It’s 10 p.m. You just got home after a hard long day of work. You sit down on the sofa to catch your breath. Suddenly, you see your phone bill on the table. The same bill that’s been lying there for days, waiting to be paid, will become overdue in two hours! And you certainly don’t want that. Well, good thing there’s online banking. With just a few clicks you log into your bank account and make the transaction. Simple. Fast. Safe. Now you can have a good night’s sleep… Or can you? – Did you know that cyber-crooks are after your banking credentials?
An increasing number of people have started to use the online banking service for convenience and peace of mind. And cyber-crooks are aware of that. That’s why they’re constantly investing their efforts into new scams to get your financial data. This includes compromising your internet security and outwitting banks’ security systems.
How can cyber-criminals compromise you while banking online?
Banks and financial institutions have put much effort into internet security measures to protect you from fraud while banking online. You’re probably familiar with the “two-factor authentication security method” – the bank provides you with a security token, which generates a pseudo-random number for you to use at login, along with other credentials. What if fraudsters managed to over-rule this security measure during your attempt to log into your online bank account? A test conducted by BBC’s Click programme in early February 2012 showed that they can.
To protect yourself from cyber-criminals’ malicious wit, you have to first know what techniques they use to breach your internet security and get to your money.
Man-in-the-browser attacks. With the use of financial malware (usually the notorious Zeus Trojan) cyber-criminals can bypass your bank’s two-factor authentication process and manipulate your browser to show a malicious webpage when you try to log into your bank account. The malicious page looks exactly like the one usually displayed by your bank’s website, the only difference is that it asks you for private details that your bank normally wouldn’t, and that enable hackers to take over your account. They can change the amount, destination bank and account, and afterwards, they can alter your account balance to make everything in your bank statement look normal. As you can imagine, a man-in-the-browser attack can throw you into a deep dark internet security loophole.
- Phishing schemes. Fraudsters start sending e-mails in an attempt to capture your banking credentials and other security details. A phishing e-mail usually looks as though it comes from your bank and asks you to check your current account details by clicking on a link. However, this link leads you to a malicious website similar to the one of your bank. Once you enter your details, fraudsters can get hold of them. At this point, your internet security and bank account are compromised.
- Money mules. Cyber-crooks can use intermediaries to transfer stolen money overseas. And the intermediary can be… you, the “money mule”. They can contact you via e-mail, pose as a trustworthy entity and persuade you to accept money into your bank account for a legitimate reason, apparently. Then, they ask you to transfer money to other accounts in return for a fee. As a money mule, you can be accused of the stealing the money, even though you had no idea the transactions were illegal. In this type of scam, not only your internet security is put at risk, but your physical freedom also.
- Hardware and Software keyloggers. Cybercrooks can use small devices they attach to your computer, or pieces of malware they spread over the web and via e-mail attachments, to covertly record your keystrokes. While you have no idea of their existence, fraudsters can find out your PIN, passwords and other internet security information and use them to their advantage.
All of these scams can turn a simple online banking session into an internet security threat. The safety of your financial data and identity are at stake here. So what should you do?
Tips to protect your bank account and yourself from cybercrime
- Keep all the applications on your PC up-dated. A Vulnerability Scanner like the one included in BullGuard’s internet security software spots out-dated software and points you to the latest updates and patches.
- Keep your browser to the highest level of internet security notification.
- Look at the website’s URL when you do online transactions – it has to start with “https” and not “http”.
- If you receive an e-mail from your bank, read it carefully. Remember, your bank will never ask you for your credentials via e-mail. So, if you receive an e-mail that looks suspicious, delete it and contact your bank by phone. It’s always best to have a Spamfilter on your PC to sort out all the malicious e-mails.
- Don’t bank online in public places. If you do, don’t leave your computer unattended while in the middle of an online banking session. Also, make sure the Wi-Fi network is secure. A powerful Firewall to have as part of your internet security, is always recommended in such cases.
- Check your bank account on a regular basis. If you spot suspicious transactions, contact your bank immediately by phone.
- Get proactive antivirus and antimalware protection against malware that can settle in your browser or hide in e-mail attachments. Thanks to the Behavioural Detection technology, the antivirus engine included in BullGuard Internet Security 12 spots malware of all types, old or new, by how it acts in your PC. It can reinforce your internet security by detecting even man-in-the-browser attacks, arguably the most dangerous threat to online banking.