Forums
Finance

Checkfree.com hacked: users financial info could be at risk Archived From: Finance

  • Text Only
  • Classic
  • Page :
  • 1
   posted: Dec. 9, 2008 @ 10:15a

Read about this other day and searched but found nothing here about it. Seems from the email I just got from First Arkansas I have been Identified as a victim

Dear First Arkansas Bank & Trust Online Banking Customers:
First Arkansas Bank & Trust has contracted with a company named CheckFree to provide our online bill pay services. We have been pleased with the service that CheckFree provides for the past five years we have worked with the company. CheckFree is one of the largest online bill pay companies in the nation. Unfortunately, that makes the company a target.
First Arkansas Bank & Trust’s online bill pay vendor, CheckFree, has informed us that in the early morning hours of Tuesday, December 2, 2008, hackers changed some of the company’s domain names (website addresses) to redirect customers to another, non-CheckFree website. This non-CheckFree site tried to install malicious software on customers’ computers.
CheckFree took action and was able to shut down the false website at 9:10 am CST. CheckFree has informed us that in all likelihood, no customer information was taken. This problem would only affect those customers who accessed their bill pay records December 2, 2008 between 12:00 am and 9:10 am.
You have been identified as one of our few customers that may have entered into the incorrect bill pay site on December 2. Please update your virus application definitions and perform a virus scan on your computer. With up to date virus protection your computer should be safe from this incident. We would strongly advise you to sign on to the Online Banking site and change your password and security question.


Checkfree.com hacked: users financial info could be at risk
Tom Barlow
Dec 5th 2008 at 9:15AM

Filed under: Ripoffs and Scams

According to The Register as reported in the Washington Post, one of the biggest bill-paying sites on the Internet, CheckFree.com, has been hacked, potentially opening up its customers to malware. On Tuesday, December 2nd, customers logging in to pay their bills were apparently redirected to a Ukrainian server which attempted to infect their computer.

A CheckFree spokesperson acknowledged the attack and claimed that the company wrested control back from the hackers by dinnertime the same day. (Update: The CheckFree spokesperson tells me that the problem began in the very early morning of Dec. 2, and by 10:10 a.m. the company had successfully plugged the leak). While CheckFree has not yet finished analyzing the uploaded malware, the spokesperson told the Post that the severity of the infection would be related to the anti-virus software running on the customer's computer and the browser used to access the account.

A researcher for Trend Micro told the Post that the virus was a Trojan horse program designed to obtain the customer's user names and password.

According to CheckFree, almost a third of all Americans now pay bills online. CheckFree accepts payments for hundreds of companies, includes AT&T, Bank of America, Chevron, DIRECTV, and Time Warner. I don't see any Ukrainian companies on the list, though. Yet.

I'm awaiting a return call from Checkfree to learn what actions customers concerned about the security of their data might take, and will update this post as soon as I have this information. The company's published guarantee states that, when notified within two business days of a unauthorized transaction, your liability will be limited to $50. If you pay through CheckFree.com, I'd suggest checking your linked accounts regularly through the day until this situation is resolved.

Addendum: A spokesperson at Fiserv, the parent company of CheckFree, contacted me with details of the company's response to this intrusion. She assured me that the hole in CheckFree's system had been patched promptly, that the company is already notifying affected users, and that those affected will receive free copies of McAfree antivirus software as well as free McAfree scans of their computer and the Deluxe ID Theft Block credit monitoring service. She also clarified the risk; users whose anti-virus program was out of date or who had no anti-virus protection could have been "subject to a malicious software download."

Now I need to find out how to get that free Deluxe ID theft block credit monitoring service


   posted: Dec. 9, 2008 @ 10:16a

Quick Summary is created and edited by users like you... Add FAQ's, Links and other Relevant Information by clicking the edit button in the lower right hand corner of this message.


   posted: Dec. 9, 2008 @ 10:53a

I wonder how they would know if you tried to access the site during the period, since... you couldn't access their site.


   posted: Dec. 9, 2008 @ 12:10p

the key word is 'tried' every failed login is also tracked on some sites.

 

smackfu said:I wonder how they would know if you tried to access the site during the period, since... you couldn't access their site.


   posted: Dec. 9, 2008 @ 12:37p

Called Checkfree and they gave me codes to get free McAfee and this:
Deluxe ID TheftBlock®:
Monitors your credit records.
Screens check orders for name or address changes.
Alerts you to activity on your accounts.
Assists victims of identity theft.
Reimburses certain expenses related to identity theft.
Guards your accounts and protects your good name.


   posted: Dec. 9, 2008 @ 12:39p

scott1961 said:...and protects your good name. Well, at least the rest of it will be useful!


   posted: Dec. 9, 2008 @ 1:10p

Is there any more info on what the hackers tried to exploit to install the trojan? My guess is they tried some known IE bug, so if you weren't using IE you should be in the clear. Also if you have a firewall, it should alert you when the trojan attempts to make an outgoing connection.


   posted: Dec. 9, 2008 @ 1:28p

I'm pretty sure I'm safe , I use Norton 360 Subscription and always keep it updated and run full scans every day.


   posted: Dec. 9, 2008 @ 4:27p

That's a bit much. I use Firefox and ZoneAlarm and my antivirus is not even resident (I only scan downloaded executables).


   posted: Dec. 9, 2008 @ 6:16p

smackfu said:I wonder how they would know if you tried to access the site during the period, since... you couldn't access their site.I got a similar message for a different bank (Century Bank Direct). I actually remember there was a time that I was unable to access the online bill pay system. The site as a whole was not down but the CheckFree-hosted portion was not responding properly. However, I have nothing to worry about as I was using a Mac and the malware is Windows-based. The full text of the letter I received is as follows:

At Century Bank Direct, we take great care to keep your personal information secure. As part of these ongoing efforts, we
are notifying you that the computer you use for online bill payment may be infected with malicious software that puts the
security of your computer’s contents at risk.

Because of an issue with our bill pay service provider, CheckFree, some end users who were trying to access online bill
payment may have been were redirected to an unauthorized site not controlled by CheckFree.

This letter will help you determine if your computer is actually infected and advise you how to fix the problem and protect
yourself against future risk.

Impact

The malicious software affects some but not all customers who accessed online bill payment on Tuesday, December 2,
2008. For a limited period of time, some customers were redirected from the authentic bill payment service to another site
that may have installed malicious software. Your computer may be infected if all of the following are true:

• You attempted to access online bill payment between 12:40 a.m. and 10:10 a.m. Eastern Time (GMT -5) on
Tuesday, December 2, 2008, and
• You were using a computer with the Windows operating system, and
• You reached a blank screen rather than the usual bill payment screen when you attempted to navigate to online
bill payment, and
• After reaching the blank screen, your computer’s virus protection program did not tell you via pop-up or other
messaging that malicious software was detected and quarantined.

What you should do if you believe your system was infected, or if you are not sure:

If all four of the conditions above are true, or if you are not sure, your computer may be infected and you should take the
following actions:

Complimentary Virus Protection:

• From the computer that was used to access online bill payment Tuesday, please go
to http://us.mcafee.com/root/campaign.asp?cid=53348 and follow onscreen instructions to install McAfee®
VirusScan® Plus software. We have also included the Installation instructions. The Promo Code is
VSPPROMOCF.
• This is an anti-virus package created by McAfee, the world's largest dedicated security technology company, that
addresses this malware infection
• You will need to enter validation code VSPPROMOCF at the website to access this service. This code is
valid through December 31, 2008.
• After you install the software, launch the McAfee® VirusScan® Plus application and run a full system
scan.
• Reboot your computer after running the system scan.

Change Your Passwords

• After you have removed any malicious software from your computer, please go to our online banking site
(www.centurybankdirect.com) or contact (1-877-444-2259) to reset your online banking ID/password. We strongly
recommend that you change all of the passwords you use through this computer.

Complimentary Credit Monitoring:

• As a further precaution, you may also wish to accept our offer of a two-year subscription to Deluxe ID Theft Block
Plus credit monitoring service so that you may monitor your credit report for unauthorized new accounts or
changes to existing accounts. You may activate this service at https://www.deluxe-idtheftblock.com/secure by
entering validation code XXXXXXXXX. This code is valid through December 31, 2008.


Century Bank Direct values your business and your trust, and we and our partner CheckFree apologize for any
inconvenience this recent incident has caused.

Please feel free to contact us at 1-877-444-2259 with any additional questions.


   posted: Dec. 9, 2008 @ 6:33p

smackfu said:I wonder how they would know if you tried to access the site during the period, since... you couldn't access their site.

Well, first of all, access to the online bill-pay is done through your banks website.

You click a link on the bank's website, and the link is programmed to authenticate you to your check-free account and to provide you direct access to check-free in a frame or some other mechanism.

There are possible ways that an attempt to access bill pay ( successful or not) might be recorded:

(1) the bank records your access, because they log every page access,

(2) hackers managed to re-direct only a limited number of the check-free servers. However, access from banks website to checkfree actually touches (requests pages from) multiple check-free servers.

etc.

But if they hi-hacked a DNS name that you directly type in the browser, then you are right - the legitimate owner of the website would have no idea of knowing that you tried to access.


   posted: Dec. 9, 2008 @ 6:43p

smackfu said:I wonder how they would know if you tried to access the site during the period, since... you couldn't access their site.They dont. If you logged in to view your bank records, but didnt attempt to enter/view the BillPay module, you are unaffected. But they dont know who did beyond knowing who accessed the main site during that timeframe, since any attempt to access BillPay got diverted to a bogus site. Thus the email identifying all customers who logged into their bank account during those 9 hours as potential victims.


   posted: Dec. 9, 2008 @ 6:48p

scott1961 said:I'm pretty sure I'm safe , I use Norton 360 Subscription and always keep it updated and run full scans every day.With all the porn on your computer, do the scans ever finish in a day?


   posted: Dec. 9, 2008 @ 7:08p

Here’s an email I received from CheckFree. I think it was sent to me because I subscribe to my electric company’s e*bill service.


CHECKFREE
December 7, 2008

Dear xxx,

We take great care to keep your personal information secure. As part of these ongoing efforts, we are notifying you that the computer you use for online bill payment may be infected with malicious software that puts the security of your computer's contents at risk. This letter will help you determine if your computer is actually infected and advise you how to fix the problem and protect yourself against future risk.

The malicious software affects some but not all customers who accessed online bill payment on Tuesday, December 2, 2008. For a limited period of time, some customers were redirected from the authentic bill payment service to another site that may have installed malicious software. Your computer may be infected if all of the following are true:

• You attempted to access online bill payment between 12:30 a.m. and 10:10 a.m. Eastern time (GMT -5) on Tuesday, December 2, 2008, and
• You were using a computer with the Windows operating system, and
• You reached a blank screen rather than the usual bill payment screen when you attempted to navigate to online bill payment, and
• After reaching the blank screen, your computer's virus protection program did not tell you via pop-up or other messaging that malicious software was detected and quarantined.

If all four of the conditions above are true, your computer may be infected. We have arranged with McAfee, the world's largest dedicated security technology company, to provide you with an assessment of your computer's hard drive and remove any malicious software. Please contact us at 877-800-4864 for further instructions or 800-564-9184, Option 1 for further instructions. We will also offer you both advice and free services that can help you mitigate any risk you may face as a result of this incident or other everyday exposures you may encounter.

We value your business and your trust, and we apologize for any inconvenience this recent incident has caused.

Thank you,

Art D'Angelo
Vice President, CheckFree Customer Operations


   posted: Dec. 9, 2008 @ 7:24p

tolamapS said:
Well, first of all, access to the online bill-pay is done through your banks website.
Oh, I see. I've only used Checkfree to pay bills directly. They pull from my bank but it's not a service provided from them.


   posted: Dec. 10, 2008 @ 6:15a

To get the free codes for McAfee and Deluxe ID monitoring the Checkfree number for that is 877-800-4864


   posted: Dec. 10, 2008 @ 11:54p

Somebody has posted a "validation code" for Deluxe ID TheftBlock credit monitoring in the Hot Deals forum


   posted: Dec. 22, 2008 @ 10:33a

Glitch99 said:smackfu said:I wonder how they would know if you tried to access the site during the period, since... you couldn't access their site.They dont. If you logged in to view your bank records, but didnt attempt to enter/view the BillPay module, you are unaffected. But they dont know who did beyond knowing who accessed the main site during that timeframe, since any attempt to access BillPay got diverted to a bogus site. Thus the email identifying all customers who logged into their bank account during those 9 hours as potential victims.

Wrong, they know if you tried to access the billpay site. Even the attempt is logged.


   posted: Dec. 22, 2008 @ 10:40a

scott1961 said:Called Checkfree and they gave me codes to get free McAfee and this:
Deluxe ID TheftBlock®:

Does anybody know how long the free TheftBlock subscription is good for?


   posted: Dec. 23, 2008 @ 12:25p

aleck said:scott1961 said:Called Checkfree and they gave me codes to get free McAfee and this:
Deluxe ID TheftBlock®:

Does anybody know how long the free TheftBlock subscription is good for?2 years


 Close

Sign Me In
Nickname: 
Password: 
Remember My Login Information:

Forget your login information?

Not Already A Member?
Sign Up Now!


Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.


While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2010