Unfortunately there are a lot, and growing number, of self-infected PCs on the net. As the banks point out, this is not a breach of the bank's security. Nor is it a breach of the ISP's security. The user infects his PC with a trojan and then the criminal uses the PC to transfer money from the user's account, with the user's own password. http://www.iol.co.za/index.php?click_id=13&art_id=qw1059039360281B215&set_id=1 "The fact that hackers got access to bank customer's accounts was not due to inadequate security at the bank, but due to "user negligence", an e-commerce company said on Thursday. [...] "Consumers should be vigilant when opening emails. If they receive strange emails, or emails from people or companies they do not know, it is better not to open the mail - especially attachments. These intrusions were clearly not a result of any vulnerability in Absa's Internet security."