing’ emails, don’t click – report them to the UK Payments Administration.
  • Notify your bank as soon as you notice suspicious transactions on your statements.
  • When you’re picking passwords try to use a combination of numbers and letters. And with ‘memorable information’, avoid using easily obtainable information, such as your mother’s maiden name. Never store this information with your cards.

As hackers get even more sophisticated, our banks must up their game. But it’s also down to us to stay on our toes and make sure our hard earned cash is safe and snug in our accounts.


I find online banking an easy and convenient way to keep track of my finances, and the sophistication of some viruses is quite frankly terrifying.

Patrick’s tips to protect your online bank account are great, and I’d add another one. Don’t let the fact that this virus bypassed traditional protections put you off installing comprehensive security software and keeping it up to date. Security software manufacturers are constantly tweaking their products to combat new attacks, and for every virus that makes it through, there are countless more that will have the virtual door slammed in their face by a good firewall and antivirus software.

You don’t have to pay the earth either – Which? Computing’s security software recommendations include some completely free options that do the job just as well as more expensive software.

The answer to this problem is simple – don’t bank online !

I’m sorry but that’s such an archaic view in this day and age!

That’s honestly as ridiculous as saying things like:

“…don’t ever cross a road unless you’re on a bridge – otherwise you’ll get knocked over”
“…don’t ever hold a sharp knife – in case you cut yourself”
“…don’t ever fly anywhere in a plane – in case you fall out”

My guess is Mr Steen’s response was one of the polite variety, rather than the one he’d rather say in response to “don’t bank online”!

I think it’s pretty – what’s the word? – shoddy – that we haven’t been told which bank this is! If it’s an ongoing security problem, then those who use the bank need to be told. If not, all that’s being served by not telling us is saving the bank itself from embarrassment.

If I heard that this had happened to my bank, I’d think twice about their security (even if a virus is involved) – so why shouldn’t I know who it is?

Megan Jenkins says:
16 August 2010

Banking online is essential as it saves dealing with call centres……

I bank online and have done for the past 3 years and at present I find it time saving . If you have a lot of payments going out to credit card companies utilities you can see instantly what funds you have available, where as if you receive a weekly statement in the post there is always an overlap. I decided to go online because I found it no good for my blood pressure every time I went in to my local branch to be greeted by one teller and a queue getting longer by the minute. When reaching the teller I was greeted with “sorry to have kept you waiting” to which I felt like replying you should have a free cafe here.

I agree completely with Ben Cross regarding the security issue, but as usual with the banking world everything is a closed shop until they get up the creek, and then pulic money bails them out,

Mick Johnston says:
27 October 2010

I followed a similar topic recently and have followed a particular tactic which I think (dont know) helps combat these hackers. Whenever you enter sensitive information banking or shopping use your virtual keyboard and frustrate the key stroke logging that these cyber thieves appear to rely on. To access the keyboard press start. select programes. select accessories. select accessibility. select on screen keyboard.
I keep the keyboard in play on the bottom toolbar so that it is always available.
I would be interested if a Which site moderator could confirm the merit in this proceedure.