Don't bank on password security

August 18, 2000 Sophos Press Release

Sophos, a world leader in IT security, has today warned users against storing internet banking passwords and PIN numbers on their computers, following a security threat which targeted online customers of UBS, one of the world's largest banks.

VBS/LoveLet-BD, the 56th variant of the Love Bug to strike, attempts to steal UBS customer account details and forward them to other email addresses, posing a serious threat to the integrity of UBS customer accounts.

"Saving your personal banking details on your computer is as daft as keeping your credit card PIN number on a slip of paper in your wallet," said Graham Cluley, senior technology consultant for Sophos. "This virus has highlighted a vulnerability in online banking. Users should remember passwords in their heads rather than on their computers to minimise risk."

Sophos advises that all customers should ensure that their anti-virus software is up-to-date. Customers should also consider blocking any VBS files from entering their organisation.

Sophos has published safe computing tips here.