Safer eBanking Part 1: The threats

If you use eBanking you personally play a very important role in staying safe online.
The reason is that hackers who want to steal your online banking identity attack your PC, not eBanking systems.

You can work with your bank to make your online banking experience safer by understanding how the attacks work, following good basic security practices and using advanced security options from your eBanker. This week Team Gemalto will explain how in our Safer eBanking series.

Bank systems have excellent security. So cyber criminals don’t attack bank systems – they attack your PC.

Hackers use “phishing” or financial malware (malicious software) they install on your PC to steal your eBanking credentials such as user names, passwords and even shared secrets you give your bank, which are the answers to questions like, “What was your first car?”

Phishing is a two-part attack. First you get a very legitimate looking email that you think is from your bank, but when you click on a link it actually takes you to a hacker site that looks so good you think it is your bank’s site. If you try to log in on a fake hacker site, you are giving your eBanking account password to a thief.

Malware on the other hand is a program that you are somehow tricked into installing. You think you are installing something innocent and useful, like an audio encoder, free music or a game cheat.  The problem is you get the malware too without knowing it. 

There are many types of malware. “Keyloggers” monitor what you type looking for eBanking logins, then capture the keystrokes and send them to the hacker. “Scareware” can open a popup window that looks like a warning from your bank and try to get you to fill out a form. Malware can redirect your browser to a hacker site when you enter the bank’s website address. The risk is that you are tricked into giving your secrets to a cybercriminal.

Other programs can hijack your computer and pilot it remotely, or even invade your online banking sessions and steal your money without you even seeing it happening. This attack, called man-in-the-browser, is usually reserved for high-payoff corporate account takeovers.

Financial malware is a widespread problem. Anti-Phishing Working Group (APWG) research shows that worldwide 25 percent of all PCs carry some type of financial malware or downloader. Even INTERPOL is a victim of brand hijacking attempts through phishing. On its website it warns people not to fall for phishing email scams that purport to be from them.

Multi-national law enforcement operations routinely break up cybercrime rings, showing how pervasive the threat is. Recently in the U.S., the FBI uncovered a string of online bank fraud attacks that resulted in $20 million in stolen funds being transferred to China. Late last year in Operation Trident Breach, law enforcement agencies in the Netherlands, Ukraine, the U.S. and UK arrested 150 people in an online banking cybercrime group that had attempted theft of $220 million with actual losses of $70 million.

Finally, the Ponemon Institute’s 2011 Business Banking Trust Study found that 42 percent of small businesses in the U.S. were victimized by some type of online banking fraud last year.

Further reading

How can I improve my security when banking on line?
How does phishing work?
What is spyware & malware?
How do I prevent spyware & malware?