Subscribe
  • Home
  • /
  • Malware
  • /
  • Banking malware: how safe are we in online banking?

Banking malware: how safe are we in online banking?


Johannesburg, 29 Aug 2016

What is online banking fraud?

Online fraud is the act of committing financial fraud which has a digital footprint. Some of the key types of fraud are business opportunity fraud, charity donation fraud, domain name scams, identity fraud and mass marketing fraud. Scammers most frequently use malware, trojans, phishing and vishing to carry out such attacks. These acts by cyber criminals tend to siphon off financial, personal or intellectual property data of any individual or organisation. Ransomware based malwares are created with the sole intention of extorting money from their victims.

If you are targeted with hoax e-mails, which appear to be genuine bank e-mails, then you need to be alert enough to react appropriately to such e-mails. These e-mails ask you for your confidential details, therefore, you need to ensure that you're logging into the authentic banking site. Banks never send any e-mails to their customers asking for confidential information. Therefore always stay alert! Sometimes, the purpose of these Web sites is to obtain your credentials to access your financial accounts. Alternatively, these Web sites may ask you to install software from a link given in the page. By downloading the software you are in fact tricked into downloading a virus.

Malware is all sorts of malicious and harmful software. Unrequested and undetected, it succeeds in installing itself on your computer. Malware influences normal computer processes and steals information. Fraudsters use malware to get money out of your account as well as to commit identity theft.

A computer can be infected by malware which sends information to your bank that is different from that which you intended - for example the recipient of a payment. Malware could also introduce additional data fields in an otherwise genuine site, by injecting additional code into your browsing session within your browser.

How does malware spread?

While visiting a Web site, you may get a pop-up which states that it has found a virus on your computer; and exhorts to install a free trial of a virus scanner or run an online scan of your computer.

You get an e-mail that appears to be from your bank with the request to install the attached update to plug into a hole in their Internet banking security. This can also happen when you find a video on the Internet. In order to play it, you have to install a special plug-in which in itself is malicious.

Naturally not every download contains malware, but it is definitely the case that malware is often downloaded along with unknown files from the Internet.

Ransomware is a form of malware that gives criminals the ability to encrypt the files on a computer - then display a window informing the owner that it will not be decrypted until a sum of money is paid. The best-known variety of ransomware in recent times is called CryptoLocker.

* CryptoLocker is one of the nastiest pieces of malware ever created. It's not just because it takes money from you but also due to the sheer fact that your important files are encrypted rendering them useless. It is also to be noted that once it manages to encrypt your data, there is no way for you to decrypt those files except the one provided by Cryptolocker itself i.e. pay up the ransom and get the decryption key.

Phishing

Perpetrators of online fraud using the phishing technique try to get hold of your personal data and or your credit/debit card by sending e-mails, SMS messages or calling you on the telephone. This data will allow them to withdraw money from your account but also to perpetrate identity fraud. Phishing does not only affect Internet banking but it can also pose a threat to any payment system via digital wallet.

This can happen if you receive an e-mail out of the blue. The message appears to be from your bank or the company issuing your credit card. You have to click a link to a Web site that looks extremely similar to your bank's own Web site. On this site, you read that you must enter, complete or check your personal data concerning your accounts, credit cards and codes. This will be for "security reasons", "file checks", "data loss", etc. Sometimes you will also be requested to mail your data directly to a specific person.

Although phishing is mainly done via e-mail, fraudsters can also call you on the telephone. They pretend to be a bank employee telling you that there are problems with your bank account or your credit card and your financial security is on stake.

* Vishing, similarly to a phishing scam, the fraudster will masquerade as a well-known and trusted business in an attempt to gain information. However, rather than this being carried out via e-mail, the scammer will telephone their victim. Victims could also be tricked by phishing e-mails or vishing phone calls into disclosing their password and other confidential details. Identity theft caused by viruses or spyware, give criminals access to your bank account and other personal information stored on your computer.

* Smishing scams are similar to phishing scams. You get an SMS message from a bank or service provider asking you to do something. However, the smishing is really a message from a scammer. while most people are familiar with e-mail phishing scams, they're less sceptical when receiving smishing messages and victims get trapped easily.

Preventative measures

* Make sure your smartphone or tablet is always protected with a PIN which is difficult to guess. Do not reveal your PIN to anybody, nor write it or store it where it can be found. It is a good practice to regularly refresh passwords and PIN codes, ensuring that you are using a unique combination of letters, numbers and punctuation for your various log in details.
* Make sure your PC is sufficiently secured, for instance by installing software updates, a reliable and reputable antivirus and a secured WiFi connection.
* Use the option for a text message to be sent every time a transaction occurs on your account. This will notify you of fraudulent transactions as soon as they happen.
* If someone calls you up on behalf of your bank and asks you to provide personal data and/or to sign electronically, refrain from taking any action at all, for your bank will never ask you to provide this kind of information.
* Only use your electronic signature for orders you expect or have initiated yourself.
* In case of doubt, immediately abort the transaction and make contact with your bank's help desk, especially when the procedure for signing differs from the usual procedure.
* Check your statements of account at regular intervals.
* Keep the banking and other apps on your device regularly updated.
* In order to avoid such incidents, use reputed antivirus and IT security solution providers like eScan and stay safe from all such attacks.

Share

eScan

eScan, one of the leading antivirus and content security solutions for desktops, smartphones and servers, is developed and marketed by MicroWorld. It is powered by innovative and futuristic technologies, such as MWL Technology, DIRC Technology, NILP Technology, and sophisticated antivirus heuristic algorithms that not only provides protection from current threats, but also provide proactive protection against evolving threats. eScan provides a 24x7 free remote support facility, integrated in the software to assist clients in the fastest possible timeframe. It has achieved several certifications and awards from some of the most prestigious testing bodies, notably AV-Comparatives, Virus Bulletin, AV-Test, ICSA, and PCSL labs. Combining the power of various innovative technologies, eScan provides multi-level real-time protection to digital devices and networks. For more information, visit www.escan.co.za.

Editorial contacts

Jenay Viljoen
eScan
jenay@escansa.co.za