Trojan Horse empties bank accounts

In September, it was reported that a banking Trojan horse, dubbed URLZone, had thwarted fraud detection systems, to enable software to actually steal money while users are logged in to their accounts and display a fake balance. Victims’ computers were infected either by clicking on a malicious link in an email or visiting a website that has been compromised with hidden malware. The Trojan also kept a log of the victim's bank account login credentials, took screenshots, and snooped on the user's other Web accounts, such as PayPal, Facebook, and Gmail.

FBI forgery

The wife of FBI Director Robert Mueller banned him from online banking after he nearly fell for a phishing scam. Mueller received a seemingly legitimate email from what he thought was his bank, which prompted him to verify some information. He even went as far as filling out some of his personal information before realizing it might not be a great idea.

Hotmail phishing

Most recently, more than 10,000 Hotmail accounts were compromised in October and passwords were posted on several websites where developers typically share programming code. News site Neowin reported it had seen part of the list, which has since been removed, and notified Microsoft of the issue. In this phishing scam, hackers sent out legitimate-looking emails under the letterhead of banks, eBay and other institutions, telling consumers they needed to reset online passwords to their Web sites for security purposes.

Start-up suicide

Back in September, social media advertising and applications start-up RockYou, sent out a mass email to their customers and associates announcing their new site redesign, but instead of using BCC:, they displayed the entire mailing list of over 200 email addresses in the CC: field. Not surprisingly, many of those addresses ended up on a spammer’s list.

Judge orders gmail account deactivated

In August, Wyoming-based Rocky Mountain Bank mistakenly sent names, addresses, social security numbers and loan information of more than 1,300 customers to a Gmail address. When the bank realized the problem, it sent a message to that same address asking the recipient to contact the bank and destroy the file without opening it.

Payroll panic

Payroll processor PayChoice was the victim of a website breach in which customers received targeted emails purporting to be from the company, but were designed to trick people into downloading malware. Workers received emails that directed them to download a browser plug-in or visit a website to continue accessing the onlineemployer.com PayChoice portal.

Tax terror

Britain’s tax authority, HM Revenue & Customs, issued a warning about a rash of scam emails that used convincing (but fake) government email address in an attempt to lure recipients into divulging their personal information to receive a tax refund.

UCSD fake-out