General discussion

  • Creator
  • #2288464

    This guy should be stoned… (with rocks)


    by mrafrohead ·

    Alright, well you’ve all heard what I think about stupid users getting themselves infected and then expecting someone else to clean it…

    So here’s a PRIME example:

    Basically, this schmuck got himself infected with a trojan and now his bank account had 90K pulled out of it… The feds think it was due to the trojan, so now this assclown is suing his bank for the lost funds, because he was too lazy and incompetent to run his own AV scans…


    Just thought I’d throw this out there in case anyone else wants to sit back and sip a glass of lemonade while laughing at this jerks problems.

    I hope BoA countersues him and takes him for the rest of what he’s worth.


All Comments

  • Author
    • #3337093

      Wonder if he

      by tony hopkinson ·

      In reply to This guy should be stoned… (with rocks)

      went into worth a try mode, or his now famous lawyer convinced him it was doable.

      I think it would be in BoA interests to get him the 70k back out of Riga. The twenty he can swallow for not spending some money on a virus checker.

      If it was a known threat then he had the chance of knowing about it.

      The bank did not supply anything he used to connect to the service.
      If he didn’t know that ebanking is always a risk then he ought to pull his head out of his ass on a more regular basis.

      I do hope they weren’t stupid enough to tell him he was perfectly safe though, cause that just ain’t the case.

      His and their lawyers will be in the bar downstairs for the whole case, shaking their heads as much as us.

      • #3337040


        by jaqui ·

        In reply to Wonder if he

        at the same table buying rounds for each other

        • #3336333


          by laserbrian ·

          In reply to probably

          If this guy had 90K in the bank, how could he be so dumb? He was smart enought to buy a computer, get online, but didn’t realize he needed antivirus protection?

          Although… I have a lot of friend that have ’98 computers with virus definitions from ’99. They don’t understand why there computer isn’t working anymore (with the original install).

          Why would the bank allow a transfer of 90K by Internet without at least a transation delay or transaction limit?

          Most people use very week passwords anyway…

        • #3336232
          Avatar photo

          Well it all depends on

          by hal 9000 ·

          In reply to Smart?

          Just how much he normally transferrers at a time. 90K may sound like a lot but I have several clients who that would be small change to and wouldn’t even cover the deposit on a bit of plant.

          It also depends on how it was sent out as well if it was a few transactions that started out small and got bigger with each transaction this could just be normal business. It all boils down to information we just do not have and are unlikely to see either as if that was made public it would only make it easier for others to jump on the bandwagon. But what worries me is that this appears to be one of a kind with no other reports of this Trojan doing the same thing to others so I’m wondering just how genuine it actually is.

          Col ]:)

        • #3335961

          Kick Him While He’s down

          by elcamin0 ·

          In reply to Well it all depends on

          That seems to be the mentality of the “non-victims” An air of superiority and immunity comes across from those who are ever so quick to accuse of lack of computer security maintenance. Each of you are subject to the intro of a Trojan, it all depends on update timing and scanning and a bit of luck. The so called “skilled” will have a hard time admitting that one!

        • #3335931

          Trojan not inevitable

          by dr dij ·

          In reply to Kick Him While He’s down

          I’m never going to get one from scanning on my broadband as I have a cable router between PCs and net. I could get one surfing. I had to leave on activex (but with prompting) as too many things not run without. So I’m pretty unlikely to get one surfing, and if I was going to go online to bank, I’d probably run free online scan (e.g. ) first. Except for IM which I don’t use and freeware (with adware built in) there’s not much left as souce to infect me. I run scans periodically in case some site uses loopholes in browser to install without my knowledge. Could I have a trojan still? yes. My point tho is it’s pretty unlikely and unlike the fellow in the article I do something to prevent it so I feel pretty confident for online banking.
          I also check my transactions to be sure they are ones I did. Problems would be more likely to come from someone stealing my CC# at a restaurant or store.

        • #3329731

          This is techtarget’s take on this

          by dr dij ·

          In reply to Trojan not inevitable

          Is a customer responsible for failing to
          secure his computer system, or is the bank responsible for accepting
          fraudulent ID, in the same way they would for cashing a check with a
          fake driver’s license?

          Be sure to check out our exclusive online feature by a bank insider:


        • #3347006

          the “reasonable” test

          by moira ·

          In reply to Trojan not inevitable

          I would probably have to conclude after reading a lot about this that the guy has to accept responsibility because he didn’t take all reasonable risks to prevent his PC becoming compromised.

          However I don’t think that can be taken to mean banks will always be absolved from responsibility. As someone pointed out, even the most l33t can pick up a trojan and the blame should ultimately be put on the person carrying out the exploit. Sadly they’re not often traceable.

          Ultimately, banks will have to pick up the tab for something like this, because (like car insurance) the individual can’t afford to, so their costs will just be reclaimed in extra charges levied on all of us.

        • #3335894

          Iam with you

          by boardswapper ·

          In reply to Kick Him While He’s down

          That’s why I dont read these things much. There is alway a load of the smartest men(or women)in the world full of arrogant remarks because this happens to be their area of expertise. It says alot about what kind of people they are and how much their opinion really matters.

        • #3348646

          Sure, kick ’em all

          by go_browns_01 ·

          In reply to Kick Him While He’s down

          But when one of these “non-victims” loses their bank card, has their wallet stolen or lost, has their trash picked through and gets ripped off royally, well, we’ll have a hearty laugh, no?

          ‘Cause it will happen, and I’m already laughing.

        • #3348591
          Avatar photo

          Not Kick Him While He’s Down

          by hal 9000 ·

          In reply to Kick Him While He’s down

          But kick him for being stupid with others money and data!

          Remember it was a company involved here and what others do not want to even consider is the fact that just one instance has been reported and what about his customer lists, address book and any other sensitive company data that might be on that computer?

          Col ]:)

        • #3325756

          Bank hacked Sumitomo 400 million

          by dr dij ·

          In reply to Kick Him While He’s down

          while they were stopped, it appears they had passwords and info to transfer 400 million+ out of bank. the article states not sure what kind of keyloggers but that hardware keyloggers (fits into keyboard plug, very tiny) could be installed by a janitor and removed in a few days.


        • #3348627

          LImits & authorization

          by chameleon186 ·

          In reply to Smart?

          I ask the same a transfer of 90K seems like a awful large amount their should have been limits unless authorized with local banker. An if their was a limit and mulitple transaction occured the bank should have had something in place delaying transactions past a certain amount in a given day untill a human verification could take place. Something just doesn’t seem to add up with this story……………..

        • #3348604

          One would think

          by buschman_007 ·

          In reply to LImits & authorization

          I’m wondering why BoA would allow such a large amount to flow into a bank where they had no ability to get it back? I since some policy change in the way BoA does their transfers. I mean if that amount of money was sent somewhere in the US or to a state/country where the US citizen had legal recourse, then I would say the bank can grant those transfers with a little more confidense.

          But to send such a large amount to an area where it is basically unretreivable, seems unwise.


        • #3348606

          Not even Antivirus but…

          by buschman_007 ·

          In reply to Smart?

          We don’t know if he did or did not have anti-virus. But we can clearly see this seasoned business owner didn’t have any insurance.

          You know after I thought about this guys business for a second I became far less sympathetic to his situation. Out of the 1000 or so toner companies I have been contacted by in the past year, I’d say maybe 10 were legitimate companies that were selling good product. The rest were slick ass used car salesmen.

          The ink toner cartridge market is overflowing with seedy individuals. I’m guessing honor amongst theives does not apply between hackers and conmen. 😛


        • #3349322

          Simple protection for PCs

          by david_heath ·

          In reply to Not even Antivirus but…

          I recently wrote an article that addresses pretty-much exactly the issues that lead to this guy’s problems.

          Maybe it is his fault for not bothering to understand how his tools work, maybe it’s the bank’s fault for just being a bank (hey, they have lots of money, it MUST be their fault!).

          Anyway, I’ve written some simple guidelines aimed at home users and the technically-aware people who help them out.

          You can find the article here…

        • #3349321

          one extra thing…

          by david_heath ·

          In reply to Simple protection for PCs

          I forgot to add to the previous post that the editor changed the title of the article to the very insipid ‘Safe Surf.’

          It was originally entitled “Do you want the Russian Mafia to know your Credit Card Number?”

        • #3336270

          I just don’t get it

          by jriding ·

          In reply to probably

          At first (a couple of years ago) I felt that most users were not really at fault for not having spyware protectors and antivirus. But as time has continued to march on and how mainstream virus and spyware information is, I am putting more and more blame on the user.
          People will say but I don’t know how a computer works. etc… for an excuse.
          Well lets put this into perspective.
          I don’t know how a car’s engine works.. But I know I have to get the oil changed or it stops working. I also know I need to get tires and gas, or it stops working. Can lead to a blow out which would cause an accident.
          So if I don’t change my oil and my tires blow out and I have an accident and my engine dies. Should I be able to sue because I don’t understand how a car works? Don’t think so.
          Even sp2 now tells you when your virus scan is out of date or when your patches are not up to date. (just like the change oil light or gas light)
          So when do people start having to take responsibility for their actions or non-actions?

          Just my 2c

        • #3336096

          Privacy Policy & ToU??

          by lymon1 ·

          In reply to I just don’t get it

          He probably did not read the EULA or ToA that probably states that BoA is not responsible for E transactions gone wrong. If this is not stated in the EULA/ToA fine print then BoA may not be protected from the wolves. But I agree that anyone who boots-up a computer w/o any kind of protection(which alot is free)is asking for trouble. I read 15 to 20 seconds on the WWW with no protection your infected. So, everyone SHOULD update, upgrade, and use the protection. This will be a FED case, so either way it goes if the government gets involved, because banks are federally protected, the taxpayer will lose a little for the FDIC lawyers.

        • #3348650

          THANK YOU…I AGREE!

          by tomsal ·

          In reply to Privacy Policy & ToU??

          This is a large thread so I didn’t read each post separately, but yours is the first to spell it out.

          I online bank and what the “anti-BOA” supporters in this thread are forgetting when you sign on to use Internet Banking there is “Terms of Use” kind of agreement and it defines what the risks/responsibilities are. Further more you HAVE to accept the terms to create your account. Now I’m going to point out I’m doing something bad — that is I’m ASSUMING BOA has a brain to follow the majority of the banking industry. I’ve never been a BoA customer. However at two different banks I had online banking and BOTH had such an agreement that needed to be accepted before my account was created.

          Soooo…let’s look at this …

          1) The guy is lazy and/or doesn’t have clueone about the dangers of the “cyberworld” so to speak so does he seek advice (at best from a computer consultant or the bank itself, at worse in today’s day and age you are hard pressed to find someone who doesn’t know at least one person who is “into computers” as they say).

          2) With etremely high probability BoA has an agreement that must be read/accepted when new customers sign on for Internet banking transactions.

          3) The BoA is aware of the patterns of the particular account in question, thus less chance they view the 90k transfer as “out of character” for that particular account.

          4) BoA uses SSL to secure the connection of the transfer, they secure their own on-site systems/server infrastructer. They have IT personnel monitor their systems, perform maintenance, configure firewall policies, virus scanning, spyware scanning, etc.

          BUT….because our American society has formed into a bunch of whiney, sue-happy, blame everyone else, ignorance is my excuse complainers….nothing matters…the guy is innocent, the big bad corporate institution (BoA) is at fault.


        • #3348641

          Some answers

          by red_wolf9 ·

          In reply to THANK YOU…I AGREE!

          Here are some answers to the questions you pose:


          4) Yes BoA uses SSL

        • #3348652

          You make an EXCELLENT point!

          by afoshee ·

          In reply to I just don’t get it

          In this day-and-age of $12-million for a spilled cup of hot coffee, headlines blaring warnings of every kind about computers, when (if ever) will our society start making individuals take responsibility for their own actions?

          Of course your analogy with the car IS very apt. Unfortunately I know more folks who take very poor care of their cars than those who take GOOD care of them – and we spend a LOT more money buying a car than we do on computers!

          Otherwise intelligent folk are just as susceptible as idiots to the “it only happens to other people” mentality. The problem is that so few are willing to accept responsibility when something bad happens.

          Oh well, job security…

        • #3349233

          Car Analogy

          by justinf ·

          In reply to You make an EXCELLENT point!

          I agree that he should have had up to date antivirus software and the latest security patches etc but still feel sorry for him although it isn’t the bank’s responsibility for the theft.
          However, the car analogy only goes so far; when you buy a new car it already has everything you need to drive it and it comes with an owner’s manual telling you when and what to have serviced for the period of the warranty, which is 5 years for most cars. A new PC comes with no instructions, you need to get additional items so you can use it safely and the warranty usually only covers hardware for 12 months.

        • #3349173
          Avatar photo

          While true for “Home” PC’s

          by hal 9000 ·

          In reply to Car Analogy

          Business units are completely different. Of course if you work in a big business the IT department may not pass these on but they already have the safeguards put in place.

          Actually if you want to take the Car Analogy further Volvo has just completed a car designed by getting the input from women and it has no bonnet so you have no access to the engine, transmission, radiator, battery or anything else under the hood. They also wanted to do away with the fuel filler but couldn’t figure out a way to keep it running.

          Of course the owners manual when it eventually becomes available will only have one page in it which will tell how to put in fuel and if anything else goes wrong ring up the local service section for Volvo. The rest of the first page and the other side will be directions on how to drive it.

          Col ]:)

        • #3348626

          Hear, Hear!!

          by danag429 ·

          In reply to I just don’t get it

          A computer is not a toaster, it’s more llike a car. I have been ranting on this to anyone who will listen, but the hypnotized sheep just look at the commercials and think they can get a machine that requires no attention.

          This is exactly my argument, you don’t have to know how an internal combustion engine works to know you need to change the oil, you don’t have to know physics to know you need to check your tire pressure.

          I think this clown should be put in jail for wasting the public’s time and money. Yes, he got ripped off, but it was his own stupidity that let it happen.

          The problem today is nobody wants to take responsability for anything, it’s always someone else’s fault. Well, I have to say that if you screw up you’ve nobody but yourself to blame.

        • #3348890

          Maybe, Maybe not…. Questions and more Questions

          by tim ·

          In reply to I just don’t get it

          The only problem with the analogy is if the person was driving the car and someone shot out the tires on the car and they got in an accident would it be the drivers fault? I know the guy should have had some kind of protection on his computer, but if this happens because of someone elses malicous intent, should the computer user be held responsible and on the same side should the bank be held responsible. All I know is if the bank were robbed by someone they would be covered for the money, shouldn’t this be the same if it actually happened from a trojan? questions and more questions.

        • #3349527

          From a robbery, only the insured accounts …

          by kaceyr ·

          In reply to Maybe, Maybe not…. Questions and more Questions

          … would be covered, and only up to the amount of coverage. There are many accounts that banks have that are only covered for a percentage of their total. Also, anything stolen from safe deposit boxes is not covered, as (most) banks do not insure their safe deposit boxes.

          What you’re implying is that banks should carry some sort of fraud insurance. I don’t even want to imagine how much that would cost (a cost that would certainly be transferred to the bank patrons).

        • #3347690


          by roywads ·

          In reply to From a robbery, only the insured accounts …

          Aren’t all depositors at a bank insured by the FDIC up to $100,000? That is what I understood the the logo on the door and advertisements for banks stood for.

        • #3347689


          by oz_media ·

          In reply to Insured?

          If the bank is breached. Online money transfers where YOU are jeopardized, no coverage.

          This guy ‘could’ have PURPOSELY transferred the money himself and just played the game.

        • #3332614

          Read the fine print

          by kaceyr ·

          In reply to Insured?

          Not all accounts are covered. Certainly the most common ones (standard savings, standard checking) are covered, and several types of corporate accounts are covered.

          The term “depositor” refers to a depositing entity, not an account. So let’s say that you have 2 savings accounts and 1 checking account at your bank, each with a balance of $90K. Let’s say the money is stolen and can’t be recovered. The FDIC will have the first $100K or your money covered, AND THAT’S IT! You’re out $170K!

          In addition, FSLIC and FDIC do not, and have never, insured anything contained in safe deposit boxes. This is because the very nature of safe deposit boxes is so that no one but the person who rents the box knows the contents. No insurance company will give you blanket coverage for unknown articles.

        • #3348632

          deeper problem

          by careyuselman ·

          In reply to probably

          BoA really pushes their on-line banking.
          The rep even points out how secure it is and
          “even has the little s after http, that’s
          secure”. So the point is How computer (il)literate
          do you need to be to have an on-line bank account.
          There are plenty of folks that only e-mail and
          know nothing of software. Should BoA be required to post some minimum computer standard for users of on-line bank accounts? Why should they expect someone to be a computer major to use a service that basically is to their best interest?
          Just a Thought and join U.P.

      • #3337037
        Avatar photo

        Well this is something new

        by hal 9000 ·

        In reply to Wonder if he

        After all this profession used to be called “Ambulance Chasers” now they have something different to play with.

        More money for them and I’m betting that his lawyer is telling him that he did nothing wrong!

        Col ]:)

        • #3337023

          Another set of adverts

          by tony hopkinson ·

          In reply to Well this is something new

          Could your online banking service have been hacked.
          Call VirusChasersAreUs for a free no win no fee consultation.
          This guy’s getting shafted by so many people, he might as well go into porn/prostitution and get paid for it.

        • #3336253

          Reply To: This guy should be stoned… (with rocks)

          by lcashion ·

          In reply to Well this is something new

          his lawyer is telling him that he did nothing wrong

          That’s just it. He did nothing.

      • #3336583

        Maybe he faked it

        by dr dij ·

        In reply to Wonder if he

        Maybe he worked with an accomplice to take the money out so they could sue BofA. Could someone really be that stupid?

        • #3336541

          Reply To: This guy should be stoned… (with rocks)

          by mrafrohead ·

          In reply to Maybe he faked it

          “Could someone really be that stupid?”

          Well he is suing someone that isn’t responsible for his own problems. He should be suing himself… Or the hacker… Or the Latvian bank…

        • #3338081
          Avatar photo

          Quite right BUT

          by hal 9000 ·

          In reply to Reply To: This guy should be stoned… (with rocks)

          The BoA is an easier target isn’t it?

          Col ]:)

        • #3336387

          Who’s responsible…

          by sean® ·

          In reply to Quite right BUT

          …for his problem? I’m not big on speculative suing, but people are quick to knock the guy as lawyers make such an easy target.

          If the bank was somehow responsible (unlikely) it should pay him the money back. If he was caught in a phising attack which used the bank’s name, it isn’t responsible, but it is arguable that the bank should have warned customers about this threat.

          In the absence of the above then it appears to be his fault, but…

          We all know that people go into a shop and buy a home computer without being told about security, so why are we surprised when people get caught.

          It’s easy to knock the guy, but we do this for a living. We all get frustrated with users not knowing what we think is bleeding obvious, why should we consider this guy as other then an inexperienced user.

          I hope that if the bank is not responsible (he could argue, for example, that the bank should have noticed suspicious transactions – my bank and credit card companies have monitoring s/ware) that the case gets thrown out.

          Perhaps he should check his home insurance.

          Better still, box suppliers and software houses should take more responsibility for educating home users about security.

        • #3336380

          I see your point, but……

          by m_pact ·

          In reply to Who’s responsible…

          Too many people out there have no sense of responsibility. When he bought his pc (In my opinion) he assumed responsibility for it. This ranks up there with buying hot coffee, driving off, then spilling it on you and holding McDonalds responsible. Ford or GMC doesnt get sued when someone doesnt put oil in their car. This particular person was running his computer “without oil”(Anti-virus), and now complaining that something bad happened.

        • #3336347

          McDonalds Sue

          by xmlmagician ·

          In reply to I see your point, but……

          For your information someone got burnt by his McDonalds coffee and he sued McD. McD lost a stupid amount of money for not having a written warning that the coffee is hot. I live in UK and this kind of lawsuits not happening. Although at your side of the pond you can sue for anything and everything. There is a website with this kind of successful claims. I wont be surprised if he won his case

        • #3336327


          by ravenhawk ·

          In reply to I see your point, but……

          I have to agree. Everyone has made stupid mistakes in their life. It’s human. We are failable. But that still doesn’t give us the right to shout at the world ‘something bad happened to me, compensate me!’. Life isn’t fair, and if you don’t watch out for youself, bad things can happen to you.
          You don’t protect your system and are attacked, that’s life. It’s not fair, it sucks.
          You probably own a car. Did the dealer warn you that you can get into an accident while driving? I’m guessing not. If you get into a car accident (that isn’t your fault) two years later while driving that car do you have a right to sue the car dealership? Of course not.
          The bank made a service available to the user. It’s up to the user to protect themselves properly before using that service, just like it’s up to a driver to make sure the car is properly serviced (oil, wheel alignment, etc…) before getting behind the wheel. Nowadays, you don’t need to be a power user, or in IT to know that there are dangers out there. I’m not a mechanic, but I know my car needs attention ever so often. And should it break down due to negligence, it’s not the dealership’s fault.

        • #3336272

          Reply To: This guy should be stoned… (with rocks)

          by tonythetiger ·

          In reply to I see your point, but……

          The guy is not entirely responsible though. He is a crime victim. If I leave my keys in my car, it is still illegal for someone to steal it. The police should be involved, if they aren’t already.

        • #3336195


          by hkacz ·

          In reply to I see your point, but……

          (Just my opinion)The truth of the matter is McD’s paid over 4 million to a woman for spilling the hot coffee (I could not believe it either). Non-technical users don’t totally understand the brains behind the power of computers, especially when systems are being compromised through new techniques daily. The banks should have some type of protection for online users as well as any other company that uses the Internet for transactions. Nobody knows how everythng totally works that they own, nor should they. There is NOT enouogh education to end users, but that is life. There is no real education on how to be a parent! Sue Microsoft the poor products that they put out. If they were a car manufacturer they would have been out of business in a month.

        • #3336035


          by jtakiwi ·

          In reply to I see your point, but……

          Interesting thing about the now famous Mcdonalds hot coffe lawsuit that never made the popular press. McDonalds actually had multiple incidents relating to people spilling hot coffee on themselves (you ever had Mcd’s coffee? It’s like lava) Anyway, it was recommended to McD’s that they LOWER the temp of their coffee because it is too hot and can cause burns. McD’s uses such hot water to brew their coffee (I believe 180 vs 160 which is around the norm.) because they can use CHEAPER coffee and use the hotter water to extract more flavor from lower grade beans. The reason that lady got such a large fee was that there was a pattern of this type of injury, McD’s knew about it and chose to continue as before. They actually lowered the original verdict as it was much higher than what was actually awarded as I recall.

        • #3348681

          Ummmmm – you obviously don’t know …

          by ewriggs9 ·

          In reply to I see your point, but……

          all the facts about the McDonald’s coffee case. You might want to check it out. It was a “good” case, and McD should have been dinged a heck of a lot more than they were. See:

          About this case, however, I generally believe in “caveat emptor” – and the guy who lost out on his banking needs his head (and computer) examined! A lot of people are just clueless – maybe this will wake up a lot of people. Wonder if it was really the Trojan or if he got hacked some other way?

        • #3336324

          Reply To: This guy should be stoned… (with rocks)

          by techjock ·

          In reply to Who’s responsible…

          If this was a case of a simple home user, I would have more sympathy. But this guy was running a business. One of his initial business expenses should have been a consult with a computer expert since he was using the computers to initiate wire transfers.

          But then, like most computer users, he most likely thought that meant getting a young relative to plug it in for him.

        • #3336267


          by jriding ·

          In reply to Who’s responsible…

          At first (a couple of years ago) I felt that most users were not really at fault for not having spyware protectors and antivirus. But as time has continued to march on and how mainstream virus and spyware information is, I am putting more and more blame on the user.
          People will say but I don’t know how a computer works. etc… for an excuse.
          Well lets put this into perspective.
          I don’t know how a car’s engine works.. But I know I have to get the oil changed or it stops working. I also know I need to get tires and gas, or it stops working. Can lead to a blow out which would cause an accident.
          So if I don’t change my oil and my tires blow out and I have an accident and my engine dies. Should I be able to sue because I don’t understand how a car works? Don’t think so.
          Even sp2 now tells you when your virus scan is out of date or when your patches are not up to date. (just like the change oil light or gas light)
          So when do people start having to take responsibility for their actions or non-actions?

          Just my 2c

        • #3336250

          Reply To: This guy should be stoned… (with rocks)

          by tonythetiger ·

          In reply to responsibilty

          The analogy with a car, or anything else, just doesn’t cut it. You can see when your tires are worn, or if it’s running a little rough.

        • #3336243

          BofA Phishing

          by threetoefrog ·

          In reply to Who’s responsible…

          As a customer of BofA I have received several notices from them regarding on-going phishing frauds. These notices were by email, hardcopy in monthly statements, and on the e-banking homepage.

          So his claim that he wasn’t notified holds little or no credence. Moreover, when setting up the on-line account the user acknowledges the risks by clicking on the EULA. (Shows how many users really read these things.)

          On our corporate account, we have stop limits on all outbound transactions and a list of routine payees, anything exceeding those limits reguires a verbal approval from one of our officers.

          A delay or secondary release is helpful, but it slows down the transaction process. Maybe requiring the customer to validate the transaction at a branch office or forcing a secuirty certificate for clients performing transactions over $10k.

          Whatever security protocol is used must be pushed from the bank side.

          The other aspect I don’t understand is how this transaction occurred without any reporting. Typically all transactions over $10k flowing out of or into the country must be reported to Federal Government.

          In the end, I think BofA will cave and refund his money, but will require a non-disclosure.

        • #3336213

          Reply To: This guy should be stoned… (with rocks)

          by tonythetiger ·

          In reply to BofA Phishing

          I’m not sure how binding the contract is. If one party genuinly does not understand parts of it, it could concievavly be voided on the “Competent Parties” principle (or perhaps the “Meeting of the Minds” principle).

          In any case, I think the bank owes him at least as much consideration as it extends to its credit card customers, which limits the customer to $50 liability for fraudulent use.

        • #3336228
          Avatar photo

          But this guy was not a home user

          by hal 9000 ·

          In reply to Who’s responsible…

          He is a business person who runs a business selling re inks and toner refills. He claims to have a professional staff and be a professional company. 😀

          If you have a look at his Web page it is full of broken links poorly laid out and just plain bad. Their so called professional attitude would be called into question just by their web page alone without even considering the fact that he is the owner/manager of a business and doesn’t even have the very basics installed on his computer. If his bank account details got taken what else was exposed to theft as well?

          Col ]:)

        • #3335921

          The Electronic Fund Transfer Act

          by 6f9g3x802 ·

          In reply to Who’s responsible…

          I’m no lawyer but here is a copy of the EFTA. It does say “ATM card, debit card or other device (not including credit cards) used in handling an electronic deposit, payment or withdrawal”.Note it says other device. So wouldn’t this law apply to online activity?

          The Electronic Fund Transfer Act (EFTA) limits your liability for the unauthorized use of your ATM card, debit card or other device (not including credit cards) used in handling an electronic deposit, payment or withdrawal. If your ATM or debit card is lost or stolen, your liability under the EFTA is limited to $50 if you notify your financial institution within two business days of discovering the loss or theft. If you wait more than two business days to report a lost or stolen card but you notify the card issuer about an unauthorized transaction within 60 days of the date the bank mails the statement containing the error, you could lose as much as $500. If you wait longer than that, you may be liable for $500 plus the amount of any unauthorized transactions after the 60-day period. However, to promote the worry-free use of debit cards and ATMs, many financial institutions are voluntarily treating the fraudulent use of those cards as if they were credit cards?that is, a maximum liability of $50 per card, and sometimes less.

          Note: No federal law limits your losses from check fraud, but you do have protections under state law. For example, most state laws hold the bank responsible for losses from a forged check, but they also require the bank customer to take reasonable care of his or her account, including monitoring account statements and promptly reporting an unauthorized transaction to avoid being liable for losses.

        • #3336388

          Excuse me, a few points.

          by guapo ·

          In reply to Reply To: This guy should be stoned… (with rocks)

          Yes, the guy is an idiot. He used Microsoft for business transactions, so he bears a huge load of responsibility. So does the bank for not questioning the transfer, and of course, the criminals. What I find incredible, though, is that thread parent gives Microsoft a free ride.

          And please don’t make a larger fool of yourself by claiming that other OSes are just as insecure.

        • #3336314

          Microsoft has nothing to do with this.

          by kaceyr ·

          In reply to Excuse me, a few points.

          What OS he was running is not relevant to what happened.

          His machine was compromised because he didn’t have any protection installed.

          Please don’t make a larger fool of yourself by claiming that an OS exists that can not be compromised.

        • #3336226


          by buschman_007 ·

          In reply to Microsoft has nothing to do with this.


          Nice reply Kacey. 😉

        • #3336125

          I’m with you Kacey

          by tonay ·

          In reply to Microsoft has nothing to do with this.

          It must be Microsoft’s fault to right? So maybe this guy should sue Microsoft and BofA. Give me a break. I feel sorry for this guy and not knowing all the details I hesitate to judge. If he had no antivirus protection installed then he should admit his failure and fault in this mess. Beats me why some people want to blame Microsoft for everything bad that happens to someones computer, if they think there safe because they are using a Mac or running Linux, they had better think again.

        • #3335923

          Secure OS.

          by mrafrohead ·

          In reply to Excuse me, a few points.

          Is ONLY as secure as the person securing it.

          You can take your nice and secure *nix and bork it by making your su or your root a blank password…

          Now, it doens’t matter how good your OS is, as you just screwed yourself…

          Thank you, come again…


        • #3347483

          I keep hearing this….

          by guapo ·

          In reply to Excuse me, a few points.

          …crap from guys who feel they have to defend their choice of crappy software, but no evidence is ever offered that shows any other OS in the world to be as easy to compromise as Windows. If you believe that any modern distribution of Linux is as easy, out of the box, to crack into as out of the box XP, then you simply don’t know what the hell you are talking about.

          I see you some of you ignored my advice about making larger fools of yourselves.

        • #3333687
          Avatar photo

          Actually in this case even the best OS would not of been any help

          by hal 9000 ·

          In reply to I keep hearing this….

          If the person who is using the thing doesn’t have enough brains to actually secure the thing properly it really doesn’t matter what was being used. Anyway if he is really that silly do you think he could handle a “Nix” Distro? 🙂

          What I haven’t even heard mentioned here is the fact that only one hit world wide has been reported, now doesn’t that sound just a bit strange to you? 🙁

          Even for a Windose box that is a marvelous security response one unsecured box across the whole world is affected.

          The really good crooks would be skimming a few $ off each account and in their own currency so no alarm bells would be ringing when the people get their statements at the end of the month. I saw something similar recently but because each transaction was in US$ it was picked up immediately. If it had of been in the local currency most likely it would never have been notices as each transaction was only about $5.00 per hit and three or four hits per month. Add that across 10,000 accounts and it makes for a decent ongoing income that no one or very few would even notice.

          Col ]:)

        • #3336320


          by mjmarcus ·

          In reply to Reply To: This guy should be stoned… (with rocks)

          Seriously, it’s like you went to an ATM, withdrew some money, walked away, and got mugged. And then sued your bank for it, rather than charging the mugger who committed the crime.
          Everyone knows this is a risk and that they need to be careful – the internet is no different.

        • #3336269

          Reply To: This guy should be stoned… (with rocks)

          by tonythetiger ·

          In reply to Mugged

          How sure are you that “everybody knows”?

        • #3348622

          In todays world possibly

          by chameleon186 ·

          In reply to Reply To: This guy should be stoned… (with rocks)

          Their are many stupid people and many desperate people. I say something is strange with this story. Doesn’t add up and still ask why the bank doesn;t have simple policies to protect stupid fraud. again limits & authorization

        • #3348621

          In todays world possibly

          by chameleon186 ·

          In reply to Reply To: This guy should be stoned… (with rocks)

          Their are many stupid people and many desperate people. I say something is strange with this story. Doesn’t add up and still ask why the bank doesn;t have simple policies to protect stupid fraud. again limits & authorization

        • #3336343

          The gene pool is …

          by techjock ·

          In reply to Maybe he faked it

          It’s wide and very shallow in places.
          It’s VERY possible he was (and is) that stupid.

        • #3336263

          Reply To: This guy should be stoned… (with rocks)

          by tonythetiger ·

          In reply to The gene pool is …

          What’s that phrase…. “the two most prevalent things in theuniverse: Hydrogen and stupidity.”

        • #3348409

          Steal your own money and then sue your bank to get it back…

          by mkrech ·

          In reply to Maybe he faked it

          interesting concept. That would certainly make him a creative thief.

          I am more inclined to believe he is just a wealthy idiot with zealous lawyers.

      • #3336140

        Simple answer…

        by mr. c3 ·

        In reply to Wonder if he

        If the trojan came from the bank’s system, then the bank is at fault. Where is their virus scanner. They have control of the money in this country, can’t they even buy a cheap virus scanner for their own system, or would that keep the bank president from buying his new Mercedes nest week? I have no sympathy for banks. Who is to say they didn’t plant the trojan themselves> I don’t and won’t ever trust them

        • #3336051

          Ahh… Troll

          by red_wolf9 ·

          In reply to Simple answer…

          Hope nobody comes and steals the money out from under your mattress. Do you honestly think :
          A) BoA can’t afford antivirus, and don’t deploy them on their network (keep in mind US banking law).
          B) BoA would go to all this trouble for a paltry 90k?

          Your must be new to trolling.

        • #3349142

          what a waste of disk space

          by jdclyde ·

          In reply to Ahh… Troll

          his account it.

          a member since 99, and this is only the second time he has poked his nappy little head up. And after all that wait, this is what he has to say for himself. Sad, real sad.

          No questions asked or answered.

          Just a regular contributor, huh?

        • #3348616


          by buschman_007 ·

          In reply to Simple answer…

          You might want to reread the story. I think what they are saying is the trojan is on the plantiff’s computer, not the banks computer. Obviously it would be the banks fault if the trojan was on their system. But that’s not the case here. We are talking about an infected user.

          By your same logic, do you really think the pres of BoA is gonna cover this loss out of his own pocket? No, this will go through insurance and in the end, we the tax payers will pay for the plantiff’s ignorance. I for one am not in favor of that.

          He should have been aware since he worked with computers for a living. Even if he lacked the know how he should have seeked the aid of someone more expereinced in security and Virus protection.


        • #3348463

          Even then

          by moira ·

          In reply to Reread

          Even someone smart who works with computers can become the victim of someone smarter (well, that’s the wrong term, because there’s nothing smart about theft).

          But you get the point. It could happen to anyone who embraces the net into their lifestyle.

          To be honest, I don’t even think banks would want to make their customers pay for any losses, because in the long term, they’d be the losers, as customers simply wouldn’t bank with them or be so willing to use the internet for transactions (thereby saving the bank a massive amount in running costs and administration).

          If people are not confident enough to use the net for financial transactions, that’s bad news for every bank and mail order company. Sure, people should take steps to prevent fraud, but it’s impossible to make yourself totally immune and still have an online life!

        • #3348945

          IF IF was all answered in the original post

          by oz_media ·

          In reply to Simple answer…

          Well the bank is NOT responsible because the BANKS security was NOT breached any anytime.

          NO virus at the bank, and if you want to see exactly what measures they have in place, it’s easily found and looked up BY STATE on the main BOA homepage.

          This has nothing at all to do with the bank.

          5 years you’ve been a member here and one of your only posts indicates you didn’t even read the main article(s) in question?

        • #3347994

          Obviously a VERY busy person

          by jdclyde ·

          In reply to IF IF was all answered in the original post

          We don’t have time for facts, they just slow us down and get in the way.

          Move aside, I’m tripping through.

      • #3348610

        We are assuming he had no A/V software

        by buschman_007 ·

        In reply to Wonder if he

        I reread the article and it doesn’t actually say his computer had no Anti-Virus or Anti-Spam software. We are assuming he was ignorant. But what if he had installed these things. What if this variant of coreflood was just newer than his defs?

        Who is liable then?

        We all realize he is going after BoA because he cannot go after the criminal who actually took the money. I don’t feel BoA is liable, just cause they are accessable.


        • #3342546

          Maybe his A/V company?

          by doc dave ·

          In reply to We are assuming he had no A/V software

          Loath to say it as I am, if he actualy did have, there may be some contributary negligence cxase to answer by his Anti-Virus provider.
          I can’t see how that would be the banks fault anyway, so he’d be barking up the wrong tree.

          From what I make of it though, looks unlikely he had anything like a recent/decent anti-virus solution in place.

    • #3337024

      Laugh all you want

      by amcol ·

      In reply to This guy should be stoned… (with rocks)

      I’m generally not sympathetic to people who cause their own problems, nor to those who seek to pass the responsibility for their own mistakes onto others. But you’ve made a broad assumption here that this fellow is wholly in the wrong and is looking for an out at someone else’s expense.

      We can debate from today until tomorrow how much responsibility everyone has for protecting their own PC’s from intrusion. The plain fact of the matter is that there are many, many, many people who are quite brilliant and accomplished in their own fields and at the same time clueless about computing.

      Just because someone’s a world famous brain surgeon with 56 letters after their name doesn’t mean they know how to install firewalls or virus protection, or how to keep those up to date. Or even that they’re supposed to. And just because you know all about this doesn’t mean everyone else does, either.

      I’ve seen CEO’s of Fortune 100 organizations stare blankly at monitors, confused and intimidated at the mere thought of composing an e-mail. That doesn’t make them irredeemably stupid.

      You read what you read in the story. Here’s what I read…an independent businessman who’s trying to make a living and pursue the American dream was victimized by an electronic scam. While he could have done something to protect himself, those in authority (the bank) who also could have protected him, AND HAD A RESPONSIBILITY TO DO SO, failed to do so. As a result he’s suing them. Not for 60 gajillion dollars, but for the amount of money he’s out. That’s all.

      Your condescending attitude toward this, and that of the other posters who appear to agree with you, doesn’t speak well for your character. If the shoe were on the other foot in an entirely different set of circumstances, I suspect you’d want all of us to be sympathetic to you.

      • #3337004

        Condescending personified

        by passwordchanged ·

        In reply to Laugh all you want

        mister mafro’s picture is next to the word “condescending” in the dictionary. chain yanking is his specialty.

        “I object to you. I object to intellect without discipline. I object to power without constructive purpose.” Spock to Trelane, ST the original

        I object to vilifying victims of crimes, such as the man whose banking account was hacked, and the sympathy for the person who was sentenced for releasing a virus.

        • #3337478


          by mrafrohead ·

          In reply to Condescending personified

          I didn’t say that I sympothise with the virus writer. That’s hardly the case.

          But I sure as hell don’t sympathise with some schmuck that won’t accept responsibility for his own actions.

          This guy apparently runs around blaming others for his own misfortunes. He should stand up, act like a MAN and admit his fault. He allowed his computer to get infected, his bank didn’t do it for him. Unless a teller ran over to his house and installed that virus, the bank is NOT at fault, and this guy can rest in piss for not accepting fault for his own worthless shoddy actions.

        • #3337249
          Avatar photo

          Just how many people know who do this?

          by hal 9000 ·

          In reply to Hardly.

          I have a friend who is a brilliant surgeon and I’m constantly on his back to install the latest AV Updates or the next generation of AV product. To him this just isn’t important until he starts getting e-mails back telling him his computer is infected with XYZ virus/Trojan or whatever then it is panic stations and things have to be fixed immediately.

          Now this is on his home computer and he doesn’t do on line banking only has power point slide shows for lectures and the like and for sending/receiving semi-personal e-mail. I was literally bashing him over the head last year to install the new version of Norton’s and it took me 6 months to get in to do it so I stuck on AVG at the same time just to be on the safe side.

          Then for something scary a possible new client that I went out to today, they have Windows 95 unpatched in any way no AV, no Firewall no nothing they just expect the computers to work. The only thing I can say in their defense was the previous manager didn’t touch his computer and had a card system it was the cleanest old box I’ve ever seen but the new manager talks about this being a steam powered computer {That is the only printable thing I can use here :D}

          I fixed the immediate problem which was a data save & reload of Windows 95 which wasn’t all that easy as it’s been a long time since I’ve actually used 95.

          But the best thing that really got me was one dial up Internet connection so if the receptionist wants to send an e-mail or check her incoming stuff everyone else has to get off line so she can do that. Of course the same applies to everyone else and when I suggested networking the units with a single High Speed Internet connection I was asked what a “Network” was! Then I was told we want to keep our existing e-mail address so we need to stay with what we have. I just explained that was not the case and that they could retain their Domain and e-mail address and still have a high speed Internet connection as well as a Dial up connection for the LT when the people where out in the field and I could even connect them to their digital phones so if there wasn’t a phone socket handy they could still dial in to see what was there. They thought I was talking Science Fiction and that this was just plain impossible or it would break the bank to implement. I did explain that using the Cell phones to dial up was expensive but because of the type of work that they do it would allow them to stay in touch but was mainly only as a backup for the work situations when they had to get something urgent through. But the rest was relatively cheap to implement and would in all likely hood be saving them money.

          Then I suggested to the owner that there where tax benefits in having new hardware not to mention the lost productivity with all the old hardware and asked hadn’t their account suggested something similar?

          I’ll see what develops but they sell multi million dollar equipment and that is the best that they have in the place.

          Col ]:)

        • #3336423

          I agree with HAL9000

          by doctordisk ·

          In reply to Just how many people know who do this?

          I run into countless clients in homes and small businesses who just plain don’t know that they should have virus detection.
          They are often really brilliant people in their own fields but just don’t keep up with technology.
          They are often so busy trying to keep up with knowledge about their own profession, they just don’t have the interest or the time to read about much else.
          My worst example a year or so ago, I would not have believed if it had not been me that was called in. A brilliant professor here in Hong Kong asked me to show him how to connect his computer to the Internet. When I arrived at his home, I discovered that his computer had a Z80 processor and was running the CP/M operating system and he was still using it to write up and print out all of his reports on the oldest dot matrix printer you have ever seen. He called me because he was getting sick of everyone he dealt with asking him to use e-mail. Someone had installed the computer for him in about 1985 and got him all set up and he had just assumed that this was his computer for the rest of his life. Thankfully, he has now treated himself to a new PC and is learning it and has good AV.
          These people are actually out there.
          And many times I have been called in and discovered people using on-line banking without a thought to using AV to protect themselves. They know which parts of the Bank’s site to use to do what they need to do and never bother reading the rest of the page. Every bank that I know of here has prominent warnings on their login pages about the need to use AV programs, but the users just don’t seem to read them or even notice them. They are genuinely shocked when I tell them that they could lose all their money if they don’t install AV software. However, most of them take my advice and do so.
          So for some people, we just have to teach them one at a time.

        • #3336381

          AV check

          by highcarbdiet ·

          In reply to I agree with HAL9000

          Is it possible that the banks could have some sort of AV checker to verify that an AV program was running on the client’s pc before allowing a successful connection to their online banking website? At least this would help protect all involved. Thoughts?

        • #3336302

          Reply To: This guy should be stoned… (with rocks)

          by deathtoliberalism ·

          In reply to AV check

          This is so stupid, it doesn’t warrent a reply, but here goes. There are way to many antivirus products to make this feasible, and there is no way for the server side to check if it is up to date anyway. Also, it shows a lack of understanding of security problems for you and others to insinuate that Antivirus software is all you need to protect yourself. What if this SOB got infected through an unpatched IE on a 0-day targeted virus. Should he then turn and sue microsoft. A businessman doing large wire transfers online has no excuse for not paying a professional to care for and secure his business tool. The onus is definetly not on the bank.

        • #3336016

          AV progs didn’t used to find trojans

          by dr dij ·

          In reply to AV check

          You might have meant spyware progs too but till recently AV programs didn’t touch the task of finding spyware.

        • #3336252

          Reply To: This guy should be stoned… (with rocks)

          by tonythetiger ·

          In reply to I agree with HAL9000

          Even some “savvy” users fall prey to some of this stuff. I had a guy who thought if he just clicked on the “X” on a pop-up, thet he’d be OK, until I told him that some malicious program can reprogram that “X” button to run the installation.

        • #3336264

          Not that unusual…

          by sparker ·

          In reply to Just how many people know who do this?

          There has been a lot of discussion about a person really being that stupid as this. Well, I work for a large law firm with some of the countries best and brightest lawyers, but when it comes to their computers…let’s just say they should stick to law, not IT. Sometimes I feel more like a babysitter than an IT tech. They know enough to use the programs they need (barely) but have no clue as to anything else.
          On the other hand, I know how to drive my car, I know where to put the gas and can even change my own oil if I absolutely have to (Thanks, Saturn)but don’t ask me to change the brake pads!

        • #3338000

          So do I

          by moira ·

          In reply to Condescending personified

          “I object to vilifying victims of crimes, such as the man whose banking account was hacked, and the sympathy for the person who was sentenced for releasing a virus.”

          Exactly my point.

        • #3336424

          The Bank bears some responsibility

          by richards_unsubcribe ·

          In reply to So do I

          While the guy bears a lot of responsibility, I think BoA needs to toughen up on some of their own policies and procedures…. maybe I’m missing something here but I find it odd that I damn near need to prduce a DNA sample to the teller before I can cash my neighbours $10 cheque… all the while a cyber criminal, with a few mouse clicks, gleefully cleans out a guys bank account… with the banks help by sending nearly a $100grand over to some no-name bank in crime infested Eastern Europe… How did the transfer take place …over 10 grand leaving the country without the “appropriate” forms being filled out and the authourties being notified first?? …so much for the war against drugs and money laundering.

          I’m going against the grain here but I’m willing to bet the guy will win the lawsuit…. well maybe his $300/hr lawyers will get most of it… I doubt if he’ll get much of it back

          And what about the bank in Europe… they seem to be dragging their feet… the ripoff was pretty well cut and dried yet “paperwork, regulations and investigations”… who says they are not in on the scam.

        • #3336409

          The Bank bears responsibility

          by 6f9g3x802 ·

          In reply to The Bank bears some responsibility

          Isn’t the FDIC also responsible for the loss as an insurance agency? If this crime was not done over the INTERNET do you still think the customer is responsible. For example, lets say my house is robbed and in the process they find a receipt with my account number and then go to the bank and withdraw funds. If the bank does not verify the identification am I still responsible for the withdrawal? It does not look like the bank verified the transfer with the INTERNET. Same unverified withdrawal just a different method.

        • #3336204
          Avatar photo

          But if you left your Bank Card with its pin written on it

          by hal 9000 ·

          In reply to The Bank bears responsibility

          Would you still hold the bank responsible because they used your card at ATM’s to empty your account?

          It’s still stealing but just using technology to perform the crime.

          Anyway this person is supposed to be running a computer related business so he should have known better!

          Col ]:)

        • #3336055

          BoA Website : Your responsibilities

          by red_wolf9 ·

          In reply to The Bank bears responsibility

          From BoA’s section titled “Your responsibilities”

          *Protecting your Online ID and Passcode. You should always guard your Online ID and Passcode from unauthorized use. If you share this information with someone, all transactions they initiate with the information are considered as authorized by you, even for transactions you did not intend for them to make.

          I’m thinking even a mildly competent lawyer could make the argument that you “shared” your information with the hacker. His lawyer better be able to argue that “sharing” was unintentional. And then BoA will counter with “and what did you do to prevent it?” Then it gets ugly for our business man.

        • #3336404

          The Bank does not have any responsiblity

          by rnackerman ·

          In reply to The Bank bears some responsibility

          First, I work for a bank in the IT department and I help manage our Internet Banking application. If I had my choice, the bank would NOT have internet banking. Too many customers have no clue about computers and this is the root of the problem. I have seen customers come into the bank with access problems and just blurt out their username and passwords to the tellers loud enough that everyone can here. We have customers complain that we have put viruses and spyware on their computers. We have customers that complain their computer crashes every time they view a check image online. We ask customers whether they have a virus program or an anti-spyware program and we here “Why, we only go to your site!” We know better.

          We have grandparents write their pin number to their ATM card on the bank and send their grandkids to the ATM for them and when the grandkids clean them out they complain to use about allowing them use their ATM cards.

          We preach we will never ask your password but daily dozens of people speak their passwords out loud. To stop at least some of the fraud, we have stopped the ability to transfer funds out of the bank via internet banking or even to accounts not associated with that person.

          But for years we have seen customers come in and get cashier’s checks to send to all kinds of scams and we can’t stop them. We know it is a scam, we advise them, show them bulletins and notices we have received alerting us to these scams, but still the customer walks out with the check. Some have come back and complained and we tried to stop them, but ultimately it is the customers responsibility.

          Banks have set guidelines to follow and there are a few things we can really do. If the customer has the money they can do just about whatever they want with it. If the customer gives out, or writes down, their pin number for the ATM card or Visa Debit card, the bank cannot be held responsible. The same should be so for internet banking.

          Will BOA be held responsible? I don’t know. They may settle just to quiet it down. But, lawyers have sued McDonalds for serving hot coffee that the customer later spilled in themselves. Who knows what our legal system will do next.

        • #3336348

          Maybe not responsible, but irresponsible

          by jimcandia ·

          In reply to The Bank does not have any responsiblity

          For any banking institution to allow a wire transfer to another bank without requiring the account holder signature is irresponsible. The root of this issue really has nothing to do with the Internet. If all you need is an account number to transfer money then our banking system has already failed and its just a matter of time before someone taps your account.

          My brokerage allows wire transfers but requires a signature document to set up the target account before any money can be transferred. This should be the minimum standard. BoA is clearly irresponsible.

        • #3336298

          A signature is required.

          by kaceyr ·

          In reply to Maybe not responsible, but irresponsible

          That’s why banks have a silly little thing called a “Signature Card”. Before he can initiate a wire transfer, he has to have an account at the bank. That requires a signature card. At some point in time, either when he opened the account or at a later time, he would have had to visit his local branch office to get the wire transfer capability set up, becuase there are some forms that need to get signed (see, that signature again).

          Once it’s been set up, you use a secure log in (which was captured by the trojan on his system) and continue with your banking business.

          The whole point of doing it on the internet is to save you the trouble of going into your local branch office.

          Banks are constantly on the lookout for fraudulent transactions, but a 90K wire transfer won’t even raise a red flag. A common management report in the banking industry is the “Large Transaction” report. It *STARTS* at 100K. Given the amount of the fraudulent transfer, I’d say that the perpetrator knew this.

          According to the article, Bank of America is doing everything that it can, within the law, to get the money returned to their customer. But the first thing their going to do is try to find out if he was running some kind of scam.

          As for the 20K that was already drawn at the receiving end, even if the perpetrator is found, I’d say he can kiss that money goodbye.

          In a nutshell, the bank is not responsible for dumb customers. If you want special coddling, go run to mommy.

        • #3336265

          Transaction was unauthorized

          by webworm99 ·

          In reply to Maybe not responsible, but irresponsible

          He said the transaction was unauthorized. If the transaction is unauthorized by him. The bank must give him the money back, while they do the investigation. It is federal law. Failure to do is a violation of federal law and Bank Of America could be held criminal libel for breaking federal law. He could sue for 1,000,000 if that is the case. For those people claiming he should have virus protection. He may already had that protection.

        • #3336023

          Authorization vs. Authorization

          by kaceyr ·

          In reply to Maybe not responsible, but irresponsible

          Sounds nutty but …

          The article stated that the transaction was “unauthorized” from the account holders perspective. All that means is that it was a transaction initiated without the account holders knowledge or consent. That makes it a “fraudulent” transaction.

          From a data processing perspective, the proper credentials were presented, therefore it was a properly authorized transaction, even though the account holder didn’t initiate it.

        • #3348675

          Ever Used PayPal?

          by ewriggs9 ·

          In reply to Maybe not responsible, but irresponsible

          You don’t have to “sign” a signature card to set up PayPal to access your bank account. I don’t remember at this point if the original post told us whether the transfer was 90K or a series of smaller transfers that totaled 90K. But I can send all kinds of money via PayPal to various places without any questions either from paypal or my Bank. I suspect the electronic transfers are the same. ISTM that all aspects of electronic bank transfers need to be reviewed and revamped – big time!

        • #3349359

          But PayPal is not a bank

          by kaceyr ·

          In reply to Maybe not responsible, but irresponsible

          And that’s a very important difference (especially since they were taken to court in Mass. for operating an illegal bank).

          PayPal is a contractual third party for handling monetary transactions. The accounts that they use to hold the funds are merchant accounts that are held a various banks, but they themselves are not a bank and do not perform “banking practices”, that is, they make their money off of processing fees, not interest on money they’re holding for others.

          They transfer the funds to where they need to go based upon the request of the buyer/seller. If a bank that they’re using has a restriction, then the funds transfer gets restricted.

          Also, to become a “verified” PayPal account holder you have to provide personally identifiable information such as a bank account at a US Bank and/or a credit card application that includes your social security number.

          On another note, your first sentence is correct: “For any banking institution to allow a wire transfer to another bank without requiring the account holder signature is irresponsible.”. However, this only applies to the SENDING account. There is no requirement AT ANY BANK ON THE PLANET to disallow a funds transfer INTO an account. The fact that this guys company does regular wire transfers already indicates that the bank already has signed permission to conduct this type of banking business.

        • #3336212
          Avatar photo

          Maybe I missed something here

          by hal 9000 ·

          In reply to The Bank bears some responsibility

          But I didn’t see it printed that it was just one transaction for the transfer. In fact since the other bank is holding some of the funds at least they have done the right thing but as yet have not been contacted by the right people to return the money.

          BoA wasn’t responsible for the transaction/s their systems where not breached so the person who is responsible should be the one making the claim for the return of the funds. If BoA got involved even if only for “Good Will” they would be setting a legal precedent and leaving themselves wide open for every boy and his dog to take action against them for things like this.

          This is a perfect example of user beware and use things at your own risk. But on the other hand just how many people go shopping for their food and other things and pay for it by plastic? Do you know what the banks get when you pay by plastic a complete itemized list of everything that you have brought where and when.

          They then compile this data and sell it on to interested parties who may be telemarketers or anyone else who has a new product that they want to push.

          Col ]:)

        • #3336164

          Reply To: This guy should be stoned… (with rocks)

          by tonythetiger ·

          In reply to Maybe I missed something here

          The precedent has already been set. They limit liability for fraudulent credit card transactions to $50.00.

        • #3336146
          Avatar photo

          But Banks do not run the Credit Card

          by hal 9000 ·

          In reply to Reply To: This guy should be stoned… (with rocks)

          Companies they are a seperate entity.


        • #3336389

          Who really got hacked here?

          by amanabala ·

          In reply to Condescending personified

          Hello all,
          I think user was well, negligent in protecting his confidential information. I agree with this poster that the user may not have been savvy enough (and he is not expected to be savvy – he has other things to worry about…) to protect his computer – he should have atleast not stored his passwords on his machine. We all know the risks of storing account numbers and password for online banking / credit cards on the local harddrive as cookies. Once a computer is compromised, regardless what worm/trojan attacked the computer, that information is vulnerable. He should have known that and someone should be telling him that he has the responsibility for protecting his information, which, btw, is in the online user agreement that we click “I Agree” without giving a second of our time.

          On the other hand, while I do not agree with the claim that the Bank did not do enough to protect this user’s account, I think they are responsible as well. The banks systems did their job perectly well: the user id and password presented are valid and the transaction is honored. I think the bank goofed up by sending that kind of money to a foriegn bank without raising a redflag and probably a Patriot Act violation.

          I think the user should be compensated – for the amount he lost from his account, not a penny less not a penny more. I think Bank of America should be penalized, not in a Tort Case but by Federal Regulations.

          I rest my case.

        • #3336043


          by red_wolf9 ·

          In reply to Who really got hacked here?

          Do you have any idea how many international banking transactions are made hourly. Our economy would crumble if each one was subject to government review. Use of the Patriot Act as an example is almost laughable.

          I think the user should have his case publicized all over the world as a shinning example of computer ignorance and then have his case thrown out. If even one (L)user decided to install AV after reading that it would be a victory.

        • #3336377

          Personal Choice – not institutional responsibility

          by the docman ·

          In reply to Condescending personified

          Would you hop in the cockpit of a 747 without proper training… or without a proper pre-flight check?

          This fellow had a responsibility to know what he was doing BEFORE using his online banking service. He still has a checkbook, access to ATMs, and bank branches, and could have conducted all of his banking WITHOUT his insecure, virus-ridden PC.

          He made the choice to step into the abyss, and is solely responsible for the consequences.

          This type of PC user is also responsible for propagating most of the ugly viruses and spyware out there. Maybe the whole PC community should file suit against him for all of the lost man-hours and bandwidth he has stolen from us!

          What ever happened to personal responsibility?

        • #3336374

          Where the problem really lies…..

          by robert.d.lewis ·

          In reply to Condescending personified

          We are too quick to vilify the user here. The issue is poorly designed and written software. Microsoft has given substandard software for years. And now…

          Now, even professionals no longer blame the culprit, but the poor schmuck who doesn’t know how or what to do to protect himself. If the microsoft operating system were a car, it would have been recalled long ago and sued within an inch of its corporate life.

          That being said, I don’t think Windows is all bad, but they have not lived up to their responsibility to give us the product that consumers deserve.

        • #3336288

          Another Microsoft basher.

          by kaceyr ·

          In reply to Where the problem really lies…..

          So you’re answer is to sue Microsoft?

          Go for it. I just want to watch when the judge smacks your around for being stupid.

          “… but they have not lived up to their responsibility to give us the product that consumers deserve.”

          Are you really that obtuse?? They create a product that you *CHOOSE* to use. If you feel the product is inferior, don’t use it. It’s a simple solution. There are other OS’s out there. Of course, they’re *ALL* susceptible to trojans. If you believe otherwise, then you’re just as stupid as the guy who’s on the internet with no firewall and no virus protection.

        • #3336274

          Actually Trojans are MS

          by timeros ·

          In reply to Another Microsoft basher.

          I prefer MS . .”All Hail Bill Gates” ,but the truth is LINUX doesn’t take trojans. They have a thing called “Malicious Code”. The actual known trojan is only suceptible in MS.


        • #3336245

          LINUX doesn’t take trojans??

          by kaceyr ·

          In reply to Actually Trojans are MS

          Exactly what do you think a trojan is?

          A true trojan is a program that advertises that it does something, and actually does it, while capturing data or exploiting other parts of your system at the same time.

          The protections that are built into Linux have nothing to do with the trojan getting in. They have to do with the trojan’s inability to get the information it gleaned out to a target.

          So …… just thinking off the top of my head here, if I were to create a trojan that targeted Linux, I would have it collect the types of information I was looking for, then attempt to initiate a socket connection, and if successful transmit the captured data. Such a trojan could easily lay dormant until the day the user forgets that they’re logged in as root and they fire up the application.

          Not a difficult design. The single biggest problem with trojan code is creating a carrier application that someone will want to use.

          IMHO, the only reason we haven’t seen any trojans like this in the Linux world is that Linux still not a widely used end-user desktop OS, which makes targeting Windows the logical choice.

        • #3336189
          Avatar photo

          But Unix is

          by hal 9000 ·

          In reply to LINUX doesn’t take trojans??

          And it also runs on every large business mainframes or server farms as MS doesn’t have anything scalable enough to actually fill this slot in the market.

          These places are a perfect target as even a million dollars wouldn’t be missed quickly but for some reason they just do not get hit from outside {at least.} There is a reason that Windows gets targeted so often and that is because it is just easier to hack.

          Col ]:)

        • #3336019

          Your right, Col,

          by kaceyr ·

          In reply to LINUX doesn’t take trojans??

          That’s why a trojan or virus like this one can be successful. Chances are that this guy is running Windows XP Pro, and he’s *always* logged on with an account that has Administrator rights.

          From an end-user perspective, really bad. From a virus/trojan perspective, PRIME TARGET!!

          I always hate admitting it (being that I’m a Windows guy), but if I were doing large transactions (over $1000/transaction) on a regular basis as part of my business, at the very least I’d have a Linux transaction processor acting as an internal clearing house. That way I could set my own thresholds and I’d get flagged about a huge transaction before the bank ever sees it. And that baby would be locked down tight!

        • #3348638


          by red_wolf9 ·

          In reply to LINUX doesn’t take trojans??

          Hehehehe… that’s a good one, only M$ get’s Trojans, let’s keep telling the Micro$ofties trojans don’t affect Linux, that will make then change OS’s.

          FYI… here is a Linux Trojan from way back in 2002

          But let’s just keep it between us 😉

        • #3336186

          MS Trojan?

          by techjock ·

          In reply to Actually Trojans are MS

          That’s funny. Isn’t that what BillG calles Linux and the GNU?

          {/me takes out soapbox, so stop reading if you don’t want to see a rant}

          Seriously folks. Modern Operating Systems are complex monsters. They are so large that NONE of them are 100% secure, stable or reliable. Some are better than others, but then others have better marketing teams!

          While I blame Microsoft for a lot of shady business practices, I don’t really blame them for a crappy OS.
          (Heck, if you listen to some of the pundits, MS didn’t write it anyway, they either stole it or bought it and hacked it so it all seems to work together.)

          Anyone who wants to believe that the non-MS OS’s are secure should try taking a look at the vulnerability lists. The primary reason that you don’t hear about nasty worms and viri for systems like UNIX and Linux is that these OS’s are fairly complex to setup and maintain. It means that their Administrators are aware of the risks, or rapidly become so, and when a package is found to be vulnerable, they patch it, and they tend to run firewalls (the horror!). They also don’t tend to surf the WWW from their server machines, and they don’t log into their workstations with Admin rights very often.

          How do they know to do this?

          Were they born with this level of paranoia?
          (OK, some were!!!)

          NO!! They learned it because they paid attention to the collosal mistakes of others. It’s actually a good basic business practice people!!

          It’s just as much of a cop-out to blame Microsoft (or Apple, AT&T, RedHat, or SCO {yeeech!}) for insecurity in their OS’s as it is to blame BoA for the businessman’s losses.

          Too many people today buy into the idea of PC’s as appliances. They are not. They are tools, dangerous ones at that. I like wood working, but if I slice off my fingers on a table saw, who’s fault is it? My saw has a guard on it, that makes it safe right? NO, it has a large spinning disk that can HURT ME!

          My PC (a tool) also has a spinning disk in it that can hurt me. I treat it with respect and keep it properly maintained. That means patching it, keeping AV current and running, and keeping stangers away from it (firewall & router).

          I also like the automobile analogy. If you fail to lock the doors on your car, and leave the windows rolled down, then someone steals it, do you go sue the manufacturer? “It was a Hot Day for goodness sakes, you should have made the locks automatic.” But don’t let them lock their own keys in the car. And you have to tell them where their car is now so the cops can go retrieve it, but don’t invade their privacy and tell the cops when they speed through town.

          GOD I get so tired of simpering, crying, fussing, punk a$% morons!! Open your eyes, enjoy life, and when you mess up, fess up, correct the problem and get on with life.

          Life’s too short for this kind of crap!

          {/me puts soapbox away for now}

        • #3336015


          by kaceyr ·

          In reply to MS Trojan?

          Nice rant. Right on the mark.

        • #3335990

          Auto Analogy

          by dr dij ·

          In reply to MS Trojan?

          What the first guy who mentioned the keys in car failed to mention is that if the insurance company finds out you left your keys in car and got stolen, many times (or possibly always if they find out) they will NOT PAY as you shirked your responsibility to keep your property safe.

        • #3348672

          You could replace …

          by ewriggs9 ·

          In reply to MS Trojan?

          your tablesaw with a radial arm saw. Still has a big dangerous spinning disk, but it goes where you put it – there’s even a blind female woodworker who uses a RAS! I’m not blind, but I’m female and I use a RAS for cutting up my lathe blanks.
          Same analogy, though with the OS – use a “safer” OS and your risk goes donw, but NO OS is truly “safe.”

        • #3336239

          You have missed my point entirely

          by robert.d.lewis ·

          In reply to Another Microsoft basher.

          I am incredulous that you apparently believe that Microsoft has no liability in this situation. And just so you know, many laws are passed to protect “stupid people” who don’t fully understand all of the ramifications of their actions.

          Example: If you leave your credit card on the seat of your car, with your windows down, you only have a liability of $50.00 if someone steals your card. This is a similar situation.

          Windows is not a fully mature product and we are testing it for microsoft. If you had a car which was built with faulty brakes and it caused you to have an accident, would you blame the builder or would you blame yourself for not buying the service of a mechanic who would check your brakes on a daily basis to tell you if they were defective?

          Why is this situation any different? Microsoft has an ethical duty to provide a safe and secure product. They have ignored that duty for years. The vulnerabilities are there and Microsoft knows it. And they are still doing far too little to fix the problem.

          So, you want to blame a guy who isn’t as smart as you about viruses? Good job!

          Ignoring the problem and the refusal to put blame where the blame really lies is the result of unclear thinking on your part.

          I would like to add that the government requires anyone who wants to drive a car to pass a test. If the same requirement existed for PC’s, then you might have a point. But until that happens, I think you should stop blaming the victim.

        • #3336181
          Avatar photo

          Unless of course the Victim

          by hal 9000 ·

          In reply to You have missed my point entirely

          Is in a IT related field!

          That is the case here and he should have known a lot better than what appears to have happened in this case.

          The whole thing just doesn’t gel with me and I’m suspicious of the entire thing.

          Col ]:)

        • #3336039

          Yeah BUT…

          by red_wolf9 ·

          In reply to Where the problem really lies…..

          Being a Card carrying member of the Micro$oft Haters club myself I can agree with the car analogy. Unfortunately there are two greater issues:
          A) Software makers have a sweetheart deal when it comes to EULA’s, they current have the right to sell you totally worthless code and you can’t do anything about it, their working is much prettier though.
          B) People that don’t follow even BASIC computer safety will continue to get exploited, it does not matter what OS they run. Stupid users on Unix/Linux/or even Apple are no different then stupid uses on Windows. It’s sad but true.

      • #3336948

        No this guy is an idiot, the bank did no wrong

        by tomsal ·

        In reply to Laugh all you want

        I read your entire post and while I think its good that you obviously have compassion in your heart — after reading the full news story about this guy I fully disagree with you.

        I do my personal banking online all the time, I do my own money transfers all the time. I know that when I do business online, I have to be aware of the risks involved. This is not being computer savvy, this is not being brilliant even…ITS COMMON FRIGGIN SENSE!

        My sister who barely knows anything about computers for example, she has common sense enough to update her virus definitions and do scans on a regular basis, keep her firewall updated and be anal about protecting her passwords.

        Of course I gave her the advice — all of a 15 minute conversation, because she had the COMMON SENSE to ask about something she didn’t know anything about BEFORE doing financial business online.

        YOUR mentality and others who think the same as YOU, makes me sick…its one of EVERYONE ELSE is always responsible for my bad, my faults, my mistakes and its NEVER my fault. What you are saying is that ignornace negates all self-responsibility. BULLSH*T! If this guy’s machine was clean of virus infection, if he had a firewall, if he used strong passwords, if his software was fully patched, etc. AND THEN this happened…then I *may* feel some sympathy for the guy. But that isn’t the case, so therefore I don’t.

        End of story.

        • #3336925

          Your passion clouds your vision

          by amcol ·

          In reply to No this guy is an idiot, the bank did no wrong

          You say you read my entire post but apparently not very carefully. I don’t know where in anything I wrote you got the idea that I was saying the bank is wholly responsible and the man’s ignorance excuses his own culpability. Quite the contrary.

          There’s no question this man had a personal responsibility to protect himself. Just as there’s no question he (and anyone else, for that matter) has no right to expect any redress when he’s the victim of his own screw-up.

          That’s not what happened here, however.

          He didn’t have proper or sufficient intrusion controls in place. That’s his mistake, and he should pay for it. The bank, on the other hand, did nothing to protect their customer. They processed a transaction that should have rung every alarm in the building.

          Read the article again. It says he was regularly wire transferring money in the US and to Latin America. What possible business could a Miami printer ink and toner dealer have in Latvia?

          Have you ever received a call from your credit card company questioning a transaction? I have. All retail financial institutions have very sophisticated pattern recognition software that makes sure if you’re the type of consumer who mostly makes small purchases on the East Coast, a very large purchase on the West Coast is something that should raise a flag.

          High quality, responsible financial institutions perform this service for their customers. This bank didn’t do that. Therefore, they have some responsibility here.

          You’re so angry about this man not protecting himself, so let’s look at something else the story talked about. After reporting the bogus transaction to the authorities, the US Secret Service was called in and had to do a forensic examination of his PC in order to identify what happened. You expect that your normal, average, everyday jerk is going to be able to protect himself against something the government had to be called in to uncover?

          Don’t get me wrong…I don’t buy for one nanosecond his shyster’s argument that the bank should have known about and warned its customers about Coreflood, therefore they’re responsible. But we’re talking about Bank of America here. This is a major financial institution. In the IT shop I run, I put out a weekly PSA to my entire customer community on whatever current threat is out there that I think they should know about. Sometimes I talk about phishing, sometimes virus protection, sometimes product features that if used incorrectly can create problems. No one asks me to do that, but it’s all part of my customer service.

          This man didn’t protect himself and he should take some responsibility. The bank didn’t protect him either, and they bear some responsibility for that. I don’t see this as black and white as you do…it’s a shared responsibility, and since the man’s only asking for his money back I don’t think he’s deserving of the vitriolic reaction the original poster had.

          Nor do I think I deserve your insulting post, considering you obviously didn’t read either the article or my post too terribly carefully. Think first, write last.

        • #3336920

          If you think that post was insulting, you must be very sensitive

          by tomsal ·

          In reply to Your passion clouds your vision

          I still disagree with you – strongly. If you think my post was insulting to you, that is something you have to deal with yourself — because I said nothing intentionally defaming you or solely to hurt your feelings. I should add, that I believe my post matched the tone of your original post in fact.

          Like another poster on here pointed out, should a bank call their BUSINESS accounts (that regularly do large dollar transactions) every single time? I think that is unreasonable. Our own company here does WAY more $90k transactions every month and we don’t get a call each and every time, even if it’s switching locations.

          I stand by my post therefore. Like I said if you feel you were insulted, well my gut reaction is – I matched tone with the tone you set first and if you feel badly about it — that’s something you need to deal with.

          I did read the article and I did read your post…Think first write last….I find that insulting. 😉

        • #3336902

          You’re still not reading carefully

          by amcol ·

          In reply to If you think that post was insulting, you must be very sensitive

          I see no difference between a bank’s responsibility to their personal and business customers. I expect my bank will call me if the pattern of my credit card usage is inconsistent with past usage. I pay fees to the bank to get this and other protections. If I don’t get this level of protection, then thank God I live in a free country because I’ll just take my business elsewhere.

          Likewise, there’s no difference in the management of business accounts. No, the bank shouldn’t be expected to call any account, business or otherwise, every single time. However, when the usage pattern is clearly different, then yes, absolutely, in that case it’s far from unreasonable to expect the bank to follow up.

          Not that it matters at all, but I didn’t say i was insulted. I said your post was insulting. My skin’s pretty thick. I was objecting to your use of phrases such as “YOUR mentality and others who think the same as YOU, makes me sick”. Should I not find that insulting?

        • #3336887

          From your own post…

          by tomsal ·

          In reply to You’re still not reading carefully

          “Your condescending attitude toward this, and that of the other posters who appear to agree with you, doesn’t speak well for your character. If the shoe were on the other foot in an entirely different set of circumstances, I suspect you’d want all of us to be sympathetic to you.”

          That’s what I was referring too when I said I merely matched my tone to the tone of your post. WE used different words, mine were intentionally said to prove a point. If you don’t think what you posted (as I pasted above) isn’t the same as what my line was..then you really have my logic confused.

          I still disagree, but others on here make the point that I support much more clearly than I do – I admit that. I don’t believe the bank is at fault in this particular case BASED ON WHAT THE ARTICLE if you show me an expanded version of the article with more information that hints that someone slacked at the bank..I’d love to see it and then my opinion could be altered.

          Bottomline this is a dangerous precedent to be set if this guy wins in court.

          And I read your other replies to other posts. I certainly think ANYONE (pick the most uneducated person on the planet or the most brilliant…doesn’t matter) needs to be responsible. You seem to be insisting the bank has a responsiblility to protect the consumer and I’m not saying this isn’t true. I’m saying there has to be a point where the customer is liable for their own ignorance.

          It doesn’t seem unreasonble for a regular business account that is used all the time for large transactions, using secured connections that the bank doesn’t call the customer on every transaction. Even if it is to a different location. Now where I’d be on your side is if Latvia (or whatever place the money went to) is on the “no no wire transfer list” of countries yet they let it go.

          I just think the answer is extremely simple — if you know NOTHING about using computers/the Internet why would you just go ahead and transfer $90,000 over it. That’s putting a lot of faith in something you don’t understand. In my world, that’s called ignorance.

          Ignorance is no excuse in this case.

          If you don’t know — you ASK!.

        • #3336882

          OK, now you’re talking

          by amcol ·

          In reply to From your own post…

          You’re absolutely right…all we know is, as you say, “based on what the article says”. It’s slanted, as all articles are, to make a particular point.

          A dirty little not-so-secret secret of the media is that you don’t just find editorials on the editorial page. EVERYTHING in the media is editorialized…of course it is, because it’s created by free willed human beings who all have their own point of view, and deliver news reports through media outlets that all have particular editorial policies.

          This article’s intent was for us to shake our heads at the NERVE of this man, who DARED to think that he could make the bank pay for his obvious mistake. OK, maybe because I’ve worked thirty years in Fortune 500 financial institutions and have a wee bit of knowledge about this subject, I’m in a better position than most to be able to read between the lines.

          Let me help you a bit with your logic. You say you matched the tone of my post, therefore it wasn’t insulting. Or, it was only as insulting as mine. My comment about “think first, write last” referred to the fact that the strong words I used to refer to the original poster were included on purpose. I meant to be insulting. I thought about it first, because I found his attitude and the way he expressed himself to be immature and imbecilic. Your post smacked of emotionalism, and since you strike me as an intelligent person I doubt very much if we were face to face you’d say what you said.

        • #3336904


          by awfernald ·

          In reply to Your passion clouds your vision

          I just read your next response, and am flabbergasted 🙂

          Basically, what you are saying is that because US Secret Service agent was brought in (standard response to international monetary wire fraud) to trace what happened, that this guy couldn’t have protected himself?

          “You expect that your normal, average, everyday jerk is going to be able to protect himself against something the government had to be called in to uncover?”

          As far as the “wiring money to Latvia” vs. “credit card … raised a flag” statement. The money wire was made with a trusted account (the business owners), using a secured connection, assuming that the appropriate user name/password was used, the bank assumed it was real. Of course, credit card fraud is a totally different animal. Get the number, get the name/zip code, and it’s easy to scam.

          The trojan virus with wire money fraud is relatively recent compared to the sophisticated software they use for tracking credit card systems. Also, I believe that it’s the credit card companies that utilize the software, not the specific issuing financial institutions, so, BoA may/may not have this type of software available, unless they have their very own, internally processed credit card.

        • #3336893


          by amcol ·

          In reply to wow

          Thank you. You’re proving my point.

          My original objection to the original poster was his preposterous, condescending attitude that anyone with a single functioning brain cell knows enough to do whatever is necessary to protect their PC’s, and the fact that this guy didn’t do that means he’s solely, 100%, no questions asked, completely responsible for the consequences.

          My position is that it ain’t necessarily so that even smart people know enough to take the necessary technological precautions. More importantly, I’ve also been saying that while the guy is certainly a victim of his own ignorance he’s not in any way solely responsible. The bank has to shoulder a fair share since they didn’t take reasonable steps to protect their customer.

          You say this particular trojan virus is relatively recent. OK…so if the bank doesn’t have the software to deal with this, we should expect some poor schnook running a little retail store in Miami to be able to do so?

          In no way am I saying this is like that woman who sued McDonald’s because she burned herself on their hot coffee when she spilled it in her lap. For her I harbor zero sympathy. This guy, on the other hand, certainly should have taken more proactive steps to protect his electronic assets…however, he’s not only the architect of his own demise and a victim of the thieves who ripped him off, he’s also a victim of a corporation that could have done more to protect its customers than it did.

        • #3336884


          by awfernald ·

          In reply to Sigh….

          It reminds me more of the case of our local school district losing over half a million dollars over a two year period due to fraudulent checks cashed in a bank in China.

          The school blames the bank for taking so long to recognize the fraud and reacting, and of course, everyone else is wondering why the school district NEVER caught the fraud, even though following simple standard accounting practices like balancing your checkbook would have caught it almost immediately.

          I actually think (due to the level of a large part of internet users out there), that the computer vendors need to take a more active role in protecting the user base by providing as a standard anti-virus/anti-malware software, and providing in writing some specific instructions as far as how-to protect yourself.

          This will NOT happen due to economics, but, as I am currently starting small business building custom computers, I’ve already put this in as a standard, specifically to reduce the amount of follow up support I’ll be expected to provide.

          The user is the one ultimately responsible for his account, and regardless of what the banks actions/inactions in this case, the user took some sort of risk which resulted in him getting a virus. Was this his fault? maybe, maybe not, maybe even if he DID have his anti-virus software updated, that particular virus would have gotten through due to it’s “newness”.

          However, if he did have anti-virus installed, and up-to-date, and if he did have a personal firewall program installed which blocked outgoing communications unless specifically permitted, and he did read all the popups and didn’t blindly click on “Yes” to everything, etc…. I would say that he probably would not have gotten “screwed” by the bug.

          So, in summary, I think we all agree that the USER is the one to blame and be held responsible, and I think we also all agree that the BANK could take some action (at a large pricetag though) that would have prevented this, and further, though I haven’t read elsewhere about this, I think we all will probably agree that the computer INDUSTRY and the internet PROVIDERS could have taken some actions (whether training or packaging) which would have averted this situation.

          However, in this case, the user will get his money back (BoA is already working on this), and everyone will go along all happy, and maybe 3-4 years down the road, one (or all) of the above groups will take some type of action that would assist in preventing this type of stuff from occurring.

        • #3336880

          Be careful

          by amcol ·

          In reply to Actually…

          I agree with most of what you’ve said, but not with the part about computer vendors not including perimeter controls due to economics.

          They don’t include this stuff to limit their own potential legal liability. If PC providers included antivirus, antimalware, firewall, etc., then we could all claim when hacked that it wasn’t our fault but that of the provider.

          In a way that is economics, although I suspect you meant it as a reference to the price of the software and not the cost of losing lawsuits. If I were you, I’d think about this in light of the business you’re starting.

          This is precisely what this news article has been about, and the crux of my position in the matter. The guy is partially responsible because only he could have put appropriate protections on his own PC, but the bank is also partially responsible because part of their service is to catch suspect transactions before they’re executed. It’s a shared responsibility.

          In your case, you’re proposing to put the protections in place on the PC’s you provide. Your service could be interpreted as providing complete protection, and might make you solely responsible for any nastiness that results. I’d consult with an attorney well versed in this area of the law if I were you.

        • #3336857

          Already have the legal disclaimer done

          by awfernald ·

          In reply to Actually…

          basically, even if they follow the instructions to the letter, there is still a risk of an infection, and my company is indemnified against all damages, losses, etc… yadda yadda.

          Basically, the only thing I’m responsible for is that if they have a virus/malware issue, then I am responsible (for a service fee) for fixing it, or they can restore from the install CD, which of course wipes their hard drive.

        • #3337469

          Actually, they do…

          by mrafrohead ·

          In reply to Actually…

          “They don’t include this stuff to limit their own potential legal liability. If PC providers included antivirus, antimalware, firewall, etc., then we could all claim when hacked that it wasn’t our fault but that of the provider.”

          Microcrap is building their malware program as we speak. You can get the beta version right now if you so desire, and XPSP2 has it’s firewall.

          MS also acquired an A/V company not too long ago, and has researched starting their own AV program.

          Computer vendors sell their boxes with Windoze, which means it comes with these products…

        • #3337240
          Avatar photo

          First thing

          by hal 9000 ·

          In reply to Actually…

          Don’t ever write something down and expect it to be read. I do exactly the same as you are doing and while I do provide written documentation with every system I don’t expect it to be read so I tell them. Over and over in as many ways as possible about the {potential} problems of Electronic Fund Transfers I also tell them right from the start not to expect any guarantee on HDD’s that are used in computers where EFT are used as it is just far too dangerous to let the data out of your control and a HDD is far cheaper.

          Now for the Bank in question, they will be factoring in fee increases to cover their loss in this particular incident that everyone will be paying in the future.

          I’ve worked for banks and the only certainty with them is that they are going to make money out of each and every customer that they have no matter what! If you don’t like it they think you are not worth the effort and welcome you taking your business elsewhere as they in all likelihood will still be making money of you in some form further down the line.

          The only good thing to come out of this story is that I’ve sent it to every one of my customers to help reinforce just how potentially dangerous Electronic Banking actually is, it really makes them sit up and listen when they realize that they can be hit in the hip pocket so they then if only for a short time keep things up to date before the next jolt that comes along to get them to do the right thing again. Some people for unknown reasons just have to click on the “YES” button every time it appears without thinking. While they drive me nuts they also keep in a job so I shouldn’t complain too much.

          Col ]:)

        • #3337472


          by mrafrohead ·

          In reply to Sigh….

          So you’re what I’m reading here is that before you log into your bank site and initiate and “personal information transfers” that the bank should FIRST run a full virus/trojan scan on your computer to verify that you haven’t allowed yourself to be compromised?

          Dude, you have to live under a freaking rock to not know that AV/FW is damn near mandatory.

          The bank legally needs to encrypt the signal, if the end user has a logging program on their end, how is the bank supposed to do anything about that, or even be able to KNOW about it without violating your privacy. If they just did a scan on your box for bugs, that would be an invasion of privacy and then there’d be some other jerkoff complaining about that.

          Your own computer is your OWN responsibility. If you aren’t ABLE to run it then do the rest of us a favor and DONT! It’s not different than driving a car. If you can’t do that either, then just don’t.

        • #3338395


          by awfernald ·

          In reply to what???

          Or they could require all of their clients to obtain bio-authentication devices, and have their own techs go out and set it all up, etc…

          Of course, that’s kinda expensive as well, but, one day soon.

        • #3337475

          Are you kidding me???

          by mrafrohead ·

          In reply to Your passion clouds your vision

          “What possible business could a Miami printer ink and toner dealer have in Latvia?”

          What possible business could a Miami printer ink and toner dealer have in Latin America???

          ” the US Secret Service was called in and had to do a forensic examination of his PC in order to identify what happened.”

          They probably JUST installed a freakin a/v program to just take a peak.

          “The bank didn’t protect him either, and they bear some responsibility for that. I don’t see this as black and white as you do…it’s a shared responsibility, and since the man’s only asking for his money back I don’t think he’s deserving of the vitriolic reaction the original poster had.”

          The bank owes us nothing! And I don’t feel that I should have to pay for this jerk being stupid and ignorant and lazy! Yes, that’s right, you and me will pay for this (if you are a BoA customer).

          “Nor do I think I deserve your insulting post, considering you obviously didn’t read either the article or my post too terribly carefully. Think first, write last.”

          Per TomSal’s response, I believe that he was talking about readint the “news article” not your post front to back. If that’s the case, as that’s how I interpretted it, follow your own advice…

        • #3336376

          then a lawsuit is not neccessary

          by halonsx ·

          In reply to Your passion clouds your vision

          the bank and FBI should look into the problem and fix it…..since the user is partly responsible.

        • #3337477

          Not to mention!

          by mrafrohead ·

          In reply to No this guy is an idiot, the bank did no wrong

          “Of course I gave her the advice — all of a 15 minute conversation, because she had the COMMON SENSE to ask about something she didn’t know anything about BEFORE doing financial business online.”

          And TomSal didn’t have to drive to this jerks house to do what he did with his sister because the NEWS does it almost NIGHTLY!!!

          “Microsoft just released a precedent setting 10 patches”

          “Beware, there is a new virus on the loose”

          “Users make sure you have updated your computers and your antivirus because…”

          This guy owns his own business, means he’s probably a smarter guy, which means he probably reads or watches the news, which means he has NO EXCUSES!

          Now his bitch ass is going to sue BoA and cause all of it’s customers to get increases in fee’s to cover the costs of the case. I think that if he is allowed to go to trial, he should have to mail me a check for 7500 bucks to cover MY costs to cover his sorry, waste of skin, ass…

        • #3336443

          Compassion your strong point then

          by tgf.peter ·

          In reply to No this guy is an idiot, the bank did no wrong

          Everyone agrees that all users should be aware of security risks when using the internet. However banks which are financial house that exist to make a profit from their customers have a duty of care to the customer. They should advise, with specific details, to give customers an adequate degree of protection. They are powerful institutions with plenty of professional IT advice at hand. The only reason is the ridiculous way that everyone in the US seems to sue everyone else for everything. The result is that no-one will offer help and advice. Its your own fault for being so greedy – you’ll just have to live with it.

        • #3336197

          Reply To: This guy should be stoned… (with rocks)

          by tonythetiger ·

          In reply to No this guy is an idiot, the bank did no wrong

          Your sister is very fortunate to have a brother like you. Not everyone is so fortunate. At least 80% of people who buy computers don’t know everything they need to know to operate it safely. What’s worse, they don’t know that they don’t know.

        • #3336170
          Avatar photo

          Most “Home Users” don’t even know what they are buying

          by hal 9000 ·

          In reply to Reply To: This guy should be stoned… (with rocks)

          Just ask any home owner who has recently brought a new computer what size HDD they have. My guess is you will be told how much ram is in the thing if anything at all.

          They rely on the salesman to sell them what they need and while they may quibble on price of some items they generally get something close to what they need.

          But Business is a different kettle of fish they should have professionals on hand to at the very least advise. Do you think that this guy doesn’t have a Legal Adviser or a Tax Adviser? Why then doesn’t he have an IT Adviser or if he does why did he chose to ignore the advice given to him?

          Col ]:)

        • #3335939

          True but that’s primarily my point though

          by tomsal ·

          In reply to Reply To: This guy should be stoned… (with rocks)

          My point *is* that many folks don’t have knowledge one about computer, the Internet, etc.

          And that is why I think its not asking too much or far fetched at all to say that if you don’t know something and you are dealing with your own financial transactions (that pay bills, feed you and your family, etc.) it’s as obvious as daylight to me anyway that you’d ask questions.

          If nothing else but simply “How do I know its safe?”.

          Call this part of my post cruel or whatever — but if you are too ignorant or too stupid to be responsible enough to ask things about something you don’t know BEFORE you send your presumably hard earned money over the wire…then in the nicest of terms you shouldn’t even think about Internet banking (or using a computer), in more blunt terms — then that person is an idiot.

          Someone used an analogy before so let me take a shot at an analogy….

          You wouldn’t leave your check book out in the open in a crowded restaurant would you? How about just leaving your wallet out with the cash visible?

          Well if someone is thinking “No way, of course not! That makes it easy to steal!” to those analogies then why would you just blindly log into your bank and do a transfer with no clue on if your system is secured in any fashion?

          Again, this all comes back to IGNORANCE IS NO EXCUSE.

      • #3336916

        Actually, with what you are saying….

        by awfernald ·

        In reply to Laugh all you want

        This guy should sue the company he bought the computer from for not installing an Anti-Virus, or having it update automatically, or not teaching him to run it/update it.

        Also, he should sue his ISP for not warning him about the dangers of the internet, or telling him that a virus/spyware was possible (not like he probably didn’t get 10,000 ads/popups warning him about the risks).

        I have had many clients who were TOTALLY IGNORANT of computers, however, at no time have they even considered holding a third-party responsible for that ignorance.

        From what I read in the story, the bank was already trying to get the gentleman his money back, so what was the lawsuit for? well, as someone else pointed out, to earn some lawyer some big bucks.

        You know who wins in a class-action suit, right? The lawyers! So now they want to make this a class action? hmmm, sounds like the lawyer is pushing this issue, not the client. Seems to me like the bank is responding in the correct manner, and the idiot sticks are out.

        • #3336309

          Is this a jungle?

          by tgf.peter ·

          In reply to Actually, with what you are saying….

          Look when a bank offers online banking to reduce its fixed costs and make even more money it should include specific advice on security. If the customer ignores it then he is at fault. Why is that all the powerless punters just gang up on each other while the fat cats just smile serenly and count their taking ill gotten or otherwise. They love us small guys to just bicker amongst ourselves.

      • #3337481

        If the shoe were on the other foot…

        by mrafrohead ·

        In reply to Laugh all you want

        Per amcol:
        “You read what you read in the story. Here’s what I read…an independent businessman who’s trying to make a living and pursue the American dream was victimized by an electronic scam. While he could have done something to protect himself, those in authority (the bank) who also could have protected him, AND HAD A RESPONSIBILITY TO DO SO, failed to do so. As a result he’s suing them. Not for 60 gajillion dollars, but for the amount of money he’s out. That’s all.”

        First off, it isn’t the banks job to tell you that you should install a firewall or AV software. The bank is there to do the banking. If I had a home user call me and ask me how to support their home machine, I’d politely tell them to piss off. I work for the bank, NOT the user.

        If you are going to be a big boy and play on the internet with the big kids, act like it. Don’t point fingers.

        “Your condescending attitude toward this, and that of the other posters who appear to agree with you, doesn’t speak well for your character. If the shoe were on the other foot in an entirely different set of circumstances, I suspect you’d want all of us to be sympathetic to you.”

        In all honesty, I could give a rip about what you think of my character, though I do appreciate how polite you put that. 🙂

        If the shoe were on the other foot, screw the bank, I’d be banging down the door of my ISP for tracking information to catch the shit monkey that took my money. Oh wait, that’s not the ISP’s responsibility, it was mine, so I guess I’d just have to look at my own logs… And if I can’t figure it out from there, then tough. ;p

        Actually, if anyone is going to be called to figure out the problem, it sure as hell wouldn’t be the bank, it would be the ISP. Even then, it’s STILL not the ISP’s fault, as he was the dillhole that allowed himself to get infected. He coulda just subscribed to the one year of free AV that Micro$hit has been pushing from CA…

        But that was too difficult huh???

        I’ve had PLENTY of expensive lessons in life, this guy just got one for himself.

        • #3337453

          I thought I’ve been speaking in English

          by amcol ·

          In reply to If the shoe were on the other foot…

          Which is why I’m mystified as to why you’re not getting what I’m saying. I doubt you’re as close minded as you’re trying so hard to appear…it’s easy to put on an act in boards like this where you can hide behind an alias and not have to worry about the consequences of your actions. I have a hard time believing you’d actually spout any of this drivel if we were face to face.

          But, I’m a glutton for punishment. So here’s one last try.

          Let’s put this whole thing into simpler, non-technology terms.

          Everyone knows you should put a lock on your front door, right? You’d have to be an idiot not to know that, right? So if you live in a high crime area and you don’t lock your door, then you get robbed, well what did you expect? You didn’t take responsibility for yourself, even though it was obvious what you needed to do. You got what you deserve.

          Now let’s suppose you decide that because you live in a high crime area you’re going to store your valuable stuff at Acme Safekeeping Company. You pay them a reasonable fee for putting your stuff in their safe, and you have a reasonable expectation it’s going to be there when you go to claim it, right? The only problem is that Acme’s safe is in an even higher crime area than yours, and although it’s pretty common knowledge that Acme can’t be trusted you, for whatever reason, are unaware of this fact. Acme gets robbed, your stuff is gone.

          By your logic you’re screwed. You should have known Acme was a sucker’s bet, and therefore you have no recourse, except maybe to file an insurance claim. On the other hand…weren’t you paying Acme to provide you a service? Did they in fact provide that service? Don’t they deserve to share some of the blame? Yeah, you absolutely should have known they were bogus…everybody else did, why didn’t you? So you merit some of the blame too. But neither you nor Acme is ENTIRELY to blame…it’s a shared responsibility.


          Do you get what I’m saying now?

          The world is not black and white. Things are not nice and neat and binary like you’re making them out to be. There’s never a situation where one extreme or the other is the right answer…that lies somewhere in the middle. As it does in this case.

        • #3337311

          Just as an aside…and seriously I’m trying to be polite here..

          by tomsal ·

          In reply to I thought I’ve been speaking in English

          But are you implying you are a tough guy or something? I know that may get you worked up, but I swear I’m just trying to ask a question and not meaning it as some smart arse remark.

          The reason I ask is because you said the same thing in a post to me and now to someone else “I find it hard to believe if we were face to face you say the same thing..”

          I can’t speak for anyone else..but actually Yes I would say the same thing if we were face to face — not because I think I’m a tough guy though..its because I call it personally integrity..If we are a coward to speak what we feel truly about something…I just don’t think that says alot about us as individuals.

        • #3337299


          by amcol ·

          In reply to Just as an aside…and seriously I’m trying to be polite here..

          No implications, and I’m not trying to be tough or anything else. Just myself.

          I never write anything anywhere that I wouldn’t say to someone’s face. That’s how I make sure I’m saying what I really mean.

          Unfortunately, I find that same quality is relatively rare. I’ve had thousands of conversations over the years with people who I’ve called out on something they’ve said in an e-mail or memorandum or report or whatever, and they start backpedaling all over the place.

          Say what you mean, mean what you say. If I’m honest with you I expect you to be honest with me. Maybe I’m being naive. I’ve been called worse.

        • #3337286

          I appreciate it amcol

          by tomsal ·

          In reply to Nah

          Well I know we have had somewhat “hot” debates over this topic but I have appreciated the fact that you stick by your guns and you cut me as an honest person. And I appreciate that, I hope you understand I veiw myself in the same way — and I know I sometimes come out blunt, but it comes with the territory unfortunately when you are honest, direct and stick by your guns.

          Thanks for understanding I was just asking a question.

          ps. I still think the guy bears most of the responsibility in this one though..LOL! 🙂

        • #3337260

          Nothing wrong with a hot debate

          by amcol ·

          In reply to I appreciate it amcol

          Frankly, I’ve enjoyed the interaction with you not only because you strike me as honest but your intelligence is also obvious. Your comments add to the dialogue. The only part I was a little unhappy about was when you got a bit emotional and said something I found disrespectful.

          There’s nothing necessarily wrong with being disrespectful. I’m certainly that way to certain people myself. But I try to limit my disrespect to people that earn it…like the original poster, who for some reason seems determined to be as troll-like as possible. I have no patience for nonsense. We’re all adults and professionals on this board (presumably)…a certain decorum and expression of intelligence is a reasonable expectation. Save the juvenile, mindless claptrap for somewhere else.

          And I respect your opinion. You don’t have to agree with me, and I don’t have to agree with you. How boring the world would be if we all saw things the same way.

          Don’t apologize for being blunt. Candor and forthrightness are rare qualities.

          Here’s hoping our paths cross again sometime.

        • #3338462

          IMO – that’s HARDLY naive!

          by mrafrohead ·

          In reply to Nah

          That is an extremely fair expectation!

          I don’t see any naivety (if that’s a real word) in it what-so-ever.

          As for being called worse, I’ll bet I’ve got you topped:

          I was once called “A Creepy Hermit”…

          Man, that one was so below the belt it took a week before I felt the full effects, not to mention, it sadly enough may be true… ;p

        • #3338466

          Better watch it TomSal…

          by mrafrohead ·

          In reply to Just as an aside…and seriously I’m trying to be polite here..

          You might end up getting yourself hurt… ;p

          wocka wocka

        • #3337205

          your example is flawed… here’s why.

          by mrafrohead ·

          In reply to I thought I’ve been speaking in English

          “Now let’s suppose you decide that because you live in a high crime area you’re going to store your valuable stuff at Acme Safekeeping Company. You pay them a reasonable fee for putting your stuff in their safe, and you have a reasonable expectation it’s going to be there when you go to claim it, right?”

          This is NOT what happened here. The bank was safe! It was this clowns computer that was not. By your accounts, here’s how the example should have gone.

          The buttmonkey puts his stuff into Acme Safekeeping Company, gets his keys to the storage locker and then tapes it to the side of his car which is parked on the street with a BIG neon sign that says “MY ACME SAFEKEEPING COMPANY KEY – KEEP SAFE – FOR BOX NUMBER 420”. Where everyone and their grandmother can see it. Someone will take it eventually.

          That’s what he did, now he’s crying because he was a retard about it and lost his own money. The bank DID NOT, I repeat, DID NOT! lose it for him.

          As for me “hiding behind an alias”, dude, you’d be surprised. I’d actually have a lot more to say if we were face to face. I talk faster than I type and I only want to type so much.

        • #3337197

          Have it your way

          by amcol ·

          In reply to your example is flawed… here’s why.

          Talking with you is a complete waste of time. Your ideas are foolish, your mannerisms puerile, you have the maturity level of a two-year old, you use insulting and derogatory references, and you add nothing to the dialogue. You don’t belong on this board since all you do is clutter it up, and I’m done wasting my time with you. Others may do as they wish.

        • #3338455

          /me sheds a tear…

          by mrafrohead ·

          In reply to Have it your way

          Man, I think… I think I’m going to cry…

          You haven’t exactly been the nicest either… 😉

          And having the maturity of a two year old is by far better than that of a one year old, so I guess I’m better off than I thought.

          You seem to forget, that this would the a thread that I started, I didnt’ start it to be nice. Consider that.

          This waste of skin that is sue happy needs to be thumped hard, he along with Ms. McDonalds (the old chic that won all of that money) are causing more problems in this country. They should be deported to the sun. Those sue happy people are the reason our health care costs so much, as well as other trivial things.

          There is no excuse what so ever for this lamer to sue his bank when he was at fault for what he did to himself. He should be ashamed of himself. If I was him I would not be able to walk with my head up any longer, I would be completely ashamed of myself…

          And apparently I added something (maybe not too much, but something) to the dialogue as you did intially respond didn’t ya…

          This thread is more of a venting thread. I’m disgusted with the status quo in this country with sue happy people and ignorant people that won’t take responsibility for their computers. Oh, I got a virus, silly me. Oops, I just lost my bank information, darn. It’s their OWN fault, I’m sick of these piss poor excuses to defer fault from each person that gets themselves into trouble!!!

        • #3335934

          Costa Rica for you?

          by dr dij ·

          In reply to /me sheds a tear…

          Costa Rica has no liability laws I hear.

        • #3338306

          Oh no

          by oz_media ·

          In reply to Have it your way

          Now I have competition?! 🙁

        • #3338422

          Not quite

          by bhunsinger ·

          In reply to your example is flawed… here’s why.

          Rather, he carries the key in his pocket, with a tag on it that says “ACME SAFEKEEPING COMPANY KEY – KEEP SAFE – FOR BOX NUMBER 420”. He goes to the gym and hangs his closes in the locker, using the lock that comes with the locker. While he is swimming, devious bathouse attendant, uses duplicate key to mak a wax impression of the acme key, and uses that impression to make a key, etc.
          It is just not as clear to everyone as you make it out to be.
          As for the law suit, it gives the guy some leverage on the bank to get them to free up the money that is sitting in an account in Latvia. BoA does have an internal credit card last I looked, and should be suspicious of sudden activity like that.
          Did you see that he is trying to save his business.? that the bank inLatvia is holding $70,000 of his money- what seems to be his working capital? Is he as much of an idiot as you say? Last month the cops barely stopped a multi person ring out of russia targeting accounts. A little compassion might well be in order.

        • #3338303

          In that respect

          by oz_media ·

          In reply to Not quite

          He has already taken out another mortgage and decided not to use online banking again.

          His lawsuit is unjust, if it ever sees a courtoom.

          BOA has already stated that it is NOT their responsibility because they were not themselves breached and it is up to him to take a suit out upon the bank in Latvia.

          As for the raising a red flag on a sudden transfer.

          He apprently does this with larger sums of money on a regular basis himself, what red flag should be raised that may impede the flow of business when it is business as usual?

          If I had read about the poor guy losing everything I would have been sympathetic and it may have even became a lesson on personal security for other people.

          When he tries to start outlandish lawsuits that no bank or judge is going to take seriously, one loses all respect. And judging from the case he’s opened, he is TRYING to sue for FAR more than he’s lost. Seen this crap too many times first hand to take such tripe seriously.

        • #3336697

          Reply To: This guy should be stoned… (with rocks)

          by mrafrohead ·

          In reply to In that respect

          THANK YOU!

        • #3336699

          I have no compassion for this man, at all

          by mrafrohead ·

          In reply to Not quite

          He chose to not get a/v software in his own business. That was a very stupid mistake that cost him a lot of money.

          He earned that theft. He allowed it to happen.

          He basically stamped I have 90 grand in my pocket and took a leisurely stroll through a neighborhood of theives.

          The bank has nothing to do with what this man did to himself and he should be ashamed of himself for suing the bank.

          If he had just asked the bank for help, that would be one thing and I would shut my freakin mouth, but the lawsuit is what has me all fired up. There is NO justification for him to sue someone else for a problem that he brought onto himself.

          He could have taken that 90K and spent 50 bucks or hell even used the free MS A/V that was offered to him and he wouldn’t be in this boat.

          It’s his own fault.

        • #3336580

          The long term

          by oz_media ·

          In reply to I have no compassion for this man, at all

          The bank will be receiving VERY expensive legal representation.

          Who pays for the banks legal representation? WE do, that’s who. The same people that take it upon ourselves to ensure security will be paying for our banks to defend themselves againt idiots who can’t protect their own business and feel that it is th banks fault.

          Did you enjoy adding up your sevrice charges for last year?

          Did you smile happily when you heard the mortgage rate was goin gup?

          Did you blame the bank when th einterest rate rose?

          These are just a few of the ways WE pay for other people’s negligence.

        • #3336545

          Reply To: This guy should be stoned… (with rocks)

          by mrafrohead ·

          In reply to I have no compassion for this man, at all

          That’s why I use a credit union. No fee’s… ;p

          But what oz said, the customers will pay for it.

          And the jerkoff that is suing, if he keeps his business with BoA (and in my opinion, if I was BoA I would terminate business with HIM) he will also help pay back what he stole from the bank.

          He really should have gone after the bank in Latvia to get his money back, and tried to track down the person who stole it.

        • #3338307


          by oz_media ·

          In reply to your example is flawed… here’s why.

          I shoulda read that before typing out my nearly identical reply. 😉

        • #3336696

          Great minds think alike… ;p

          by mrafrohead ·

          In reply to Okay

          But then again, I don’t know who should be more scared, me or you… ;p wocka wocka

          Spooky how similar we tend to be considering out introduction… ;p

          You kick ass oz!

        • #3336577

          Water under the bridge

          by oz_media ·

          In reply to Great minds think alike… ;p

          Whatever, mrafrohead, our past is just that, PAST.

          I think that’s probbaly why we had such a go of it at one time though, perhaps we think alike and that doesn’t usually go down to well.

          Thanks for the kind words though, and DITTO!

          I was pretty happy to see you return after a short hiatus, I always appreciated your humor and cutting edge views.

        • #3336128

          Any reason

          by frodo3 ·

          In reply to your example is flawed… here’s why.

          you used box ‘420’???????

        • #3335950


          by mrafrohead ·

          In reply to Any reason

          for the same reason I have it tattooed on me…

        • #3338308

          What an awful analogy

          by oz_media ·

          In reply to I thought I’ve been speaking in English

          That was just miserable, sorry but it stunk.

          First of all, BOA is not Acme’s safe in a high crime area. Acme’s safe wasn’t broken into.

          So lets try and keep this in YOUR simplified terms then, Acme stores your safe. YOU have a key and it is YOUR responsibility to hold onto that key. When you go to ACME to visit your safe, they check your identity and ask you a secret password.

          You then tell someone your password, and go to the bathroom while they steal your key and identity.

          The guy uses YOUR identity, YOUR password and YOUR key to walk into your safe and take YOUR money.

          Who’s fault is it now?

          Has Acme failed to provide the security they had propsed, based on a good lock, good strong safe and a security check on entry?

        • #3338311


          by oz_media ·

          In reply to If the shoe were on the other foot…

          NO they don’t.

          The bank has a responsibility to provide security that your funds will not be disturbed in transfer or rerouted, your information will remain classified and other general issues regarding the security of your funds and personal information within their system.

          This they did, and they have NOT been breached. They haven’t allowed your personal information to be broken into, nobody had accessed their system without authorization. Their system had ot failed.

          The bank notified the customer of the risk.
          The customer, obviously understanding the amount of cybercrime in that region, had ignored the warning.

          The bank isn’t at risk here, the CUSTOMER is and he has been told so in a manner that supercedes the banks responsibility.

          The customer was breached, HIS computer failed. What is he gonna do? Sue Microsoft for not warning him it may be breached? Sue the ISP for providing a link to his insecure PC?

          He’s wrong. It’s HIS responsibility to secure his OWN equipment, the bank is just contracted to protect their own breaches not yours.

      • #3337367

        I agree – the bank is responsible

        by stress junkie ·

        In reply to Laugh all you want

        I agree that you can’t expect every pc user to have the expertise of a system administrator. It is the bank’s responsibility to know the risks of online banking and to take steps to ensure that their customers’ money is safe. I basically condemn the entire practice of online banking. If a bank is going to make their services available over the Internet then it is up to the bank to take the responsibility for security. The bank management should know that online banking is easily hijacked. It is their job to know that.

        Blaming ignorant end users for the consequences of trusing their bank is wrong. It is reasonable for bank customers to believe that their bank management has a better understanding of the technical issues associated with online banking than the average bank customer. It should be reasonable for the average bank customer to believe that their bank wouldn’t put the customers’ assets at risk.

        When you expect the average pc user to remain up to date about computer technical issues you are in effect saying that everyone using a pc should maintain a level of expertise equivalent of a professional system administrator. Yet we know from experience that keeping up to date about computer issues is a full time job. When you put the burden of expertise on the end user you are in effect saying that they should spend hours a week studying a field of knowledge that is not their principal vocation. Hell! Most system administrators don’t even keep completely up to date on security issues. It is reasonable for the typical end user to defer to the ‘experts’ when it comes to computer security. In this case that should be the bank management.

        In the U.S. many people hire a professional to fill out their tax forms each year. Why? Because keeping up to date about all of the tax code changes is a full time job. Would you blame a taxpayer for not knowing about some niche tax regulation? You shouldn’t. The tax code is too complicated for people to be experts in that and in their own job expertise. That’s why people hire experts to inform them about tax code regulations that affect them.

        Would you blame someone who uses a dietary supplement and has a bad reaction even though their was no mention of the risk on the label? You shouldn’t. The average person cannot be expected to be an expert in pharmacology. We all have to defer to the people that work in that field to be experts and to guide us. We expect that risky substances will not be available or will have the risks listed.

        The same is true of computer usage. The average person should not be expected to be an expert in computer security. Sure we hear about computer issues all of the time because we read sources like TR. How many times do you hear about computer security on the evening news? Not often. The average person cannot be expected to know what they don’t know.

        As long as computer security is a problem for the average person then it is irresponsible for the ‘experts’ such as bank managers to abuse the trust of their customers by taking risks that the bank customers may not even know about. On line banking is a blatantly irresponsible practice. The responsibility of mitigating that risk is in the hands of the people entrusted with the safety of the customers’ assets; the bank management.

        • #3337356

          At last…a beacon of light in the darkness

          by amcol ·

          In reply to I agree – the bank is responsible

          One of the most excellent postings I’ve ever seen ANYWHERE on this board, and I’m not just saying that because you and I share the same point of view.

          I’m saying that because you’ve written a well thought out, well articulated, highly intelligent treatment of a serious subject. There’s a minimum of emotion and editorializing, and your examples and comparisons are directly on point. What you’ve written adds value to the discussion, and (equally importantly) treats the reader with respect. And, as an added bonus, you display near perfect spelling, grammar, and sentence and paragraph construction (not that I wish to sound like an English teacher).

          Thank you for making a valuable contribution. You’ve set the bar higher for all of us. It’s a shame other posters use these spaces somewhat less nobly.

        • #3337307

          I disagree but that’s makes life interesting.

          by tomsal ·

          In reply to I agree – the bank is responsible

          I disagree. The problem with the arguments on this matter is some of us think there is a line of responsiblility (look at it as a the Demarc point where your phone company is concerned) to a certain point the bank is responsible. That has to do with sound privacy practices of their customer’s information, encrypting all traffic that has to do with their online banking services, keeping their servers patched and secured and informing the consumer of risks as well as all the things the bank does to keep data safe.

          Then there is the customer side which is THEIR computer, THEIR internet connection — anyone, even if the entire world was against me and I alone had this point I’d still feel the same…anyone who believes the customer has no responsibility for securing their end of the connection is way off base in my opinion and is just dead wrong.

          What folks on here, in my opinion, who say its the banks fault is preaching is what’s wrong with this country to begin with…more and more, day by day its a blame someone ELSE mentality, we have sue happy people suing for stupid things (then when you have a REAL reason to sue, the court system fails…talk about irony) and everyone is allowed to sit back and be lazy and they just claim stupidity or igorance and that’s supposed to make everything ok. Sorry I continue to say this guy screwed up way more than the bank did.

        • #3337296

          We’re in violent agreement

          by amcol ·

          In reply to I disagree but that’s makes life interesting.

          From your post:

          “there is a line of responsiblility”

          “to a certain point the bank is responsible”

          “anyone who believes the customer has no responsibility for securing their end of the connection is way off base in my opinion and is just dead wrong”

          “I continue to say this guy screwed up way more than the bank did”

          Precisely. The guy is wrong. And the bank is wrong. Both of them.

          I’m not assessing relatively degree of wrongness…the bank is more wrong than the guy, or the guy is more wrong than the bank. My objection has been to the posters who view this as a simple binary event. It’s not, nothing ever is.

        • #3337228
          Avatar photo

          Actually Tom

          by hal 9000 ·

          In reply to I disagree but that’s makes life interesting.

          What I do find interesting here is the way that people seem to want to blame the bank for allowing this to happen. Actually they are attempting to protect their own industry rather than the person in question.

          If the same thing had of happened because he left a blank singed check laying about do you think there would be a different response?

          Just because he didn’t know in my books is no defense as it was his job to know not pass the buck to someone else. Sure the bank is at fault but mainly because they allowed him to have access to on-line banking.

          Over this side of the pond things are quite different and every customer is given a booklet explaining the potential risks associated with on-line banking as well as being informed when they set it up or at least they should be if they can be bothered to listen when they make the application.

          I’ll agree that nothing is ever 100% safe but you should at the very least make it as hard as possible for things like this to happen, not leave an open door for someone to walking and take what they want.


        • #3338191

          Col, I agree with you

          by tomsal ·

          In reply to Actually Tom

          I’m a little confused since your response is exactly my point all along but it seems like you are trying to convince me of your point. In other words — well said! That’s my point too!

          My base argument is some folks on this thread — the ones screaming foul at the bank, are saying (to me anyways) — its ok if you are ignorant, ignorance is a perfect excuse and that shall hold you harmless.

        • #3336671

          Ignorance is bliss…

          by mrafrohead ·

          In reply to Col, I agree with you

          One of my absolute most favorite sayings ever:

          Thank you Matrix!!!!

          I know this steak isn’t real. I know it’s just in my mind, but I just can’t get over how good and juicy it is. Man, Ignorance is Bliss…

        • #3336673

          Very true Col…

          by mrafrohead ·

          In reply to Actually Tom

          That is one thing I think we could do different in the US.. A little more stringent authentication requirements for online banking.

          But why would we do that, it’s not as convenient and costs a little more money.. I mean, it’s not like we really have anything to lose do we??? Well, except for 90,000 dollars… Oh, so I guess we do have something to lose, so maybe it would be worth it.

          And in all honesty, you would have to live in a hole to not know that there are risks of doing financial transactions online.

          But as long as it’s easy, most people don’t care, nor will they take the time to protect themselves. Look at Windoze for peats sake. Or better yet, Microsoft BOB…

          I happen to live in a country full of fat lazy people that like to pass the buck. Granted I’m fat and lazy, but I accept my own faults, and I don’t point fingers at others when I should be pointing them at myself. Which kinda sucks as it makes things more difficult on me at times, BUT it sreally is the right thing to do… On a side note, you know how hard that is to teach to your kids??? Bleh, that’s another topic for another thread…

          The problem is, if the bank didn’t give him access to online banking, this jerkoff would probably sue for discrimination for some reason…


        • #3336656
          Avatar photo

          Mrafrohead Sorry Buy that last comment has me rolling around on the floor

          by hal 9000 ·

          In reply to Very true Col…

          Laughing. You’re probably right he would sue for discrimination if he wasn’t allowed this option.

          Over here I’ve seen cases where people have sold off old computers and then cried foul when they loose not only their bank account savings but their houses as well. The really idiot thing is that they know just how vulnerable On line Banking is and they take steps to prevent it from happening but them take their brains out of their heads put them in a nice glass jar on a shelf and sell off an old computer with all of its data intact.

          They honestly can not understand that the data is on the HDD and when they sell their old computer it is still there even though they transfer the data across to the new one. Some how magically it gets removed from the old one and moved to the new one. At least it hasn’t happened to one of my customers and I doubt it ever will as I always make sure that once a HDD enters a business it stays with that business until it is destroyed warranty just isn’t a word in my Vocabulary when it comes to data protection.

          Actually you will not find a person who is lazier them I am buy I have the idea if you do it properly the first time you don’t see it again!

          It’s not because I’m a perfectionist but I just don’t want to see the bloody thing again once I’ve fixed it once I shouldn’t need to fix it again because I’m not doing my job right and worse still the second time it is costing me money not the owner.

          Anyway all my staff work the same way maybe I’ve warped their brains by now as they all have come around to my way of thinking except of course the office manager who thinks she owns the business and I’m a necessary evil that she has to put up with. When I went out to jobs where they had been ripped off by so called professionals I fixed the messes at a reasonable rate just to gain the customers confidence and at least make them think that everyone in IT isn’t out to rip them off as much as possible well the OM used to go nuts over this and complain that I was stealing from the company although how I can steal what I own is quite beyond me but she had all the others scared of her now I’m hearing when something similar crops up and I can’t attend for at least the initial fix “Talk to Col!” being said to the OM who never mentions a single word to me.

          Finally they are breaking her into my way of working she may not be overly happy but she isn’t game to make a complaint to me as the last time that she did I went off the deep end saying he charged way too much I’ll talk to him and you’ll have to organize a refund. 😀

          Well what can I say she used to get to me so a little scare didn’t hurt.

          Col ]:)

        • #3336579


          by oz_media ·

          In reply to Mrafrohead Sorry Buy that last comment has me rolling around on the floor

          Perhaps not atering to the mentally incapable. I would have said mentally retarded, but I know and have worked with some severly retarded people (not just my opinoin but actual brain deficiencies) and I don’t think any one of them would not have an up to date Av system.

          So I feel this may be considered discrimination of he idiot. Where do I sign on?

        • #3338080
          Avatar photo

          OZ his discrimination claim would be

          by hal 9000 ·

          In reply to Mrafrohead Sorry Buy that last comment has me rolling around on the floor

          The bank refused him this service not because he is a retard but a BLOODY IDIOT!

          I think the courts would accept that as discrimination.

          Col ]:)

        • #3338445

          VERY nice response!

          by mrafrohead ·

          In reply to I agree – the bank is responsible

          Very well put, but I have a few things to question…


          “The bank management should know that online banking is easily hijacked.”

          That actually would be the banks IS department. The bank managers are usually techno dolts… Scary thought I know, but man oh man, it’s sadly true.

          “Blaming ignorant end users for the consequences of trusing their bank is wrong. It is reasonable for bank customers to believe that their bank management has a better understanding of the technical issues associated with online banking than the average bank customer. It should be reasonable for the average bank customer to believe that their bank wouldn’t put the customers’ assets at risk.”

          I agree, but in this case, the bank didn’t do it. The man infected his own computer and then from that he lost his information. The bank itself had no part what-so-ever in this scenario. At all. Now if the bank had been hacked and money was removed, that is completely different and at that point, I believe the bank would owe the funds + all fee’s that may have incurred. I may even not complain if the users sued at that point, because then it would be actual negligence on behalf of the bank itself. But this man did it to himself, it wasn’t the bank.

          “In the U.S. many people hire a professional to fill out their tax forms each year. Why? Because keeping up to date about all of the tax code changes is a full time job. Would you blame a taxpayer for not knowing about some niche tax regulation? You shouldn’t. The tax code is too complicated for people to be experts in that and in their own job expertise. That’s why people hire experts to inform them about tax code regulations that affect them.”

          I’ve done my own taxes for the last 10 years. I’ve been doing them just fine and it only takes about an hour for me to do them. If I can do it so can anyone else. Again, I’m not the brightest bulb in the box. Though I do understand your point.

          “Would you blame someone who uses a dietary supplement and has a bad reaction even though their was no mention of the risk on the label?”

          No, but I would say that they should have consulted their DR before starting any type of medication, herbal suppliment or ‘roids… ;p

          Seriously, it’s common knowledge and usually printed on labels of any kind of drug (beit herbs or chemicals) that you should consult your doctor first. That’s very important, and here’s an example why:

          I read an article about a guy that was taking I think it was Ginkoba, and he decided to take an erectile disfunction drug. He ended up with a woody that lasted him DAYS!!! DAYS!!!!! He had to have surgery to get it to go down. He can no longer get it up and also, lives in pain. Not to mention, I’ll bet his ego is scarred. The point is the Ginkoba and a key ingredient in the dysfunction drug reacted innapropriately. Had he asked his doctor, it may have been prevented (this is something that he said himself in the article). I feel truly bad for this man, but at the same time, it could have been prevented. And that was the point of the article to open peoples eyes to simple things like that…

          “We expect that risky substances will not be available or will have the risks listed.”

          Echinacea is acutally a toxin to the body and if taken in excess and regularly, can kill you. Yet I know people that will pop it like candy just because they think they are being healthy. It’s sold over the counter.

          “The average person should not be expected to be an expert in computer security.”

          There’s no need to be an expert at all. Computers are so dummied down now that it’s silly to think that a user could get infected. Computers auto-update the OS, auto-update and configure the firewalls and A/V. There is truly no excuse.

          “How many times do you hear about computer security on the evening news?”

          About once a week, occassionally a little more. But I usually see something on the news once a week.

          The banking customers if they are going to risk banking online should understand the risks that they are taking. NOTHING in a digital world is secure, NOTHING!

          BUT there are steps (common sense steps) that can be taken to help prevent the risk, just like wearing a condom. Make sure when you connect to a site that before you enter your user/pass the connection is encrypted. Make sure your computer is CLEAN! Just those two simple little steps can make all of the difference. Otherwise, you may as well scream out of your window your SSN/Name/DOB/Address every single time you logon to your bank…

          BTW – LOVE your nick!!! ;o)

        • #3338354


          by awfernald ·

          In reply to I agree – the bank is responsible

          1. Nobody twisted this guys arm to use online banking.
          2. 100% guarantee that this gentleman had “signed off” on the banks on-line policies (whether he read them or not)
          3. As far as requiring an “average” computer user to be an “equivalent to a professional system administrator” or an “expert in computer security”, I disagree. Antivirus, spyware, etc… does NOT require a high level of computer knowledge. What it DOES require is asking someone who is trusted and PAID (maybe) to set up your computer. If you do it on your own, you take your own risks.

          As far as comparisons go…. You walk out onto the streets of NYC with a ton of gold chains around your neck, diamond rings on your fingers, etc… Then you get mugged. Was it the polices fault? The doorman at your hotel’s fault? Seems to me that you did not take the appropriate precautions, and you paid the price for it.

          In this case, unless you have been in a cave (in which case you DON’T have a computer), you must have heard about computer virii, identity fraud, computer fraud, internet security problems, etc….

          If you are working on a computer, doing your banking online, etc… and you choose to ignore all of this, or are too cheap to pay for some expert advice (hmmm, probably 1 hour of time at $25-50/hour), then what can we say? The bank is supposed to spend millions of dollars in security precautions so that you don’t have to spend $50?

          Granted that there are multiple places where this type of theft could have been prevented. But, in the end, it is the persons whose money was stolen who is responsible, because it was he who made the decisions, and neglected to take appropriate precautions to protect himself.

          The bank could have stopped it, at a major cost and a major inconvenience to hundreds of thousands of clients.

          The computer manufacturer could have stopped it by providing the appropriate software & updates. At significant expense to them in money and competitive margin.

          The computer vendor could have stopped it by adding in the appropriate software & updates and teaching the user how to use them. At an expense to them in moeny and competitive margin.

          The ISP could have stopped it by providing more information (or maybe it was there and the user didn’t read it), providing anti-virus/firewall/anti-malware software (as Cox Communications is now doing for their broadband customers).

          Or the user could have done it by taking responsibility for himself, and by asking questions, and taking some basic precautions.

        • #3336670

          Holy COW!

          by mrafrohead ·

          In reply to Choice

          awfernald – I swear I feel like i just read a response I would have typed.

          Very nice 🙂

          IMHO – you hit the proverbial nail right on the head!

        • #3338302

          Of course it isn’t

          by oz_media ·

          In reply to I agree – the bank is responsible

          The bank doesn’t state ANYWHERE in ANY contracts you sign that it will accept responsibility for your own lack of security.

          If someone steals you bank card after you tell them your pin number, is the bank responsible then? No it is common knowledge that you don’t share your pin number, yet this was also NEW technology not that long ago.

          The bank protects THEIR systems from being breached. Their system WASN’T breached. Therefore they have NOT breached their contract.

        • #3336303

          Don’t Blame the Victim

          by jevans2 ·

          In reply to I agree – the bank is responsible

          I have read most of the posts on this topic and agree with this author that the bank is responsible mostly for the reasons given.

          I find those who blame the victim are those “lucky” enough to never have had their system compromised and therefore “feel” secure and feel even more secure by blaming the victim for his injury much like a rape victim is responsible because they dressed suggestively or were someplace ” unsafe. Therefore the crime happened to them and could not happen to me because I don’t do these foolish things. It makes you feel safe but is NOT really the case.

          The following is somewhat offpoint, but illustrates my point.

          I run a business with a small network on cable modem. I have Norton Corporate AV which is updated regularly and systems scanned daily. I also have adblockers, antispyware, plus recently installed Microsofts beta antispyware. I had never been compromised in the past 3 years online 24/7.

          Yet in past month, some autodialer software got on the one system used to surf the internet. Only Microsofts beta antispyware software has found the malware and apparantly cleans the system, yet it is back within a few hours ready for re-removal. This isn’t serious as there is no phone connection to dial out, but apparantly only way to permanently remove it is to take the system down, reformat hard drive and reinstall. Naturally this is the oldest system on our network and has lots of stuff that would make this a hastle.

          Now within the past week a trojan has infested this same machine that Norton Corporate AV finds. Norton tries to remove and or quarantine this trojan repeatedly, without success.

          My point is: Just because you haven’t been hit doesn’t mean anyone who has is an idiot and/or careless and that it is THEIR OWN FAULT!

          I don’t consider myself an “expert”, yet I believe I have taken more precautions than the majority of those who use the internet for “secure” transactions and believe they are safe and “protected” from fraud.

          PS I have also had an instance of Credit card fraud attack against my company and had the FBI investigating it this past October. Only because our IT is all done in-house were we able to provide information of use to the FBI and we blocked access to our site from the service provider and region from which the majority of the bank fraud was being commited were we able to curtail our losses. Unfortunately we also blocked legit sales from the same region until additional measure were instituted to prevent this in the future. This is what was happening. Since we process credit card transactions in real time 24/7, criminals were making small orders to test validity of credit card numbers. If the order was approved, they knew the card was “good” and and did whatever elsewhere to defraud others after finding the card “GOOD”. Meanwhile we sent the order and ate the loss thru charge backs. this averaged $50/order. FBI told us this is a hugh problem. WE stopped this by installing a step before processing credit card where the user has to type in the characters they “see” in a box. This stops the automated software from using our site to check out valid credit card numbers. According to the FBI, Thieves set up apartments full of computers automatically submitting credit card orders to sites that process in real time. Another problem was that apparantly, the credit card companies were only checking for a valid number sequence near the holidays (Any idiot can get software that will generate valid number sequences (we use it ourself. We check to determine the number sequence is valid before attempting to process the credit card. Remember you pay for every number processed – valid or not. If we didn’t do this we would pay substantial $$ to process every kids random fooling around on our site and submitting bogus credit card information) so not only did we get stung for real cards that were compromised we also got stung for unissued cards (valid number sequence but not issued) Then a month later we are charged back for charges that the credit card company approved(at a processing fee to us plus percentage of total sale) and we fulfilled in good faith. This is the way it is whether you like it or not. You are led to believe the fee for the credit card transaction is to insure that the transaction is valid and that you, the business owner, will be paid. Ha, Ha,Ha if you believe that. Those with the most clout win. The business owner is out for the loss and ultimately you the consumer because the business owner either find a way to pass the cost on or goes out of business.

          The WEB is like the Wild Wild West. It is mostly lawless. There are many new ways to defraud invented daily and laws/law enforcement has not been able to keep up with it.

          I hope you never have such problems but if you think these problems are my own fault and that I should have seen them coming and prevented them, I think you are incapable of clear thought.

        • #3336162
          Avatar photo

          But that is the entire point

          by hal 9000 ·

          In reply to Don’t Blame the Victim

          He would have a far better case if he had even the most basic AV product in place. He had nothing at all and should have known better as he runs an IT related business.

          At the very least his customers could have told him how to secure his system. He chose not to and then cries foul when he gets hit.

          Well if he had taken even the most basic steps and there is plenty of Free AV products out there that are more than capable of part way protecting the system most likely this would not have happened.

          Now I know enough to know that there is no such thing as a totally secure system unless of course it has no way of getting power and no input devices then the data on it will be secure provided it is in a place that you can not physically get to it and walk away with the thing. Of course it would be nothing more than an expensive paper weight but it would be secure and totally useless. We all make compromises when it comes to security but to not have any security at all is just plain stupid and I’m betting even a 6 year old would be able to tell you that you need some form of AV product in place if you are connected in any way to an outside source.

          Col ]:)

        • #3348707

          Rest of the point

          by hal1976 ·

          In reply to But that is the entire point

          Don’t now if anyone bothered to check; the Coreflood is more than a month old, detected by AV and deleted. A basis AV setup and update subscription would have sufficed.

          As a business owner doing the kind of business he was doing as evidenced by his bank balance, he could have purchased a setup from any average reseller and gotten an AV already installed.

        • #3348444

          Riddle me this…

          by red_wolf9 ·

          In reply to Don’t Blame the Victim

          Would you ever think of doing even a 10k wire (much less the 90K)transfer from that PC? The article does not say how frequent and how large his ?normal? wire transfers, this could have been SOP for his account.

          As others have pointed out (and I think it should be repeated) the business man’s account had a history of large wire transfers. What if HE told the bank to set a 100k limit or asked BoA to run the account uncapped, companies that make last minute rush purchases would not survive having to authorize every transaction. Again, no word on whether or not he asked for account fraud protection/notification triggers.

          Now for my Spyware rant…. it is a well know flaw in all “cleaner” programs that if the process is running it can not be deleted/cleaned (thank you Windows architecture). Might I suggest downloading AutoRuns and Process Explorer from and use them to hunt down the running malware. Kill the processes, and remove their calls from startup locations? and just for fun then run whatever spyware app you like. For really nasty bug you might have to boot into Safe Mode : Command Prompt Only or the recovery console (NO a command prompt windows is not the same, it runs within the GUI context) and make use of the old DOS commands ATTRIB and DELETE, very few malware can withstand that process.

        • #3349315

          If spyware comes back you need to do more

          by dr dij ·

          In reply to Don’t Blame the Victim

          If it comes back immediately you need to improve your security. It doesn’t sound like you have a cable rounter hooked to the cable modem. This blocks scanning of your PC. Also I’d disable activex, will block most websites try to install spyware. There is a software that will block registry changes / ask you. I don’t use it but sounds goods. YOu can’t depend totaly on the graphical ‘read this’. Crooks sometimes have a deal with porn site where automatic program captures image from your site, asks someone browsing porn to read it to computer for free access to porn site for short period.

        • #3335942

          Of course, it’s the media’s fault!

          by timm ·

          In reply to I agree – the bank is responsible

          It must be the media’s fault for not reporting often enough about computer security issues then.
          I sure hope this becomes a class action!

        • #3348567
          Avatar photo

          God I remember when Slammer hit

          by hal 9000 ·

          In reply to Of course, it’s the media’s fault!

          It was all over the news and I got no end of grief for allowing our systems to become infected from the Head of the Data Processing section.

          Of course it didn’t matter a DAM that we had not been infected but it was on the news so we must have been taken down. 😀

          Col ]:)

        • #3348459

          Cavet Empor

          by red_wolf9 ·

          In reply to I agree – the bank is responsible

          “It is reasonable for the typical end user to defer to the ‘experts’ when it comes to computer security. In this case that should be the bank management.”

          This is where your argument falls apart. The bank looks out for the banks interests, from their stand point online banking (read THEIR internal network) is secure. BoA’s Service Agreement with the customer says NOTHING about the customers PC.

          Here look:

          I had a glimmer of hope that you understood this when I read your very next sentence.

          “In the U.S. many people hire a professional to fill out their tax forms each year. Why?”

          I thought you had seen the light, you even close saying “That’s why people hire experts to inform them about tax code regulations that affect them.”

          Now answer two questions for me :
          1) When you enter into a contract do you bring your own lawyer or do you think the “other guys” lawyer is looking out for your interest too?

          2) Would we be having this discussion if your business man had hired a PC expert (even for a one time consultation)? If you say NO, then who failed to hire the businessman’s PC expert?

          Was it BoA or was it the business man? That is where the liability lies, in my view firmly with the business man. I have a good analogy but it is far to long to include in this reply.

      • #3337328

        Bank has some responsibility to the customer

        by erich1010 ·

        In reply to Laugh all you want

        I agree. The bank should have warned the customer about potential dangers. Perhaps they did. In any case, the bank should know the dangers, itself, and provide some insurance against such fraud.

        When you go into a restaurant and pay for a meal with a check or credit card, you are giving someone who probably makes minimum wages enough information to potentially clean out your bank account. That’s why such transactions are usually insured in some way. The bank usually guarantees a limited liability for using such a service.

        On the other hand, any business owner should have his own insurance against fraud. It is possible for him to get sued for breach of contract to his customers if he can’t afford operating expenses. These things could wipe somebody out.

        The person most at fault here is the hacker who stole the money. Unfortunately, there’s little anybody can do to wring the cash out of him, if they can even find him.

      • #3337313

        I agree up to a point

        by moira ·

        In reply to Laugh all you want

        I have to say I agree with amcol – nothing annoys me more than the arrogance of a lot of people who are knowledgeable about IT and rate everyone who isn’t, as generally more stupid and lacking in intelligence than they are.

        And if we go down the road of the original poster, are hospitals going to refuse to treat road accident victims because they “were too stupid to anticipate the lorry pulling out ahead of them” or “too inexperienced to know that the car coming towards them was going to fast to be turning left”?

        IMO banks make enough money to absorb this kind of fraud (try overstepping your overdraft limit), and are also insured against precisely this kind of thing – costs they pass on to the client in any case.

        Had the guy known his CC details were stolen and *not* informed the bank, that would be different, but we seem to be forgetting that the real blame belongs to the people who carried out the fraud in the first place. It’s verging towards the theory that people ask to be mugged by carrying money around and the person who mugged them is innocent in comparison.

        • #3337292

          Another good point

          by amcol ·

          In reply to I agree up to a point

          I hadn’t used the word “arrogance” up until now but you’re exactly correct…that’s just what it is. If I know something, then you should know it too, and if you don’t you’re an idiot who can’t ambulate and respire at the same time.

          It’s the same attitude that leads people to believe, or express the opinion, that there’s only one true way to see things. And it’s always theirs, of course.

        • #3337219
          Avatar photo

          Just out of curiosity

          by hal 9000 ·

          In reply to Another good point

          If this guy had left a blank singed check laying about would you still be saying the same thing?

          After all he is supposed to run a business and while I do accept that the bank bears some responsibility so does the user who choses to use this service. He/She should know enough to at the very least have the basics covered or they do not belong in that position in the first place.

          Now if it was one big transaction that was carried out to a previously unused source it should have been at the very least postponed until it was certified that it was a real transaction by the person involved but if it consisted of several smaller transactions over a period of time then that is a different story. Until we get to hear the full story of what exactly happened we’ll never know for sure and more to the point I’m betting that none of those involved want the full story to get out because it would just make it that much easier for like minded people to do the same thing to someone else.


        • #3337190

          Not the same thing at all

          by amcol ·

          In reply to Just out of curiosity

          If he’d left a blank check laying around without a care in the world, he’d get exactly what he deserved and have no one but himself to blame. The question is where you draw the line.

          EVERYONE knows to keep their blank checks secure. NOT EVERYONE knows how to cyber-protect themselves.

          You said it yourself…”He/She should know enough to at the very least have the basics covered”. Precisely. But what are the basics?

          Installing perimeter controls and keeping them updated is hardly what any reasonable person would classify under “the basics”.

          Do you smoke? There’s mountains and mountains of evidence that smoking gives you lung cancer. Why aren’t you protecting yourself? Will you expect sympathy from all of us when you’re on your deathbed?

          Do you go out in the sun? There’s more mountains of evidence that too much exposure leads to skin cancer. Why aren’t you protecting yourself? Will you expect sympathy from all of us when you’re on your deathbed?

          Do you drink? Over consumption of alcohol leads to cirrhosis of the liver. Why aren’t you protecting yourself? Will you expect sympathy from all of us when you’re on your deathbed?

          Where do YOU draw the line?

        • #3338362
          Avatar photo

          Well I draw the line at a state of reasonableness

          by hal 9000 ·

          In reply to Not the same thing at all

          Now what hasn’t been reported is if the money went in one hit or dribs and drabs. But no matter what he should have hired someone to at the very least tell what was required to secure his computer. You can bet he has an accountant, a Legal Representative and insurance to cover any injuries that may occur in the work place so why didn’t he have someone to at the very least consult on computer security.

          What is not known by us at least here is just what else has been copied as well. This is one thing that most people do not realize that DATA has a VALUE if only to the company involved but so very little is actually done by business to protect this data and its value to them.

          I’ve seen numerous examples of what borders on Criminal Stupidity by companies and only yesterday I saw another example where the company has Win 95 unpatched in any form no AV product internal Modems constantly connected to a phone line while the computers are switched on and absolutely no thought put into any form of security. They have a Dead Locks on the Door and Intrusion Alarms in the building but absolutely no computer protection at all. It’s not as if they haven’t been warned they just do not think there is any real risk and when something eventually happens they will be the ones kicking and screaming about just how unfair things are, but if you where to suggest that they treat their products like their computers you would get a stupid look and be asked if you are insane or something.

          Now what would happen if a business man in the same position took his LT and went on the road, while he stops for smokes a drink and fuel his LT gets stolen and they access the bank account details directly from his unprotected LT because he doesn’t even have the bare minimum of a password lockout. Yes I know it will not stop the professional but most of these crimes are not committed by real professionals but by those who get lucky and stumble across something that they shouldn’t have.

          Now should the bank dish out a large amount of funds to an unknown entity in one hit “HELL NO” they should have checked that the transaction was legit first before transferring the money. But if it was sent out in what started as small amount and then got larger that would appear as a normal business transaction with a new supplier.

          While I’ve worked for banks I’m no great lover of them and I actually dislike them intensely but I just can not see how the bank has done everything wrong in this case. There is more than enough blame to spread around to all the parties involved particuarly the person responsible for writing the virus/malware if that is what actually happened.

          Have you heard of any similar occurrences happening with others? If it was a true malicious code exploitation wouldn’t there be far more people adversely affected?

          But I honestly do not think that this particular person applied “Due Diligence” in his actions by not having at the very least some form of AV product fully updated in place. If he even had that minimum he would in my humble opinion have a far better case against the in question.

          Remember we are not talking about a home owner here who just has a computer to play games and do a bit of banking this was supposed to be a business man and if he ran his business this badly just how did it survive to this point in time?

          From the report I see it as an attempt to get money fraudulently from a bank because of a failing business. White Collar crime is the growth industry in the Western World and to me this just looks like a good example of it.


        • #3338350


          by awfernald ·

          In reply to Not the same thing at all

          Actually, you assume that everyone knows to keep their blank checks secure….

          However, that is not the case. But, the bank tells people about keeping them safe. Just the same as the bank tells you about keeping your login/password safe to your online account.

          In this case, just as if a person were looking over you shoulder at the ATM when you punched in your PIN, a thief stole the information by “looking over his shoulder” electronically.

          The bank CAN reasonably be expected to put up barriers to prevent theft. However, the bank can NOT reasonably be expected to track millions/billions of “routine” transactions on a daily basis to detect fraud from stolen account information.

          I’m just surprised the bank did it without having all the federal forms filled out for sending $10k+ overseas. Maybe the guy wasn’t really a ink supplier, maybe he was really a money launderer.

        • #3336546

          The Basics:

          by mrafrohead ·

          In reply to Not the same thing at all

          “But what are the basics?”

          Updated Anti-Virus – FireWall – Patching your sytem.

          Most AV auto-updates itself. If it doesn’t, it’s usually just a click of a button to enable it.

          FireWall – will usually configure itself on home users software. And usually updates itself out of the box too…

          Patches, are automagikally installed and downloaded…

          Anything above and beyond that, may take time to investigate and learn for home users. Anything before that should be done by default, and if the end users aren’t willing to do it, then they should not have internet access…

        • #3348418

          I Need to point out…

          by red_wolf9 ·

          In reply to Not the same thing at all

          Smokers have found sympathetic people (like yourself, based on your posts) and actually won huge judgment against cigarette companies. They did it to themselves, cried about it and foolish juries gave them MILLLIONS. They showed total ignorance, sometimes claiming “they didn’t know”, and managed to do it with a straight face. I lump this case in with those… more proof we as Americans have become an overly litigious society driven by an Entitlement mentality. At times it makes me ashamed to be American.

          From what I read our business man NEVER hired a consultant to so much as look at his PC setup. Yet he trusted eBanking enough, from what it appears, to handle his entire business. Anyone that can’t secure their critical business process (accounts receivable/payable) has no business running one.

          Thank you…. drive through

        • #3336593

          @ moira

          by mrafrohead ·

          In reply to I agree up to a point

          “nothing annoys me more than the arrogance of a lot of people who are knowledgeable about IT and rate everyone who isn’t, as generally more stupid and lacking in intelligence than they are.”

          For starters:

          I don’t think that I am being arrogant at all with my stance on this. I don’t consider myself to be an arrogant person, nor does anyone that I know.

          Also, I don’t think that people that don’t understand IT are stupid or lacking in intelligence.

          The problem I have is that this guy is trying to sue a bank, when the bank did nothing wrong. This “knowledgeable computer professional” chose to not install AV. He got burned from his choice.

          That’s where I have a problem.

          I have no problems what so ever helping people that don’t know anything, that’s how you learn. That’s how I learned. The more I learn, the more I learn I don’t know jack…

          As for lacking in intelligence, just because I am good at computers doesn’t mean anyone else will be. I believe if I can do it so can you, BUT you may be good at physics, and I sure as hell am not.. Or Geometry… ;p

        • #3338001

          ok …. that wasn’t personal

          by moira ·

          In reply to @ moira

          Sorry if I made that sound a little personal. I’m sure you’re not the kind of person I described, you don’t sound it anyway. But you must admit it’s an attitude often encountered (and more in the field of IT than anywhere else, I have to say).

          I suppose my point is more that in all areas of life we offer sympathy and support to people with self-inflicted problems. This guy maybe should have known better, but do we make people pay for treatment of a self inflicted disease? Not in the UK anyway.

          Undoubtedly there are people who are not as knowledgeable in the field of computer security and it would be a difficult line to draw. Banks can absorb this kind of loss and it might make them improve their own security measures if they took on the responsibility.

        • #3337969
          Avatar photo

          But every time a bank absorbs a loss

          by hal 9000 ·

          In reply to ok …. that wasn’t personal

          They pass it on as an increase in fees or services to their customers.

          I doubt many people would be willing to accept a fee of 90 K on each and every one of their credit cards just to have the things but if actions like this where to come about successfully a bank any bank would either have to remove the on line banking or perform a complete AV scan on the computer that is initiating the wire transfer. Now just how many people would be willing to sit at their computer for several hours on a dial up connection just to pay a $50.00 bill?

          They would be the ones running to their Legal people complaining about an infringement of their privacy and they would be part way correct as who could really trust any bank to scan their computer without wondering just what else they where looking at?

          Col ]:)

        • #3337910

          Very true

          by moira ·

          In reply to But every time a bank absorbs a loss

          “They would be the ones running to their Legal people complaining about an infringement of their privacy and they would be part way correct as who could really trust any bank to scan their computer without wondering just what else they where looking at?”

          You have a point I guess. I’ve just been outraged to discover that my router vendor added a couple of lines to the config file giving themselves backdoor access through the firewall ….

          I just think it isn’t as black and white as you make it out to be. But what *is* clear, is the real culprit is the person committing fraud in the first place. Perhaps when/if these people were caught they should have to pay the full cost of their damage (instead of the piffling little slap on the wrist normally dished out).

          It’s easy to view phishing as *cool*, in fact it’s just plain stealing.

        • #3337868
          Avatar photo

          Actually the more that I think about this the less happy I am

          by hal 9000 ·

          In reply to Very true

          Now if this was a well know problem why just this one case?

          In light of the standards that have been shown by this person I’m beginning to wonder exactly what did happen and if it’s not all an attempt to rip off the bank. If this was such a nasty thing just why have there not been more cases like this reported? I know most home users can not give a dam about AV or malware protection and quite a lot do on line banking but only one case being brought forward about this supposed Trojan. Something just doesn’t feel right to me.

          Even if it did happen like he claims what about all his customer and supplier details that would have been easy pickings as well. Something just isn’t right here and I can not put my finger on it to make myself feel happy.

          Col ]:)

        • #3349290

          Biz loss is not life threatening

          by dr dij ·

          In reply to ok …. that wasn’t personal

          the reason some societies pay for health is that it can be life threatening.

          This guy might be financially strapped and unhappy but he will not die from being out of the money.

          Sympathy and advice OK but not necessarily money. Society or non-resposible parties do not have a resposibility to bail this person out. If you think this then you are committing a force act against those you take money unwillingly to bail this person out (tax collectors use power and force of law).

          The whole point of capitalism is that having people able to lose money makes them more careful, and business that are not go out of business instead of being a drag on us all.

          And we don’t have to worry whether it is dishonest on the owners part as we’re not paying for it.

          There’s business owners not knowledgable in the field of physical security either yet we don’t bail them out if they stick gold bars behind a screen door. They buy insurance if they want reimbursement, and actually get advice from insurance agents. Biz insurance agents require changes to businesses to insure them, e.g. they often specify security measures required, etc.

          And that’s a pretty vague generalization that banks ‘can afford the loss’. All costs are passed on to the consumer. If it was a small bank it could go bankrupt from large or continued losses.

          The ‘guy’ in question was also a business. So automatically if one business is larger than the other, the larger biz should absorb the loss? Pretty ridiculous.

          The bank in this article was not breached, the person’s computer was. They provide a service to transfer money by computer to whoever provides the password and login.

          I’d be happy to provide money to a food bank to keep this guy from starving but as to taxpayers bailing out his un-insured biz if it is, I would not want the gov’t to do this. Or the bank as it appears they are not responsible.

          I’m happy to let you put your money where your mouth is by you sending money to this person. It is always easier to spend someone else’s money tho and say that someone else should pay for something.

        • #3349279
          Avatar photo

          Well if he did have insurance

          by hal 9000 ·

          In reply to Biz loss is not life threatening

          I don’t think he would be making the claim or they could have refused to pay because he was in breach of their minimum standards that they told him they required for basic security.

          Either way he didn’t show any responsibility at all. He has a Lawyer to look over contracts for him and launch action to protect his clients, presumably he has an accountant to make sure he doesn’t pay more in tax than he should and what happened to the IT specialist to advise?

          No matter how you look at it I think the thing is fishy at the very least.

          1 reported hit by a new Trojan in the entire world. I know AV programmers try to keep ahead of the new Virus being set free to fly but even still it only takes a few minutes to cover the entire world when one of these nasties is set free and the AV companies take at best a few hours to release a patch so if this was so nasty I would expect more than just the one complaint.

          Then what about all of his client data which doesn’t seem to be at issue or his address book was this Trojan passed on to everyone in his address book or was his accounting data spoofed and bills sent out to all of his clients asking for payment but having it redirected to a different location so he doesn’t get to ever see it.

          Col ]:)

        • #3348952

          Insurance won’t cover negligence

          by oz_media ·

          In reply to Well if he did have insurance

          You are right Colin, if you have home insurance and go away with your doors unlocked and windows opened, KISS YOUR COVERAGE GOODBYE.

          This guy is a fool, e knows it and his way of dealin gwith it is to try and pass the blame on to someone else with more money. “They SHOULD have been aware!” They WERE aware and HE was warned.

          He deserves to lose his business, he deserves to lose his money, he is stupid and wrong in going after the bank, had he shown a little more tact and common sense, I am sure he would have found more sympathy.

        • #3348436

          Pay Attention people

          by red_wolf9 ·

          In reply to I agree up to a point

          We?re NOT talking Credit Cards here people, this was a secure wire transfer. The difference between the two is as deep as the Grand Canyon.

          The business man should direct his lawsuit, in civil court, at the Latvian hackers. Had he followed this course of action I would have absolutely not problem. But he isn’t going to win a dime from a faceless foreign hacker, even if he wins in US court by absentia (look it up we’ll wait).

          What he should do is press BoA to recover the remaining cash from the Latvian bank (who everyone is treating as an accessory to the crime), the problem is this takes TIME. Both banks have huge stacks of legal paper work to fill out before the funds can be recovered (remember BoA didn’t tell this guy to pi$$ of, they are investigating along with the US law enforcement). I’d be interested to know if he still banks with BoA?

          Since I have had a personal funds recovery problem with BoA that was finalized just last week (but occurred November 2004)I’m real familiar with the process. The best part… both banks are headquartered not only in the USa but in the very state in which I live.

        • #3348942

          NO they aren’t

          by oz_media ·

          In reply to Pay Attention people

          Nobody is making the Latvian bank the third party, the third party is atually BOA.
          They were secure, THEY were not breached, yet THEY are being held acocuntable for HIS inactions?

          BOA has already said they will NOT be responsible for reclaiming his money as they cannot legally get involed, there was NO breach of their security and they were not robbed of money.

          As you sugested, the customer needs to take civil suit on the Latvian bank himself. Had he not jumped on the ‘sue BOA’ bandwagon, they MAY have been a little more helpful as far as how to go about TRYING to recover his funds. As it is now, they have wiped their hands of the issue, saying that it is NOT their problem, and it isn’t.

        • #3349299

          So we should pay for it

          by dr dij ·

          In reply to I agree up to a point

          Since all costs are passed on to the customers, you’re saying that everyone else should pay for this, including you if you’re a BofA customer. Even if they have insurance, more incidents will raise this and cost more eventually. And if we go with your analogy of hospital treatment to stealing, then everytime anyone has anything stolen, the company they bought it from should pay, or the rest of society should pay?

        • #3348938

          I like hat idea!

          by oz_media ·

          In reply to So we should pay for it

          Leave the door unlocked, NEW FURNITURE!!!

          Leave my key in my truck’s ignition while at the mall, YAY new truck courtesy of Safeway!

          Drop my wallet from the ferry, “Hey someone robbed me for 8 grand!” (Hold the hand out to BC Ferries)

          Man, that IS a good idea isn’t it?! 😀 Oh, but what if I start paying for everyone else’s loss too!? Nah, I like the ‘personal responsibility’ factor better.

      • #3336442

        Yes, but, and hmmm …

        by aardvarky ·

        In reply to Laugh all you want

        Agree with your stance entirely, and like the way you have expressed it.

        But, if drawing money at an ATM, the same individual allowed someone else to watch him input his PIN Number and left his card at the machine after walking away with the cash, could he at all surprised if later he found money missing from his account? Could the bank be blamed?

        Yes, I know this is perhaps slightly different, in that it would be reasonable to assume that MOST users would understand the risks of acting in such an irresponsible manner at an ATM, and that on-line banking is rather more abstruse.

        That said, in this specific instance, I agree with you that the onus is far more on the bank … BOTH in terms of providing PROTECTION (as far as is reasonably possible – nothing is entirely secure) AND (perhaps the greater ommission here) in educating users of its systems AND ENSURING that the user is not the weak link in the security chain.

        To avoid failing in their duty to keep their customers’ funds/data secure, perhaps banks should require users to pass a test before providing them with an on-line banking facility? And only let them in if they properly specify WHICH anti-virus solutions they are using?

      • #3336434


        by gary.peace ·

        In reply to Laugh all you want

        Congratulations on a well-constructed, thoughtful reply. I agree entirely. The facts provided don’t permit apportionment of blame. We all have responsibility to protect ourselves to the best of our ability but we live in a society, one of which aims is (or should be) to provide mutual support. For that reason we help little old ladies to cross the road, provide medical treatment to victims of road-traffic accidents etc etc instead of shrugging shoulders and saying “its your own fault stupid – don’t expect help from me”.

      • #3336431

        Self responsibility

        by buckberg ·

        In reply to Laugh all you want

        I do not understand your logic. The bank had a responsibility to provide a secure site for its customers. If the bank was hacked I would expect them to assume the customers loss. However, in this case, the customer had his secure user name and password stolen from HIS computer. In our legal system ignorance is not a viable defense(although many juries do not follow the law and continue to award punitive judgements.)
        In this case the customer is at fault because he allowed his credentials to be stolen. I would even bet that in his agreement with the bank he was warned what may happen if those credentials got into the wrong hands.
        You seem to subscribe to the notion that we have no personal responsibility and that big bad business is the source of all evil and they should be held accountable for mistakes people make that are completely out of their control.
        What would you think if an important business deal failed because the bank doubled and tripled checked each and every secure login? You would probably award damages to the customer.
        The bank did provide a secure way to conduct business. It was the customer who made his account unsecure.

      • #3336417

        Reply To: This guy should be stoned… (with rocks)

        by pickleman ·

        In reply to Laugh all you want

        Sounds like you fall into the same idiot category as the moron that’s suing the bank.

        How could you possibly make excuses for him?

        Sure, chances are he isn’t a computer security expert. So what, neither are 99% of the other people on this planet. Does that mean that every time a person gets a virus, they should start suing someone? Get a grip.

        This loser DESERVED to have his money stolen. Let’s go by your logic for a second, and assume that he knew NOTHING about computers. Okay, fine, granted. But the fact that he had 90K in his account for someone else to steal, and the fact that he was a businessman, tells me two things:

        1) he should’ve known better
        2) if he didn’t have the expertise himself, then he should’ve HIRED someone to safeguard his computer for him if he was too clueless to do it himself

        This guy deserves no sympathy whatsoever. It was his own stupidity that led to his downfall, and nobody else should have to pay for it but him. The bank did nothing wrong. Millions of people use online banking every day, and isn’t it funny how you don’t hear stories on a daily basis of people having $90K stolen from their accounts?

        As long as the bank didn’t deliberately infect his computer and steal his money, they should not be responsible for it.

        His money was safe IN THE BANK.
        If he decided to make his money UNSAFE by letting other people get access to it through the internet, then that’s his fault and nobody else’s.

        The money I have in my bank account is perfectly safe and insured. If some guy goes and robs my bank, my own money will still be there the following day.

        But if some low-life manages to get into my bank account through MY COMPUTER because of MY stupidity, then I deserve everything that comes to me as a result.

      • #3336393

        talking about surgeon…

        by g… ·

        In reply to Laugh all you want

        it’s quite right that the brain surgeon probably doesn’t know that much about computer just as you don’t know that much about brain surgery. But the question is: will you start a brain surgery without knowing how. It’s not up to other people to watch what you’re doing, you have to inform yourself. Your mother cannot be around you all the time

      • #3336345

        Ok…now what?

        by clenhard ·

        In reply to Laugh all you want

        Perhaps online banking needs to rethink online banking security.

        That’s all I have to say.

      • #3336310

        Reply To: This guy should be stoned… (with rocks)

        by deathtoliberalism ·

        In reply to Laugh all you want

        Read the “your responsibilities” section on the BoA website.

        I quote: “Protecting your Online ID and Passcode. You should always guard your Online ID and Passcode from unauthorized use. If you share this information with someone, all transactions they initiate with the information are considered as authorized by you, even for transactions you did not intend for them to make.”

        End of story, this schmuck is 100% at fault.

        • #3348396

          Like Minds….but

          by red_wolf9 ·

          In reply to Reply To: This guy should be stoned… (with rocks)

          Since I posted the same link I agree with you, the one trouble spot I see for BoA’s legal team is this overly vague statement.

          $0 liability
          With our Online Banking service, you can be confident that your Bank of America accounts will be secure and protected. We guarantee $0 liability for any unauthorized activity originating from Online Banking, including Bill Payment. Read Your Responsibilities for information about reporting unauthorized transactions to preserve your rights under this guarantee.

        • #3349338

          I can see ….

          by kaceyr ·

          In reply to Like Minds….but

          … where this may buy the guy a way to sue BofA, but only for the amount of the lost funds (the ~ 20K already withdrawn).

          The problem I see is that the bank can still argue that it was his failure of due diligence that caused the problem in the first place, so he would still have to suck it up.

      • #3336280

        Phishing Sceme; I Got the Same eMail

        by kaptkos ·

        In reply to Laugh all you want

        I do believe that this was a phishing scam because
        I received an eMail from someone pretending to
        be BofA; however, I don’t even have an account
        with BofA so I called them and informed them of
        the bogus email that I had received.
        People who are non-informed of potential threats
        such as these phishing atttacks should at least
        be intelligent enough to not give out personal
        information to anyone; therefore, the sucker should
        take the hit.


      • #3336260

        Reply To: This guy should be stoned… (with rocks)

        by tonythetiger ·

        In reply to Laugh all you want

        Yet the credit card company covers for the people who stupidly leave their credit card on a counter somewhere and is taken and used. The difference: Whose money it is!

      • #3336209

        agree and disagree

        by buschman_007 ·

        In reply to Laugh all you want

        I agree with your sentiment that this guy isn’t necessarily an idiot just because he was victimized.

        But I disagree with your idea that the bank has a responsibility to secure it’s user’s machine. I feel it has a responsibility to secure the connection between their servers and the users PC. But further than that and I don’t think it’s a realistic expectation for the banks to bare responsibility.

        Uninformed user has no A/V protection. Malicious hacker installs key logger on uninformed user’s PC. User opens a secure connection with his online bank, makes a secure transfer, and concludes business with his bank. How is it the bank responsibility to protect the user from the hacker? The hacker now has all the info they need to login and remove money for the uninformed user.

        The plaintiff in this case, much like the uninformed user in my example, failed to consult with someone who does have the experience to properly secure his machine. He decided that expense was not necessary, not cost effective, or maybe he just gambled that no one would ever attack him. He was wrong, and the fault lies clearly on his doorstep.

        I don’t get off of speeding tickets because I didn’t know the speed limit. I’m expected to find this information out on my own. If I get raped at the car dealership cause I didn’t take the time to figure out what a car is worth, that again is my fault.

        This guy is an adult and should know better. I feel this is another in a long line of overly litigious and frivolous lawsuits that is a drag on our nation.

        A classaction lawsuit like this is what’s gonna kill online banking. And I do love my online banking. 🙂


      • #3336191

        Go ahead and judge my character

        by red_wolf9 ·

        In reply to Laugh all you want

        From what I read about the case it was normal for his account to have wire transactions of that size, perhaps not to the bank in question but the size did not trigger any warnings. I also assume that he could have spent time doing due diligence and setting a threshold for limits that would require notification. Further from what I understand the “bad guys” were only able to withdraw some of the money, if this genius wants to sue someone for not returning property that he was too stupid to protect he should go after the other bank.

        This guy is asking to have his lazy, and negligent personal actions undone and not just for the amount “he’s out” (as you state) but for legal fees and interest too. So apparently he?s not just happy getting his original amount back (he wants the interest on it plus his lawyers want their cut outside of his 90k). Last time I checked the American dream didn’t include suing big corporations when you were the negligent party in the first place, well now that I think about it that might be a lawyers “American Dream”.

        Do you honestly think every company has an obligation (as highlighted but your caps lock) to notify every customer about every potential threat they might be exposing themselves while using the companies product? The torrent of email/snail mail would be so large that you would ignore them anyway.

        Here is what I read… business man fails to take even the most basic security measures to protect himself, has 90k stolen from him. Tries the correct course of action notifying law enforcement. Finds out the hard way why criminals use foreign banks, multi-jurisdictional red tape. Then a local lawyer gets wind of the case offers his service for free, telling the afore mentioned business man its all big bad BOA’s fault. Files a suit and hopes for class action status (cause that’s where the real money is for the lawyer probably about 60 gajillion dollars in legal fees). Is it any wonder even the morons in Congress took action against Class Action suits, where tiny state courts were producing huge nationwide judgments (often for frivolous cases) because they were comprised of juries that think like you.

        In closing if the shoe was on my foot I think there would be a 9mm hole in it as well (not so vague reference to shooting yourself in the foot), but I wouldn’t expect anyone to rescue me from my own stupidity. The fine print on the American Dream says a vast percentage of small business fail? just for these reasons.

        Stupid is as stupid does ? Forrest Gump

      • #3336082

        Always the Victim Never Responsible

        by andeanderson ·

        In reply to Laugh all you want

        That’s the new attitude of most Americans. “It’s not my fault they, big-brother whoever, should have protected me from myself.”

        Banks do not have a need or responsibility to double-check and verify every electronic transfer of money when the correct identification and verification are utilized. If they did try to impose such a restriction the outcry would soon drown out any possible safety provided.

        I am pretty sure BoA, like most banks have a disclaimer about their obligations and the obligations of users for electronic banking that must be agreed to before the services are provided.

        Plus, think about the possibility of the virus going from this guys computer to one of his customers or vendors systems and the chaos that would cause. If they tracked the problem back to him he would be sued for his lack of due diligence in protecting their confidential information.

        If you choose to be involved in electronic banking do not claim ignorance. Most agreements, even EBay’s, are pretty clear.

        The cry of “You should have stopped me from ….” has been used for so many frivolous litigations that even a child can now sue a school if they don’t like the lunches.

        Why can’t people just stand up and accept their responsiblity for their own actions, or lack of action?

      • #3336004


        by geekygirl63 ·

        In reply to Laugh all you want

        I am an IT Manager for my full time job and a small computer services business owner all the other time. 99% of my clients are intelligent people but are simply baffled by computers and when you start talking about viruses, or especially ad and spyware, they look at you like you’re speaking Greek. Couple that with companies who now send out new systems without anti-virus protection (it used to be a standard part of the package) and you have a recipe for disaster. Most of our time helping clients is spent eradicating viruses and ad/spyware and installing the necessary preventative measures. Even if you watch/read the news, and there’s lots of news about these kinds of things, if you aren’t “smart” about computers, you probably won’t even notice the news item.

      • #3334313

        U can sue anyone for anything

        by dcperich ·

        In reply to Laugh all you want

        Blame will be determined by where the money falls…and which lawyer’s pockets get the fullest.
        I suppose banks will only allow transfers under specific conditions they have control over, with their own software, and large or frequent transfers will require verified collaboration from the owners of the accounts.
        “Verified collaboration” could be innitiated with a fingerprint or retna scan associated with the account.

        • #3334240
          Avatar photo

          No they can be spoofed as well

          by hal 9000 ·

          In reply to U can sue anyone for anything

          The only real way to make sure that these transactions are for real is to halt them until the bank can make contact with the account owner to make sure that the transactions is wanted. Of course the several days that will be taken for each and every large transaction verification will probably mean that the contract is lost. But why would that matter as the money is safe right?

          Col ]:)

        • #3334187

          The press has a lot to answer for here…

          by david_heath ·

          In reply to U can sue anyone for anything

          …and the movies too!

          NO-ONE does retina scanning in any commercial application. Whenever you see an eye-based biometric it is the iris being recorded.

          And furthermore… ignore any imagery that suggests some kind of laser-pass over the eye. That NEVER happens. Irises are recorded using a simple camera in the near-infrared spectrum.

          As for spoofing, yes the most important feature of biometric systems for high-security authentication is SUPERVISED use. If you can’t see the person apply their biometric sample, assume it’s bogus!

    • #3336999

      Idiocy comes in all forms…

      by jessie ·

      In reply to This guy should be stoned… (with rocks)

      AFAIC… the dude is out 20k and should be grateful that that’s ALL he’s out. Maybe he should sue M$ for allowing the popup that installed the trojan…

      I work with several banks, and have worked with BoA before, and whenever there’s “unusual activity” on my account, i.e. larger than normal sums of money, somebody at the bank always calls me to authorize the transaction. In a business account, a $90k transaction is presumably not all that unusual, so, really, what was the bank to do? Call him to authorize EVERY transaction? It’s not their responsibility to make sure his computer is protected. I do know that all banks have a list of countries to which they do not do wire transfers, or to which all wire transfers must be authorized. As long as Latvia is not ON that list, then BoA did their due diligence in protecting his transactions.

      For EVEN MORE stupidity, check out THIS link… RIAA SUES the DEAD

      • #3337464

        Not to mention!!!

        by mrafrohead ·

        In reply to Idiocy comes in all forms…

        What ever happened to being a responsible banking citizen and balancing the damned checkbook???

        I mean, crap, banks used to count on that to detect fraud. Once a month you get a statement, then you check it with your records and report any discrepancies.

        Come on now, saying that the freaking bank in anyway is liable is just assinine…

        And the RIAA can burn in hell with the dillhole that is suing BoA… They’re equally as bad in their own flowery special ways…

      • #3337215
        Avatar photo

        Well what can you say to that one?

        by hal 9000 ·

        In reply to Idiocy comes in all forms…

        A prime example of Lawyers on retainer with nothing better to do!

        Col ]:)

      • #3338419

        well what do you know

        by tony hopkinson ·

        In reply to Idiocy comes in all forms…

        The prepubescent, the poor and the dead.
        I liked we’ll try and cancel the case.
        Oh dear couldn’t, so we’ll go for it in anyway ?

        You know why they call heaven Heaven ?
        Because there are no lawyers in it.

        Say maybe the RIAA should have a look on this guys pc, just in case he got the trojan from an MP3/Warez site.

    • #3336995

      missing the real sad part

      by husp1 ·

      In reply to This guy should be stoned… (with rocks)

      the worst part of it all is that if he succeeds then he will have set a precident for all the others taken in by this type of scam to be able to sue and win, causing a huge problem for banks world wide. feel sorry for the guy but as was posted preveously it was his fault for not haveing proper securty for his system. hope he learns a good lesson from this and gets a good security package for his system.

      • #3337212
        Avatar photo

        Well if he actually wins

        by hal 9000 ·

        In reply to missing the real sad part

        I hope the bank gives him their business to run. At least if that happened they would have a valid argument when they next want to raise their charges.

        Col ]:)

      • #3338203

        Reply To: This guy should be stoned… (with rocks)

        by moira ·

        In reply to missing the real sad part

        Huge problems for banks worldwide? LMFAO … the banks will take out more insurance and just pass the costs onto us.

        However secure your system is, there is no such thing as totally safe. Unless there’s clear evidence the guy acted in a way that would be deemed irresponsible for Mr Average, I don’t think you can expect him to necessarily absorb the cost himself.

        After all, when people don’t take care of their health and end up in hospital with self inflicted illnesses, the NHS treats them for free.

        • #3336515

          must be a non us resident

          by husp1 ·

          In reply to Reply To: This guy should be stoned… (with rocks)

          shoul look at some of the finance stats here in the US. half of all bankruptcy’s in this country are caused by medical bills but it would be nice to have a natnl health service here, then our elderly could by food and pay rent instead of paying for medication and health issues. As to the banking issues the effects would be rippleing, the client sues and wins, next eploited person sees that then he sues using the first mans success to help his cause rising the cost to banks here. said banks cry foul stating that overseas banks don’t have this problem thereby causing the goverment to take thing into their hands theating santions if they don’t comply etc. etc. etc. (over simplified explination)

        • #3337909

          I’m in the UK

          by moira ·

          In reply to must be a non us resident

          You’re right, I don’t live in the US. Our NHS has problems though, as people are living longer etc and increased ability to treat disease has meant prioritising who gets what.

          That’s getting way off topic though 🙂

    • #3336993


      by house ·

      In reply to This guy should be stoned… (with rocks)

      We have a client who just got infected with a long distance, 900 type porno line virus. She was charged almost $1000 in long distance. She was freaking out saying, “I’ve gotta lawyer… I’m suing!!!”

      When I asked her who she was going to sue… she didn’t know what to say. At first, I thought that she was going to blame us (ISP) as this is the typical response, but she couldn’t answer the question.

      • #3336957

        Some businessman this guy is

        by golfer740i ·

        In reply to xxxdialer

        It is interesting that a business will hire a lawyer, accountant, buy insurance and do other things to protect themselves, but leave their information unprotected on their computers. This guy is responsible for his actions. I am sick and tired of people turning to a lawyer when they refuse to take ownership.

        • #3336889

          I say, turn the tables….

          by notsochiguy ·

          In reply to Some businessman this guy is

          Perhaps BoA shareholders should get together and sue this guy; claiming that his negligence cost them profit (it will cost them money no matter what happens with the judgement)?

          Personally, it seems as plausible as blaming the bank for failing to click UPDATE on your virus protection app.

          Next time I have to pay $3 to use an out of network ATM or $5 to speak with a live person at my bank, I’ll curse this ID10T to a long eternity without cold water or SPF 10000.

        • #3337300

          The problem is..

          by jdmercha ·

          In reply to Some businessman this guy is

          Businesses hire lawyers to protect their assets, they hire accountants to manage their assets, and they get insurance to replace damaged or stolen asstets. The problem is that none of these people treat information as an asset.

    • #3336879

      Wrong angle

      by jdmercha ·

      In reply to This guy should be stoned… (with rocks)

      Typically law suits are filed against people/companies that can afford to pay.

      In this case I agree that a lawsuit should be filed. But not against the bank. The suit should be filed against the creator of the virus.

      How many viruses would be written if the author knew that he could be sued, or put in jail at any time for the rest of his life.

      • #3336516

        Released is the key.

        by mrafrohead ·

        In reply to Wrong angle

        There is nothing wrong with creating a PoC…

        What is wrong is releasing it into the wild.

      • #3349072

        sue creators of burglary tools also

        by dr dij ·

        In reply to Wrong angle

        maybe we should sue the makers of that flat metal thing that lets burglars slip between window and pull up locks to get our car. and maybe we should sue screwdriver makers as some car thieves use them to turn the key switch. and sue gun makers because some users kill people with them.

        How about instead finding the person who deployed the virus and took the data to break into the account?

    • #3336848

      IT Opportunity

      by thechas ·

      In reply to This guy should be stoned… (with rocks)

      Actually, this case presents us with a new IT opportunity.

      More than likely, this guy had to click on an accept box agreeing to the terms of his bank’s on-line access agreement.

      The agreement either exonerates the bank, or limits the banks liability should the customer provide his account information in any manner to another party.

      In place of the simple “agree” button, we can introduce a “test” that verifies that the user has indeed read and understands the agreement.

      Jobs for legal consultants,

      Jobs for programmers,

      Jobs for support staff to explain to the potential user WHY they cannot get access until they pass the test.

      I myself wonder why he is not suing Microsoft, or the maker of the software that stores his account number and password information.


      • #3337483

        Let’s Sell it to Him

        by bfilmfan ·

        In reply to IT Opportunity

        Let’s sell that project to him.

        Cobble up some code.

        When it half-way works, call it a success.

        Sell a new client on the method and tell them how well we did it for this guy.

        Ya ever notice how a lot of projects act like a herd of locusts? They arrive, eat up all your resources and then fly away leaving you with dust?

        Perhaps I should start a blog on that..haha

      • #3337354

        This idea isn’t quite as silly as it sounds

        by amcol ·

        In reply to IT Opportunity

        You’re being facetious, of course, but how many of us alleged professionals are guilty of clicking blindly through those annoying disclaimers and license agreements ourselves?

        There’s been a lot of talk in some states about equipping cars with breathalyzers, so drunk drivers can’t get behind the wheel. This is, to a certain extent, the electronic equivalent.

        Click on the “agree” button. Then, another box pops up with three or four questions making sure you understood what you just agreed to. Sorry, no peeking…you can’t click your “back” button and reread the agreement. Just answer the questions, and if you get them wrong you’re out. Do not pass “Go”. Do not collect $200.

        Of course, no financial institution or software vendor would do this because there’s FAR too many people out there who are just what they want…ignorant customers. Make sure they know what they’re signing? Oh oh, no thanks, bad for business. Just pay the money, folks, we’ll take care of you. And if we can’t…well, that’s too bad, you should have known better.

        The overall sad theme of the original article and this thread, and the thing that a lot of posters have been missing. Bank of America COULD NOT HAVE CARED LESS about our poor unfortunate friend from Miami. He got into trouble…no big deal, we’re the big bad bank with a lot of big bad lawyers, so even if he sues us (not bloody likely since we can intimidate the hell out of him) we’ll crush him like a rotten grape. And if he takes his business elsewhere…no big deal, we’re the big bad bank with the big bad business and we can always get more customers.

        And THAT’S why I’ve been maintaining the bank has to shoulder some responsibility here.

        • #3349066

          A load of ****

          by dr dij ·

          In reply to This idea isn’t quite as silly as it sounds

          So you can mystimagically make up what the bank thinks?

          I have no love for BofA but if they gave out $90k everytime some business asked for it, then people would quickly setup scams where they put a trojan on their PC and transferred money to their buddy in (brazil.. Latvia.. outer mongolia, etc).

          Then get it back from BoFA and a portion of the other money too.

        • #3348956

          Despoite their clear disclaimers

          by oz_media ·

          In reply to This idea isn’t quite as silly as it sounds

          They have CLEAR security information provided, see below, it ook about 2 minutes to find the security ifo for Miami. They actually make security info VERY easy to find, and they make it VERY clear where responsibility lies. So yes perhaps the=is guy DID go to the bank and just ignore everythng he was give to sign, perhaps his company of trained computer professionals was a big lie and he really doesn’t have a clue OR a professional to help him.
          We are not talking abou tclicking an install on some demo software or a licenced copy even, this is about signing a document stating that you understand HOW you money is handled, HOW it is secured. For a business owner, you would think this would warrant a little attention to detail, if not, once again HE is the dummy here.

          The bank WARNED him, they printed it on their website, the lawyer even agrees that the bank had warned him, ANY breach past that point is 100% HIS responsibility. The bank wasn’t breached, HE was. The bank is not at fault, HE is.

          It has nothing to do with supporting the big bad bank, who’s business practices you seem to really have a grip on, it has EVERYTHING to do with his trying to SUE an organization who provided all of the security implied and accepted by him PRIOR to being breached. The bank even when above and beyond what is needed by sending him an advisory oin security, they provide links to several security sites where he could and SHOULD have gone to ensure his safety. Negligence is nowhere but on HIS desk.

      • #3337207
        Avatar photo

        They will most likely be

        by hal 9000 ·

        In reply to IT Opportunity

        The next in line after he finishes with the bank and looses big time.

        Think of it this way as I’ve often been told by my friends/fiends in the legal profession those with the big money alway win in the end. Even when they loose they appeal and have the matter tied up in the court system for years if not decades. If the bank was to follow this course of action his grandchildren could still be fighting the case and by that time the 90K would be worth about $1.50 when inflation is allowed for.

        Col ]:)

      • #3349387


        by red_wolf9 ·

        In reply to IT Opportunity

        Everybody on TechRepublic knows how I feel about Microsoft, but seriously if you think BoA has an easy out in this case, read a Micro$oft EULA. The reason people don’t sue Micro$oft is because it’s damn near impossible.

        Remember you don’t own Windows… Microsoft is allowing you the privilege of using it. You might own a physical CD but every little chunk of code belongs to M$ and you have merely been given license to use Windows. Microsoft does not warrantee their software for any purpose, so if (some say when) it breaks (or infects you via the exploit de-jour) in no way is Micro$oft liable for your losses.

        Be sure to thank your congressmen for giving software makers the sweetest of sweat heart deals, and that was WAY before the DMCA.

        And Amcol, last time I checked BoA was working to resolve the problem, not sending in the legal stormtroopers. It’s our Miami business man suing them because they won’t cough up 90k (he thinks he is owed) on his time table. And your “BoA is an evil corporation” rant sounds oddly like lame excuse the Anti-Micro$oft crew uses to justify their positions. A company’s bank roll does not alone make them some kind of evil entity.

        I despise microsoft for reasons other then their bank account value, which I consider living proof that:
        A sucker is born every minute
        A fool and his money are soon parted.

    • #3337390

      I don’t agree

      by russell ·

      In reply to This guy should be stoned… (with rocks)

      If you’re car was stolen and used to rob your local bank which held your money I doubt if you would be too amused.
      His money was taken from his bank by criminals. His claim is that the bank knew of the threat from the trojan and yet didn’t put any security in place to defend it.
      I think he every right to try and reclaim his money – it’s the banks responsibility to ensure the money in its care is safe.

      • #3337344


        by tony hopkinson ·

        In reply to I don’t agree

        The bank would not be amused if you left your keys in the car, put a big sign on top of it saying please use this to rob my bank, and then parked it outside a place frequented by bank robbers would they.

        The bank did, they verified his account, his passord etc. Someody else used it, cause he left them lying about where a criminal could get hold of them. If he wrote his pin number on his ATM card, would you have the same opinion ?

        Security on this guy’s system was effectively non-existant. Wonder if he’s sorted it out yet ?

        We can only hope for maybe some more PR security from the banks and a raise in customer awareness of the potential risks to on-line banking.
        Nothing else good is going to come of the court case, unless your a lawyer.

      • #3337305

        Closer example

        by jdmercha ·

        In reply to I don’t agree

        Lets say I leave my checking acount information and my drivers license out on my coffee table. I then lock my house while I go to work. My twin brother finds out that someone in our neighborhood is randomly unlocking houses. So my brother eventually finds my house unlocked, comes in and picks up my ID and bank info. Then he goes to the bank and withdraws $90k from my account.

        The bank should be insured to cover the loss. The bank should then go after my brother to recover the stolen funds.
        I should then go after my brother for enting my house and taking my personal information. And I should also go after whoever unlocked my house.

        • #3349366


          by red_wolf9 ·

          In reply to Closer example

          I’m trying to understand you logic here.

          Let’s just ignore the fact that the bank didn’t “lose” anything… you did.

          You think that the bank should be insured for the amount of every deposit on it’s books?

          What do you think the insurance premium would be..?

          You are aware that banks don’t even have enough cash on hand to cover every deposit much less insure those deposits (that’s where the FDIC comes in and our fine federal government will only insure 100k of your account).

          But I’m sure your ideal would be a big hit with Insurance companies who assume almost no risk and would make profits that Bill Gates would envy.

        • #3349062

          trying for sympathy

          by dr dij ·

          In reply to Closer example

          you’re trying for sympathy in the analogy as you’re not a biz. This guy was. There are demarcation lines for legal liability. He should have been insured also as a biz.

      • #3337304

        Bad example

        by tomsal ·

        In reply to I don’t agree

        If my car was stolen and used to rob my local bank..that is a COMPLETELY totally different situation entirely. That’s not even comparing apples to oranges its comparing a candy bar to a vegetable.

    • #3337213

      What about his customers information???

      by mrafrohead ·

      In reply to This guy should be stoned… (with rocks)

      Something I have been thinking about since last night with this guy…

      What about all of his customers information???

      I mean, if he had his banking information “borrowed”, then that means that the chances of his customers personal information being lost is just as likely.

      Do you think this dillhole will contact his customers and tell them?? I’ll bet not because he’s too busy crying and pointing fingers.

      Better yet, if his customers actually lose money because their information had been compromised, do you think that this guy would even consider giving them the money that they lost back? I’ll bet not…

      Something else to consider.

      This guy should be prosecuted for neglect!

      • #3336512

        I can’t believe no one has touched this post.

        by mrafrohead ·

        In reply to What about his customers information???

        Wouldn’t you guys care if you were a customer of this clown???

        That is if he really does have any “customers”.

        • #3338148

          NO doubt

          by oz_media ·

          In reply to I can’t believe no one has touched this post.

          I would be unplugging MY internet connection, calling MY bank, FREEZING my own account, changing passwords and much more if I was stored in this guys PC.

          Perhaps if someone loses a few million from THEIR business they can SUE the idiots ass for not securing HIS PC. NOw that would be a really funny twist to read.

          “120 Local business go after idiot who is still trying to recover $90,000.00 to pay off the 2.4 million dollars they have sued him for due to his inability to secure THEIR PC’s!”

          Ahhh, thanks for the chuckle! 😀

        • #3349061

          bank is now his customer

          by dr dij ·

          In reply to NO doubt

          much as IBM is the customer of SCO if they win the $5billion they’re suing IBM for!

          As cartridge recyclers are often scam biz, he may have been looking for a new income source, as someone posted earlier

        • #3338078
          Avatar photo

          I actually mentioned this

          by hal 9000 ·

          In reply to I can’t believe no one has touched this post.

          Somewhere else here before I saw this posting so I didn’t bother reposting it here.

          Col ]:)

    • #3338312

      HAHAHAHHAAHAAAAAA!!!!! An early Friday Yuk!

      by oz_media ·

      In reply to This guy should be stoned… (with rocks)

      Thanks mate, that’s a real rib tickler.

      I found another, more in-depth article if you like.

      Also, here’s dumb dumb’s website if you want to send him a god laugh.

      So I’m reading this article thinking ‘this lawyers just a nobody who’s trying to make a name for himself with some breakthrough lawsuit’.

      The lawyers OWN comments, “If you lost $5,000, you are going to walk away from that $5,000 because there isn’t an attorney in town who will take the case,” Patino said.

      Indicating he is doing this to make a name for himself and open up the world to a string of unjust lawsuits that will in turn stem into other areas of WHO’s responsible, right down to the ISP if they choose.

      Whadda PUTZ! You can just picture the greasy bugger

      So here’s some fun from the article I found:

      First of all:
      “Bank of America knew of the coreflood virus,” Patino said. “Why not tell their customers?”

      okay, the bank should tell their customers of virus threats that may jeopardize security.

      “Patino cites a letter from Bank of America to customers in July recommending they strengthen their security measures as proof that the bank knew online banking was risky. He and Lopez say a large wire transfer to Latvia, which is known in financial circles for its problems with cybercriminals, should have raised a red flag.”

      Okay so you have been warned, the BANK’s system is up to date, obviously, and they are openly admitting and informing customers of a security risk.

      So far, I would say it is CLEARLY the customer’s responsibility and any security implied by contract by the bank has been removed from further blame if YOU are infected, no more breach of contract.

      BOA’s response: No bottom feeder lawyer trying to make a name for himself.
      “… the bank was not responsible for the loss because no one hacked into its system to initiate the wire transfer.?

      OOOOOH! Nobody BREACHED the bank’s security and therefore they have NOT breached their promise of security!

      What a farce! They MAY take it to court because the little lawyer has his heart set on it, IF a court has a judge that will see the case that is.

      The guy doesn’t have half a matchstick to stand on, this is the weakest case I have seen a lawer take on in a looong time, if not THE weakest. Yet BOA has the most ROCK solid defense that you could possibly muster.

      The bank warned him, beyond their duty, the guy even admits he received the warning.

      The bank was NOT breached in anyway, their systems provided ALL of the protection and security you are assured they will.

      But more importantly, the BANK didn’t lose a dime, thus they really couldn’t care less and it is up to HIM to collect his lost money, their job was legally done.

      “Heilbron wrote that Parex had told Bank of America that any action to recover the funds would require a request to Latvia’s Office of the Prosecutor for a criminal investigation. “Since we are not responsible for the fraud and have not ourselves sustained a loss, we are not in a position to make such a request,”

      You just gotta laugh at what some lawyers are willing to do to get their name out there. This one has even convinced the loser that he has a case! Let’s hope the judge is as dumb as the guy who can’t use virus protection.

      What do they expect, a weekly virus list update from the bank? BOA AntiVirus software?
      Even if the bank DID provide a full Antivirus System and a list of every threat, many wouldn’t update it or read the lists.

      Then they would say it’s BOA’s responsibility to force updates, then a few months later someon would sue BOA for taking over their PC and being too nosey.

      Oh when is someone going to invent something to make the computer obsolete?

      • #3336817


        by tony hopkinson ·

        In reply to HAHAHAHHAAHAAAAAA!!!!! An early Friday Yuk!

        Even Parex of Latvia leapt on it after one transaction. Looks like everybody did their job except this Lopez guy.
        His web site is class, Weeks of IT effort, got products I’ve never heard of as well. What’s an
        ikjet cartridge. Also got products he’s never heard of called ‘page not found’.
        What do you charge for a twelve page website and a bit of advice on computer security in the US ?

        Must be a lot, poor guy was saving money by doing it himself.

        • #3336681

          I can respect trying to save funds!

          by mrafrohead ·

          In reply to Nice

          but… this is directly from this dillhole’s site:

          “A full time staff, all veterans of the computer industry,”

          If they were really all veterans of the computer industry, they would have been smart enough to truly have a/v software AND their site would be functioning properly. No “page not found” errors… ;p

          Man, I develop web sites as well as I eat cardboard, because i’ve never had to try or had to do it. Meaning not well at all, but if I was putting that out for a business of mine, I would have put the time and energy into it to make it worth it!

        • #3336570

          Frontpage would have done it better

          by tony hopkinson ·

          In reply to I can respect trying to save funds!

          How can you claim to be part of the IT industry and advertise your business with crap like that.
          Just another indicator to me, this guy’s cheap. ‘Don’t need a/v and firewall the risk of me being hit is very low’ sort of manouvre. There again what can you expect of someone who sell’s printer supplies, one of the biggest scams going that.
          Used to amaze people when I got rid of toner low by shaking the cartridge.

        • #3336510

          Frontpage is a half assed farce though

          by oz_media ·

          In reply to Frontpage would have done it better

          Sure FP would have done a better job, but as far as WYSIWIG editors go FP sucks big time.

          FP writes buggy, over coded pages with a tonne of whitespace that makes it easy for competitors to clone the pages.

          As far as a WYSIWYG editors are concerned NOTHING has ever even come close to the robust functionailty and clean code generated by Macromedia’s Dreamweaver and related products in the suite.

          But all in all, FP WOULD have been better, thoug not much. You know how much code editing you have to do with FP code before pages are search engine optimized?

        • #3337901

          I used FP98 in 98

          by tony hopkinson ·

          In reply to Frontpage is a half assed farce though

          I stopped using it in 98 as well. It’s about the stupidest page design application I’ve ever seen.
          The pages can look good, but in every other respect they are dismal failures.
          Tend to stick with notepad, wouldn’t mind giving MM a go after your previous comments on it, but FP absolutely sucks, and for no other reason than to make web pages more proprietry for IE and IIS.

      • #3336688

        Reply To: This guy should be stoned… (with rocks)

        by mrafrohead ·

        In reply to HAHAHAHHAAHAAAAAA!!!!! An early Friday Yuk!

        Maybe we should just cause the internet to crash.

        that might help fix the problem right there… then the stupid users couldn’t even connect.

        OH wait, I forgot, we don’t need to stop the internet, just AOL… ;p

        Better yet, we can use that dipsh*t’s computer as the start of the backbone DoS since we know it was comprimised. Probably still isn’t fixed either…

        Ha ha ha ahahahahahaaaaa

        And I am only joking, should anyone take me serious on this one.

      • #3336683

        BTW – Oz, you’re twisted…

        by mrafrohead ·

        In reply to HAHAHAHHAAHAAAAAA!!!!! An early Friday Yuk!

        I can’t believe you found this to be funny.

        This is a VERY serious thing and the man who is taking the lawsuit deserves your sympathy!

        D4mn you oz, what is wrong with you?

        Oh, the inhumanity!!!!!!

        Oh, wait, I forgot, blehahahahehehahahahehehahhehhheeeeeooooaaa….

      • #3336643
        Avatar photo

        OZ you have to wonder if the company isn’t

        by hal 9000 ·

        In reply to HAHAHAHHAAHAAAAAA!!!!! An early Friday Yuk!

        Misrepresenting itself when you see things like this on their web page. 😀

        “The company goal is to provide the most efficient and reliable framework to deliver a complete line of quality computer and copier supplies at very competitive pricing. AHLO, Inc. has assembled a highly professional team to deliver its commitment to both its customer and vendors.”

        If the “Highly Professional Team can not even think of a simple AV product you do have to wonder just how professional they actually are don’t you? 😀

        But because these people work in the Computer Supply Industry they at the very least should have a better idea of what is going on than a home user who doesn’t read anything from their bank, computer maker or any technical publications.

        For God’s Sake even the gamers mags have a lot about security in them let alone any of the more technical one which no doubt this company uses to advertise its products so they should at the very least have copies of every Mag that they advertise in.

        Col ]:)

        • #3336573


          by oz_media ·

          In reply to OZ you have to wonder if the company isn’t

          How can you read that without seeing “AHOLE’?

          Perhaps the bank SHOULD increase security and require that users have a brain. They could just yell in your ear and wait to hear the echo.

          How can someone POSSIBLY run a business that does large international transactions to VERY odd countries actuallt NOT think of security?

          It makes you wonder how many times the owner turned up at his neighbours business in the morning, only to be led by the hand to his own building and sat at his desk with the keyboard placed under his hands.

          Does this guy get a call every once in a while to remind him to breath?

        • #3338082
          Avatar photo

          What do you think would happen if

          by hal 9000 ·

          In reply to AHLO

          He had a LT that he carried around with him? 😀

          Col ]:)

      • #3336642

        This seems odd

        by house ·

        In reply to HAHAHAHHAAHAAAAAA!!!!! An early Friday Yuk!

        An unprofessional website, with almost no body, based around IT related stuff, with a silly little IRC/proxy backdoor, an incomplete link…

        Something about this doesn’t sit well with me.

        • #3336639

          me either

          by mrafrohead ·

          In reply to This seems odd

          I am glad to hear someone else say that house…

          I can tell you one thing, after seeing what I saw, I intend on “investigating” further after I leave work…

          Time to ask my magik googleball…

        • #3336572

          Ran a page critic on his page.

          by oz_media ·

          In reply to me either

          Scored between 5% and 18% for search engine optimization, good way to NOT have your business found.

          He transfers large amounts of money to the wierdest countries, why? He may be better off keeping his business OUT of a courtroom.

        • #3336536

          If you think that’s bad, look at this:

          by mrafrohead ·

          In reply to Ran a page critic on his page.

          actually was nadda… ;p

        • #3338130

          At which point…

          by house ·

          In reply to If you think that’s bad, look at this:

          Do we remove our names from our profiles?

        • #3338053

          Reply To: This guy should be stoned… (with rocks)

          by mrafrohead ·

          In reply to At which point…

          Nothing wrong with a little googling…

        • #3338049

          yeah, but…

          by house ·

          In reply to At which point…

          Try explaining that one to the Desert Eagle .50

        • #3337926
          Avatar photo

          Actually I’ve just had a look at my profile

          by hal 9000 ·

          In reply to At which point…

          No name there just the alias so TR already done it for us. 😀

          Col ]:)

        • #3337907

          wocka wocka

          by mrafrohead ·

          In reply to At which point…

          All I have to say is this house:

          If you pull it, you best use it. When those are brought out, rules change.

        • #3337905

          Not mine…

          by house ·

          In reply to At which point…

          Theirs. I’m not pulling anything but mad stunts. All I’m saying is that we don’t know how [i]familia[/i] these guys are, or even who is involved.

          Hopefully, they don’t pull sh*t but the sh*t in their drawers. 😉

        • #3336479

          Point taken…

          by mrafrohead ·

          In reply to At which point…

          Though I stand by my last comment ;p

          nyuck nyuck nyuck…

          Though now that you’ve got me thinking about it, latin america… ;p

          Heya Mr. Escobar, how’s your day going… ;p

        • #3338075
          Avatar photo

          So he likes a lot of coffee beans

          by hal 9000 ·

          In reply to Ran a page critic on his page.

          What’s wrong with that provided he isn’t caught with all the white powder inside the crates with the coffee beans. 😀

          Col ]:)

        • #3336185

          Not possible…

          by gregry ·

          In reply to So he likes a lot of coffee beans

          If this is about cocaine and 90 grand is all he had he really does deserve to be stoned. Let it go, natural selection will take care of it. Those guys play rough.

        • #3336184

          Not possible…

          by gregry ·

          In reply to So he likes a lot of coffee beans

          If this is about cocaine and 90 grand is all he had he really does deserve to be stoned. Let it go, natural selection will take care of it. Those guys play rough.

        • #3338077
          Avatar photo

          Well I did post the idea that

          by hal 9000 ·

          In reply to me either

          The whole thing might be a scam but no one seemed to take that one up.

          Col ]:)

        • #3338054

          I dunno about that…

          by mrafrohead ·

          In reply to Well I did post the idea that

          I don’t know if anyone didn’t take it up, just maybe hadn’t looked into it yet…

        • #3337968
          Avatar photo

          Try here

          by hal 9000 ·

          In reply to I dunno about that…

          Admittedly I did only put in a passing remark and didn’t make it a big issue but as no one responded I left it alone.

          Col ]:)

        • #3337906

          Reply To: This guy should be stoned… (with rocks)

          by mrafrohead ·

          In reply to Try here

          I don’t doubt that you did man… That wasn’t what I was getting at… ;p Just may have missed it…

        • #3337866
          Avatar photo

          Actually what got me

          by hal 9000 ·

          In reply to Try here

          Was no one wanted to pursue that line of thinking!

          The more I think about this story the more unhappy I feel as there hasn’t been the massive influx of complaints about this Trojan that should have come about if it was so bad. I’m beginning to think that something isn’t quite right here at all!

          Col ]:)

        • #3336477

          I agree.

          by mrafrohead ·

          In reply to Try here

          I think it smells funny myself. Like two day old tuna in a hot summer sun…

          I poked around a tad. Some stuff looks “out of place”, but then I stopped and thought about it and figured, I’m not a dick (pi) so what in the heck am I doing??? I fix computers, and I don’t have a spare hand to do dick work (nudge nudge maxwell ;p).

          All I know is, if I were the dude the started to press charges, I woulda thought twice about doing it, I think he has a very high chance of exposing some type of fraud by pursuing this.

        • #3349328

          Your not the only one

          by red_wolf9 ·

          In reply to This seems odd

          My BS Klaxon is going crazy over here.

          I ask myself…. What is so odd about:
          1) Having over 90k in an account but the business can be sustained on a 50k loan.
          2) Multi-jurisdictional banks are working to get your money back all you have to do is ASK !
          3) Your lawyer makes public statements like “If you lost $5,000, you are going to walk away from that $5,000 because there isn’t an attorney in town who will take the case”
          4) Your lawyers publicly stated goal is class action status, where he makes TONs and you get $2.60 after it’s all said and done.

          This stinks worse then the blended frog smoothie I saw on FearFactor last night.

      • #3336621

        More interesting is the plaintiff’s web

        by awfernald ·

        In reply to HAHAHAHHAAHAAAAAA!!!!! An early Friday Yuk!

        A lot of the premise in the discussions here has been that the end user was too ignorant of computers to protect himself.

        So… in a quote directly from their web-site:
        “A full time staff, all veterans of the computer industry…”

        So, according to them, they are not “ignorant” of computers, according to their lawyer, they were informed, and yet they STILL failed to take any action to protect themselves.

        Hmmm, /looks for a /kickban bot for this channel for the idiot comp pros who got hacked cause they didn’t know any better.

      • #3349341

        Very Useful Info

        by red_wolf9 ·

        In reply to HAHAHAHHAAHAAAAAA!!!!! An early Friday Yuk!

        Well done Oz, thanks for the extra info.

        I do however think that the next illogical step is a biological fluid requirement to complete a transaction (taking a page straight from the movie Gattaca). Yeah… if the DNA don’t match, BoA better not cash.

        Just think of all the fun bodily fluids we as customers could offer to provide.

        • #3349280
          Avatar photo

          Well they just may require

          by hal 9000 ·

          In reply to Very Useful Info

          Something a bit more solid than body fluid it might run through their scanning equipment way to fast. 😀

          Of course that could always demand a limb per transaction but that would limit the number of transactions you could make wouldn’t it? 🙂

          Col ]:)

        • #3349052

          Then they’d cut off hands

          by dr dij ·

          In reply to Very Useful Info

          On the spy movies they cut off a hand and put it on the biometric scanner.

        • #3348908
          Avatar photo

          It would be easier

          by hal 9000 ·

          In reply to Then they’d cut off hands

          Just to spoof the scanner and take a copy of his finger print off the HDD. I’ve actually not only used those things but also sold them and on every occasion if they fail to work you have a password to fall back on which gives the same data as the scanner.

          Col ]:)

    • #3336438

      Windoze Windoze Windoze

      by gregaaa1 ·

      In reply to This guy should be stoned… (with rocks)

      Well this is just about as stupid as Microsoft trying to chase the people who write these viruses.

      He should actually be suing MS because MS has yet to fix any of their sub-standard operating systems.

      Crap. I gave up waiting for them to fix Windoze NT4. I’ve been laughing at all you Windoze morons ever since.

      I chucked windoze out the door and have not had a virus issue since.

      I use a Mac to deal with the MS world. It’s a thousand times better than a Windoze box but when it comes down to it. It’s still just a toy.

      The solution is obvious.

    • #3336437

      How is he supposed to really know the risks!?

      by paul.osborne ·

      In reply to This guy should be stoned… (with rocks)

      Just by the fact that you are reading this thread means that you are of a computing/IT mindset if not profession. Many many people are not, and how are they to know what safeguards to implement to protect themselves? Who is there to tell them? Fine, you can argue that it was his responsibility to find out what he needed to do, but if he wasnt aware of a danger, he wouldnt find out about protecting himself from it! one of my favorite sayings: ‘you don’t know what you don’t know!’.
      All this guy is guilty of is listening to his bank when they pushed internet banking towards him so that they can save costs and lower staff levels; and is quite rightly trying to get his money back from the only avenue possible.
      Shouldnt banks be insured against this type of claim anyway?

      • #3336137
        Avatar photo

        So by your same reasoning he shouldn’t

        by hal 9000 ·

        In reply to How is he supposed to really know the risks!?

        Have a Lawyer or Tax Agent who works for him to read every contract and do his tax is that what you are getting at?

        Worse still this guy runs a business which advertises its products in Computer Mags so he would also have a copy of every issue in which he had an add. Just how much information do you have to give to someone before they begin to take the potential problems seriously?

        As they say you can lead a horse to water but you can’t make it drink! 😀

        Col ]:)

        • #3348263


          by david_heath ·

          In reply to So by your same reasoning he shouldn’t

          I’m not convinced this guy is the entire horse… just the rear-most 5% of it!!

        • #3348015
          Avatar photo

          Well granted I’m 3 parts mad already

          by hal 9000 ·

          In reply to horse??

          But one isolated attack in the entire world from a supposed nasty Trojan is just a bit on the small side for me to believe. 🙂

          I’d say personally we are seeing a whole truck load of what that end of the Horse produces. 😀

          But what is really getting to me is only his bank account details got at and nothing else. Each and every one of his contacts didn’t get hit and his complete customer and supplier base remains intact.

          As the Bard would be saying now “Something stinks in the State of Denmark.”

          Col ]:)

    • #3336432

      Never Ever Use the Internet for Banking

      by techrepub ·

      In reply to This guy should be stoned… (with rocks)

      People assume the internet is safe, and why should none techies assume otherwise ???

      My personal advice is NEVER EVER use the Internet for Banking ……

      Especially as there is no need to …..

      Many Banks provide Direct (Modem to Modem) Dial-up connections to allow you to connect directly to their account servers.

      They do this for a VERY GOOD REASON ….. your security.

      The best I know is National Westminster Bank’s (Now RBS) program called BANKLINE this dials directly to the bank (using heavily encrypted data messages). So there is No internet or any chance of anyone intercepting your information.

      It has been around for nearly 10 years (ie before the Internet really got going), it is totally reliable and SECURE. You get complete records of your account(s) and transactions and the connection time is typically less than One minute (little time even for an outsider to know there is any connection, never mind access it). And because all of the transactions are done invisibly to the user, no one can ever gain access to your account information (even if there was an active trojan/virus on your PC) and the data is stored in an encrypted file.

      As a another issue, why do people use Microsoft Software, even the Banks don’t, they are not that stupid. They use the long forgotten , but extremely reliable “OS2” originally written by IBM (and M$).

      (But then M$ went on to completely ruin it, calling it Windows, whilst OS2 remains as it was VERY GOOD)

      People must realise that the Internet can be a dangerous place and there are a lot of predators out there trying to make money by any way they can, some legally, many not so.

      The Banks should take some responsibility, for falling foul of the publics demands to use the Internet, when instead they should force people to use something like Bankline.

      But it is also the responsibility of the public to be aware of the high risk of using the internet for anything involving their Money or their Privacy.

      What people DO NOT realise is that there are also extremely powerful computers out there (the most notable being ECHELON run by the UK, US and Autralian governemnts) that has the primary use of intercepting ALL FORMS OF COMMUNICATIONS, DECODING and CODE BREAKING any encryption of the content, so that they can pass on the information to “people who need it”.

      BE WARNED.

      • #3336405

        Actually…there is a safer way

        by andrewf.payne ·

        In reply to Never Ever Use the Internet for Banking

        I have a second bank account with a debit card attached to it. I keep $20 in it. When I need to make a purchase, I go to my ATM, transfer the funds, then make my purchase. Not fool proof, but a little safer. No, I never, ever, ever do my banking online.

    • #3336427

      The guy is absolutely right or quilty of criminal neglicence

      by me_myself_&i ·

      In reply to This guy should be stoned… (with rocks)

      Maybe this is stupid, but I have two on-line banking account and the both have something like a key-fob. Which issues a 10 character number based on a challenge by the bank for any payment. And even for getting in!
      If the bank does not supply this and they go for just a password, they know it would be unsafe and are guilty. (It’s like selling tabacco and not saying it is unhealthy when everybody knows it is)
      If they do and the guy lost it, or whatever, he is certainly guilty of groos neglicence.
      But first of all, getting enough security is the bank’s responsibility, not the users.

      A safe system should not be compromised by a virus/trojan or whatever!!!
      So, sue them for all they have if they did not!

      • #3336127
        Avatar photo

        And then we will all be paying

        by hal 9000 ·

        In reply to The guy is absolutely right or quilty of criminal neglicence

        When every bank and financial institution increases its fees to cover the projected losses.

        If the banks security was not compromised they are not at fault and as far as keeping every access point secure would you trust your bank to secure your computer?

        For that matter would you give access to your personal computer to just anyone that asked for it?

        But this guy did even better than that he did absolutely nothing to protect his system and then cries foul when something goes wrong.

        He certainly has Legal Representation I’m betting he also has an Accountant to do his tax returns and minimize any tax that he pays or at the very least make sure that he doesn’t over pay any tax but for some reason he doesn’t need an IT person to at the very least tell what he needs on his computer to make it safe.

        You really can not be serious can you?

        Col ]:)

    • #3336425

      internet criminals

      by hugo-luyt ·

      In reply to This guy should be stoned… (with rocks)

      Don’t be stupid.
      A trojan horse is a way for a thief to steal your stuff. Don’t blame people for the activities of the criminals among us. What if that guy was a 70 year old pensioner using the internet because the bank is to far from the toilet.
      Thieves are thieves and they belong in prison. I hope that hacker goes to prison with some huge nazi black guy as cellmate.

    • #3336421

      this bank is 20 years behind… and should pay

      by vesa ·

      In reply to This guy should be stoned… (with rocks)

      Uhmm.. there ARE banks that use encrypted connections, one time passwords, smart cards… and don’t have these problems. It should still be possible to hijack an authenticated browser, especiall IE, but it doesn’t seem to happen.

    • #3336420

      What a strange way to do things

      by gazoo ·

      In reply to This guy should be stoned… (with rocks)

      I have been reading this thread for some time and the odd thing to me is that a bank and customer would use a technology which could be breached by a trojan on the users computer. If I want to transfer any money I have to use an independent device to generate a code in answer to a code sent me by the bank. First to log in with, and then for any transaction. If I just log in with id and password I can see my bank statement, with some numbers x’d out, and that’s it.
      Is id and password the normal way of accessing banking services in the US?

    • #3336419

      Don’t be so hard on the guy