It is useful to know the ways in which intruders enter bank accounts. Here are five common ways to protect yourself.
With so many computer users making the digital leap and using online banking, it is no wonder that hackers are looking for victims. What may come as a surprise, however, is the way these people can use to access your finances.
Here are five common ways hackers target your bank account, and what countermeasures you need to take to stay safe.
1. Mobile Banking Trojans
Nowadays you can manage all your finances from your mobile phone. Usually, a bank will provide a formal application from which you can log in and check your account. While all of this is convenient, it has become a major attacker for malware creators.
Cheating users with fakes applications banks
The simplest means of attack is to falsify an existing banking application. A malware developer creates a perfect copy of a bank application and uploads it to third party websites. Once you have downloaded the application, enter your username and password in it, but data that is sent to the attacker.
Replacing a real banking application with a fake one
The sneakier version is a Trojan mobile banking. It is not disguised as a formal application of a bank. It is usually a completely unrelated application with a Trojan (Trojan horse) installed inside. When you install this application, the Trojan is installed at the same time, which starts scanning your phone for banking applications.
When it detects the user launching a banking app, the malware quickly pops up a window that looks like the app you just launched. If this is done smoothly enough, the user will not notice the change and enter their details on the fake login page. These information they are then passed on to the malware creator.
Typically, these Trojans also need an SMS verification code to access your account. To do this, they often ask for SMS reading privileges during installation so that they can steal the codes as they arrive on your mobile.
How To Defend Yourself From Trojan Mobile Banking
Before downloading an app from the store, keep track of the number of downloads it has. If it has a very low number of downloads and few to no reviews, it is too early to download it and be sure if it has malware or not.
This doubles if you see an "official application" for a very popular bank with a small number of downloads. There is probably a scammer behind it! Official applications should have a lot of downloads, given how popular a bank is.
Likewise, be careful with the rights you give to applications. If a mobile game asks you for permissions without explaining why it wants them, stay safe and do not allow the app to be installed. Even "innocent" services like Android Accessibility Services can be misused in the wrong hands.
Finally, never install banking applications from third party websites, as they are more likely to contain malware. Although official app stores are not perfect, they are much more secure than a random web site.
2. Fishing
As users begin to understand phishing tactics, hackers have escalated their efforts to deceive them and click on their links. One of their worst tricks is to break lawyers' email accounts and send "phishing" emails from a reputable address.
What makes this hack so destructive is difficulty in detecting fraud. The email address is legal and the attacker could even speak on your behalf.
How to protect yourself from e-fishing
Obviously, if an email looks suspicious, treat its content with a fair amount of skepticism. If the address seems legitimate but there is something strange, see if you can validate the email with the person who sent it. Preferably not via email, in case the hackers have violated his account! Better to call him.
Hackers can also use phishing, among other methods, to steal your identity on social media, your email, etc.
3. Keyloggers
This attack method is one of the easiest ways for a hacker to gain access to your bank account. Keyloggers is a type of malware that records everything you type and sends the information to the hacker.
This may sound trivial at first. But imagine what would happen if you typed in your bank's web address, followed by your username and password. The attacker will have all the information they need to log in to your account!
How To Defend Yourself From Keyloggers
Install a very good antivirus and make sure it scans your system often. A proper antivirus will "smell" a keylogger and turn it off before it is damaged.
If your bank supports two-factor authentication, be sure to enable it. This makes a keylogger much less effective, as the attacker will not be able to reproduce the second authentication code even if they receive your login information.
4. Man-in-the-Middle attacks
Sometimes an attacker will target communications between you and your bank website in order to steal your information. These attacks are called Man-in-the-Middle (MITM) attacks. As its name suggests, the attack takes place when a hacker interferes with communications between you and a legitimate service, stealing in and stealing data.
Typically, a MITM attack involves the monitoring of an unsecured server and the analysis of the data that passes through. When you send your login information over this network, attackers can and do understand what you are doing and thus steal your information.
Sometimes, however, an attacker will use a fake DNS cache to change the site you are visiting when you enter a URL. A fake DNS cache means that www.yourbankswebsite.com will go instead, on a clone site owned by the hacker. This cloned site will look like the real thing. If you are not careful, you will end up giving your login details to the fake site.
How to defend yourself against MITM attacks
Never perform sensitive activities on a public or unsecured network. For that kind of thing talks use something more secure, like your home Wi-Fi. Also, when connecting to a sensitive website, always check if HTTPS is present in the address bar. If it's not there, there's a good chance you're looking at a fake site!
If you want to perform sensitive activities over a public Wi-Fi network, it is best to use a VPN service and connect to your own home network first. The VPN encrypts your data before your computer sends it over the public network. If someone monitors your connection, they will only see unreadable encrypted packets.
5. SIM replacement
SMS authentication codes are some of the biggest problems for hackers. Unfortunately, they have a way of avoiding these checks and do not even need your phone to do so!
To perform a SIM replacement, an attacker communicates with your network provider, claiming to be you. Indicates that you have lost your phone and would like to transfer their old number (which is your current number) to a new SIM card.
If the scam is successful, the network provider removes your phone number from the current SIM card and installs it on a SIM received by the hacker. This can be achieved by displaying a fake ID, which is generally easy to construct (as it stands at the moment).
Once you get your number on the SIM card, it can easily bypass SMS codes. When logged in to your bank account, the bank sends an SMS verification code to its phone and not to yours. It can then log in to your account without hindrance and get the money. Just ten minutes of holding a SIM card is enough for someone to withdraw your entire account before you realize that your card is no longer connected.
How to protect yourself from SIM replacement
Of course, cellular networks often ask questions to check if the person requesting the transfer is what they say. Therefore, in order to make a SIM replacement, fraudsters usually collect your personal information in order to pass the checks.
There are some network providers that have loose controls for SIM replacement, which allowed hackers to easily do this trick.
Always keep your personal information private to prevent someone from stealing your identity. It is also worth checking if your mobile service provider is doing its best to protect you from illegal SIM replacement.
If you keep your data secure and your network provider is diligent, a hacker will fail authentication when trying to exchange SIMs.
Keeping your finances safe on the Internet
The Internet banking is suitable for both customers and hackers. You, for your part, should do all of the above to make sure you don't fall victim to these attacks. By keeping your information safe, you'll give hackers very little room to move.
