It is useful to know the ways in which intruders enter bank accounts. Here are five common ways to protect yourself.
With so many computer users making the digital leap and using online banking, it is no wonder that hackers are looking for victims. What may come as a surprise, however, is the way these people can use to access your finances.
Here are five common ways hackers target your bank account, and what countermeasures you need to take to stay safe.
1. Mobile Banking Trojans
Nowadays you can manage all your finances from your mobile phone. Usually, a bank will provide a formal application from which you can log in and check your account. While all of this is convenient, it has become a major attacker for malware creators.
Deception of users with fake banking applications
The simplest means of attack is to falsify an existing banking application. A malware developer creates a perfect copy of a bank application and uploads it to third party websites. Once you have downloaded the application, enter your username and password in it, but data that is sent to the attacker.
Replacing a real banking application with a fake one
The sneakier version is a Trojan mobile banking. It is not disguised as a formal application of a bank. It is usually a completely unrelated application with a Trojan (Trojan horse) installed inside. When you install this application, the Trojan is installed at the same time, which starts scanning your phone for banking applications.
When it detects a user launching a banking application, the malware quickly pops up a window that looks like the application you just started. If this is done smoothly enough, the user will not notice the change and will enter their details on the fake login page. This information is then passed on to the malware developer.
Typically, these Trojans also need an SMS verification code to access your account. To do this, they often ask for SMS reading privileges during installation so that they can steal the codes as they arrive on your mobile.
How To Defend Yourself From Trojan Mobile Banking
Before downloading an app from the store, keep track of the number of downloads it has. If it has a very low number of downloads and few to no reviews, it is too early to download it and be sure if it has malware or not.
This doubles if you see an "official application" for a very popular bank with a small number of downloads. There is probably a scammer behind it! Official applications should have a lot of downloads, given how popular a bank is.
Likewise, be careful with the rights you give to applications. If a mobile game asks you for permissions without explaining why it wants them, stay safe and do not allow the app to be installed. Even "innocent" services like Android Accessibility Services can be misused in the wrong hands.
Finally, never install banking applications from third party websites, as they are more likely to contain malware. Although official app stores are not perfect, they are much more secure than a random web site.
As users begin to understand phishing tactics, hackers have escalated their efforts to deceive them and click on their links. One of their worst tricks is to break lawyers' email accounts and send "phishing" emails from a reputable address.
What makes this hack so destructive is difficulty in detecting fraud. The email address is legal and the attacker could even speak on your behalf.
How to protect yourself from e-fishing
Obviously, if an email looks suspicious, treat its content with a fair amount of skepticism. If the address seems legitimate but there is something strange, see if you can validate the email with the person who sent it. Preferably not via email, in case the hackers have violated his account! Better to call him.
Hackers can also use phishing, among other methods, to steal your identity on social media, your email, etc.
This attack method is one of the easiest ways for a hacker to gain access to your bank account. Keyloggers is a type of malware that records everything you type and sends the information to the hacker.
This may sound trivial at first. But imagine what would happen if you typed in your bank's web address, followed by your username and password. The attacker will have all the information they need to log in to your account!
How To Defend Yourself From Keyloggers
Install a very good antivirus and make sure it scans your system often. A proper antivirus will "smell" a keylogger and turn it off before it is damaged.
If your bank supports two-factor authentication, be sure to enable it. This makes a keylogger much less effective, as the attacker will not be able to reproduce the second authentication code even if they receive your login information.
4. Man-in-the-Middle attacks
Sometimes an attacker will target communications between you and your bank website in order to steal your information. These attacks are called Man-in-the-Middle (MITM) attacks. As its name suggests, the attack takes place when a hacker interferes with communications between you and a legitimate service, stealing in and stealing data.
Typically, a MITM attack involves monitoring an insecure server and analyzing the data being passed. When you send your login information through this network, intruders can and do detect what you are doing and thus steal your login information.
Sometimes, however, an attacker will use a fake one dns cache to change the site you visit when you enter a URL. A fake DNS cache means that www.yourbankswebsite.com will go instead, on a clone site owned by the hacker. This cloned site will look like the real thing. If you are not careful, you will end up giving your login details to the fake site.
How to defend yourself against MITM attacks
Never perform sensitive activities on a public or unsafe network. For this kind of conversation, use something more secure, such as Wi-Fi in your home. Also, when connecting to a sensitive site, always check for HTTPS in the address bar. If it is not there, there is a good chance you are looking at a fake website!
If you want to perform sensitive activities over a public Wi-Fi network, it is best to use a VPN service and connect to your own home network first. The VPN encrypts your data before your computer sends it over the public network. If someone monitors your connection, they will only see unreadable encrypted packets.
5. SIM replacement
SMS authentication codes are some of the biggest problems for hackers. Unfortunately, they have a way of avoiding these checks and do not even need your phone to do so!
To perform a SIM replacement, an attacker communicates with your network provider, claiming to be you. Indicates that you have lost your phone and would like to transfer their old number (which is your current number) to a new SIM card.
If the scam is successful, the network provider removes your phone number from the current SIM card and installs it on a SIM received by the hacker. This can be achieved by displaying a fake ID, which is generally easy to construct (as it stands at the moment).
Once you get your number on the SIM card, it can easily bypass SMS codes. When logged in to your bank account, the bank sends an SMS verification code to its phone and not to yours. It can then log in to your account without hindrance and get the money. Just ten minutes of holding a SIM card is enough for someone to withdraw your entire account before you realize that your card is no longer connected.
How to protect yourself from SIM replacement
Of course, cellular networks often ask questions to check if the person requesting the transfer is what they say. Therefore, in order to make a SIM replacement, fraudsters usually collect your personal information in order to pass the checks.
There are some network providers that have loose controls for SIM replacement, which allowed hackers to easily do this trick.
Always keep your personal information private to prevent someone from stealing your identity. It is also worth checking if your mobile service provider is doing its best to protect you from illegal SIM replacement.
If you keep your data secure and your network provider is diligent, a hacker will fail authentication when trying to exchange SIMs.
Keeping your finances safe on the Internet
Internet banking is suitable for both customers and hackers. You, for your part, should do all of the above to make sure you do not fall victim to these attacks. Keeping your data safe will give hackers very little room.