About Ken Tumin

Ken Tumin founded the Bank Deals Blog in 2005 and has been passionately covering the best deposit deals ever since. He is frequently referenced by The New York Times, The Wall Street Journal, and other publications as a top expert, but he is first and foremost a fellow deal seeker and member of the wonderful community of savers that frequents DepositAccounts.

Popular Posts

Ally is Latest Bank to Be Hit by Mideast Cyberattack


Reuters reported that Ally may be the latest bank targeted by Mideast cyberattacks. According to the Reuters article, Ally has "confirmed it was monitoring unusual activity on its web site." It appears Ally has been able to handle the attack. The Ally spokeswoman told Reuters that "There has been no customer impact related to unusual activity, and there is no indication of security concerns pertaining to customer information." I've been able to access Ally Bank's website without problems in the last couple of days.

Earlier this week, Capital One and BB&T confirmed being hit by these attacks. Today, a reader posted in the forum that he has been unable to login into his Discover account. I have not yet seen any news reports about Discover Bank being attacked.

Reports of cyberattacks against major U.S. banks began in September. As I described in September, these attacks are what are called distributed denial-of-service (DDoS) attacks in which hackers can overload websites and make them inaccessible by others. There have been no reports that customer accounts have been compromised.

The latest reports from U.S. officials have indicated that the hackers have been supported by the Iranian government. Iran may be retaliating against sanctions that have hit its economy.

There are concerns that the banks are not adequately communicating the problems they have been experiencing. This WSJ article reviews the issue and describes cases in which Wells Fargo and Bank of America customer support were clueless about the recent disruptions.

The WSJ article also warns that these DDoS attacks may portend more serious threats:

Such attacks may appear like victimless crimes, but they sometimes augur more serious breaches because they occupy engineers' attention and give attackers insight into how companies' systems work.

One reader commented in my last post about how denial of service attacks have sometimes been combined with a redirection attack. In this case, online banking customers could be redirected to a hacker's site that looks like the login page of their bank. This kind of attack is called pharming. The popular website Consumerist was recently offline for almost a week after hackers were able to redirect Consumerist pages to spam websites.

I have not heard recent reports of any pharming attacks on the banks, but it's a good idea to be aware of this threat. That's one reason why banks in the last few years have added additional steps to their login process in which they will display a predefined phrase or image known by the customer before the customer is asked to enter his/her password. Bank of America calls this SiteKey. It's a good idea to be on the lookout for anything suspicious while you're logging into your online bank accounts.

Related Pages: Ally Bank
  |     |   Comment #1
Pretty soon it will be back to the old days of bricks and mortar banks, cash and checks only.
  |     |   Comment #2
With smartphones and other access points you will less cash and checks.  Luddites won't be able to survive
  |     |   Comment #3
Just call me "Luddy".  I don't like using any form of cash over the internet especially my credit card.  I want my paper checks!
  |     |   Comment #4
#3  I find it very strange you don't do on-line bill payments, ACH transfers, or manage any brokerage account's using the internet.  How do you get away with it?
  |     |   Comment #5
#4 Nothing to get away with.  It's just my personal choice.  I have automatic payment of my bills from my checking account and I use personal checks for other payments.  I also use wire transfers for other financial needs.  It may cost a few dollars but that is my choice.  I get direct deposits of interest to our checking account from as many banks and credit unions as I can since certain ones are not set up for this and must still use Uncle Sam and paper checks. I need my paper checks to pay all other bills and it keeps me from having to charge everything to credit card.  I do not us ATM cards either.  I guess old habits are hard to change no matter how electronic our society becomes.  At least for me.  I feel more secure with having a paper trail for my finances as much as possible.  Computers can and do go down so I like to have paper copies of everything when needed.
  |     |   Comment #6
As a 66 year old I have to ask this "Just who are Luddites?"

I hate Fort Knox CU
  |     |   Comment #7
The Luddites were 19th-century English textile workers who violently protested against the machinery introduced during the Industrial Revolution.
  |     |   Comment #12
#7 Thanks for the response.  I wasn't a good student and it shows.  I thought Luddites was a new term or acronym.  Now I know I'm not one.  I only have checking locally and I intend to keep that.  I prefer a small local bank where I'm known for checking.  I just hope they aren't forced to extinction.

That said, the attacks are cause for concern.
  |     |   Comment #8
No problem logging in to my Ally accounts. D
  |     |   Comment #9
The Luddites had the wisdom to realize what was going to happen to all the jobs in the future when machinery could take over for the workers and they would be out of jobs!  I am lucky if there is one teller at a window in my bank.  All of the others are not needed because so many people (except me, of course) are doing their banking over the internet or using ATMs.  I love my computer but it sure has cost a lot of people their jobs!   We need more Luddites today!
  |     |   Comment #10
The "Luddites" are still waiting for the buggy whip factories to open back up. Unfortunately something called the horseless carriage was invented in the meantime.
  |     |   Comment #11
Where can I get a horseless carriage?  Does the horse come separately?
  |     |   Comment #13
My ALLY accounts just updated just fine and have been pretty much daily as I check on mint.com.

Fidelity wasnt updating for 2 full days but did just now.
  |     |   Comment #14
Paoli:  You have contradicted yourself that you don't do "any form of cash over the internet".  How do you think the automatic payments, etc are being done? 
  |     |   Comment #15
#14  I don't consider that the "internet" has anything to do with my automatic payments.  The company that needs to be paid withdraws the amount directly from my checking account on a specific date.  What has this to do with the internet.  Even if I didn't have a computer they could still do this.  Now if "they" have a way of using the internet to access my checking account that is another issue and you just might be right.  How can I be accused of contradicting myself when I have no idea how their process works or what they use to withdraw the funds?  Just as long as the funds are in my checking account and they do it on the correct date, is all I have to be concerned about.
  |     |   Comment #16
#14  BTW, my statement would be still correct if "they" are using the internet for automatic payments.  I said "I don't do any form of cash over the internet" and that is still correct.  I am not personally involved in the process. 
  |     |   Comment #17
Paoli: Are you ever wrong?  You try to justify everything when you don't know what your talking about.
  |     |   Comment #18
#17:  I was not justifying anything.  I was explaining what was going on and how I understood it to be.  I made it clear that I do not know how the system works and they could be using the internet but I personally am not involved in the process.

BTW, it must be nice to hide behind an Anonymous number so you can be rude to me.  I think you are purposely looking to misunderstand my posts just to make your negative remarks to me.  Why don't you do us both a favor, and just ignore my posts since you think I don't know what I am talking about anyway.
  |     |   Comment #20
#17:  I never mine being corrected especially when it comes to the internet.  I have a lot to learn.  It's the way you went about it that did not sit well with me.  Of course Paoli is not my real name but I think it would be nice if we could be able to recognize each other by names instead of numbers.  Just my personal  preference.
  |     |   Comment #19
Paoli:  Just because you don't understand "the system" doesn't mean you don't participate in electronic banking.  You're at risk of cyberattack just like the rest of us.  My comments are not intended to attack you, but to make you aware that your lack of understanding may come to haunt you in the future.

Aren't you hiding behind a Anonymous name?  I really don't believe "Anonymous/Paoli" is your real name.
  |     |   Comment #21
You have  exposure to paper records that can be lost, stolen or destroyed by a disaster (ex Fire).  If you use charge cards people can make copies of your strip or the paper reciepts you sign can be stolen.  Even bank records can be stolen by employess.  A bank recently lost tapes with customer info on them (I think TD Bank) and the info was not encrypted.
  |     |   Comment #22
Posters #19 and #21:  Thank you so much for being so concerned about my welfare but I have lived long enough to know how dangerous the electronic world can be.  I take every precaution to make sure I protect my personal finances.  However, no matter how cautious one may be, there are people who spend their lives trying to steal what doesn't belong to them.  We can become a nutcase being paranoid about everytime we use our credit cards or give the number over the phone to buy flowers for a funeral!  I avoid doing everything I can to becoming one of the victims but other than that, we are ALL susceptible to what the electronic age has brought upon us.  Protect yourselves and take your own advice.  Thank you and goodnight.
  |     |   Comment #23
Once again, Paoli, aka Apache, etc., is embroiled in a dispute with several posters. Same 'ol, same 'ol and , of course, nothing new.  A very easy person to bait and it looks like there are alyways plenty of baiters. lol
  |     |   Comment #27
There goes Paoli again.  She always needs to get the last word. 
  |     |   Comment #28
#27  Thanks for giving me the opportunity!  Too bad you don't have anything more useful to post.
  |     |   Comment #29
Paoli just confirmed what I stated.  She always needs to get the last word.  No wonder women have this reputation.

  |     |   Comment #32

I think #'s 30 & 31 should be deleted ASAP.[/H3][/H3]

  |     |   Comment #33
#32  I agree with you but what is ( /H3) ( /H3)?  Thanks.
  |     |   Comment #36
#33  I don't know how ( /H3) ( /H3) got there.  I hit something by accident and it appeared.  I thought it deleted and was surprised to see it posted.
  |     |   Comment #37
#36  I looked it up out of curiosity and it seems to be some type of html for helping with posting.  Thanks for the reply.
  |     |   Comment #34
Paoli:  You're hiding under the Anonymous # 33.  Reviewing the comments above, I see where you objected to someone else doing the same thing.
  |     |   Comment #38
Why did the color of the posts turn red all of a sudden?  Did the /H3 have something to do with it?  I don't know HTML commands.
  |     |   Comment #39
#38 It is a mystery to me.  I was in a hurry when I typed that post. I don't know what I hit to type in red or to have ( /H3) appear.
  |     |   Comment #40
I am now unable to reach Ally Bank by phone or online.

The financial institution, product, and APY (Annual Percentage Yield) data displayed on this website is gathered from various sources and may not reflect all of the offers available in your region. Although we strive to provide the most accurate data possible, we cannot guarantee its accuracy. The content displayed is for general information purposes only; always verify account details and availability with the financial institution before opening an account. Contact [email protected] to report inaccurate info or to request offers be included in this website. We are not affiliated with the financial institutions included in this website.