Shanghai Daily reports:

CHINA’S Ministry of Public Security has released a circular advising investors who trade or bank on-line to monitor their accounts for fraud.

The circular said that although on-line bank accounts were convenient, they were subject to security flaws.

What are the security flaws? Trojans designed to steal account information. While there’s no description of the trojan, the example provided in the article notes that an online trading account with an “agricultural bank” was targeted. The victim lost RMB110,000.

As serious as this is, the public security ministry gives some bad advice:

Given the strong public interest in investment funds, the Ministry of Public Security warned those who conduct their financial affairs on-line to be alert for on-line viruses, apply for hardware digital certificates rather than software versions, check balances frequently and keep their personal information confidential.

A much better approach would be: installed and updated internet security software, a browser with all the latest security updates, browser scripting disabled for untrusted (unknown) web sites, and a healthy skepticism towards emails and messages with links in them.

I think it’s great that the PSB is raising people’s awareness of this problem - it’s huge in China. But while hardware-based digital certificates can be a great add-on to an authentication solution, they’re hardly a magic bullet. People can get a false sense of security from a totemic gadget - that’s worse than having no security at all.

ShareThis