Dinu Vincent is an electronics and communication engineering graduate, currently working in the security operation centre of a leading private sector bank in India. He is a certified ethical hacker and holds a computer hacking forensic investigator certification
Ever since Adam and Eve sinned in the Garden of Eden, Godís desire has been to restore the broken relationship between God and people. God made a covenant, which is a promise from God that can never be broken. The covenant states that God wants a relationship with the people, but in order to have this loving relationship, they have to turn away from their sin. This can also be interpreted as the act of avoiding mistakes. So if we avoid mistakes, the relationship will exist forever and we will live in prosperity.
In this digital age, money transfer is a matter of a few clicks. With this advantage, there are drawbacks that allow an innocent user to be tricked easily by a fraudster, thus resulting in easy money for the culprit. The few tips explained in this article will help you to stay alert against such practices, and stay in a good relationship with your bank.
Validate the URL
Manoj is an employee working in an information technology (IT) company and his salary account is with HOPE bank. He has to transfer some money to his friend. So he accesses the bankís Internet banking website. Since he frequently uses this facility, he feels something odd about the portal. He identifies that the uniform resource locator (URL) address is www.internetbanking.h0pebank.com instead of www.internetbanking.hopebank.com (0 instead of o).
Phishing websites are hoax websites that have the look and feel of a legitimate website. Hackers create phishing websites to collect information such as Internet banking credentials, card details, automated teller machine (ATM) pin numbers and personal details, so that they can make use of these to pilfer money from the victimís bank account.
Pharming is the technique to redirect traffic from a legitimate website to a fraudulent one by making use of the formerís vulnerabilities in the DNS server, or by modifying the host file of the victimís PC. Web pages used for pharming attacks are the same as that of the genuine website, which makes it difficult to spot the difference.
One good way to get away from these fraudulent websites is to validate their URLs. Nowadays, almost all banking websites and Internet banking portals have EVSSL certificates. Have you ever noticed your browserís address bar turning to green colour while accessing your bankís website? This denotes that the URL is verified by a certificate authority (approved). Phishing sites will lack these certifications.
Enable second-factor authentication
The most practical way to strengthen authentication is to necessitate a second factor after the username/password stage. Since a password is something that a user knows, ensure that the user also has something that thwarts attackers who steal or gain access to passwords.
Traditional two-factor authentication (TFA) solutions use hardware tokens that users carry on their key chains. These tokens generate one-time passwords (OTPs) for the second stage of the login process. However, hardware tokens are comparatively expensive, difficult to track and replace when broken, and the effort for distributing these is time consuming. Also, these are easy to lose and hard to use.
Banks have come up with several solutions for OTP generation such as short message service based, mobile application based, email based, software token based, interactive voice response (IVR) based solutions and so on.
Carry out up to date patching of machines, use antivirus
Do you know Zeus? I am not talking about the Greek god of the sky and thunder. Zeus is a banking Trojan that is being used to steal banking information by keystroke logging and form grabbing. Zeusís mobile variant called ZitMo is well-known to circumvent popular TFA schemes with security codes being provided via text messages.
SpyEye and Carber have developed their respective mobile counterparts. Dyre, which typically targets customers of large financial institutions, was recently used in a large-scale, credential-phishing campaign targeting international banks.
Each malware tries to evade detection by an antivirus. It intercepts keystrokes, browser data, stored files and basically everything to sneak into a banking account and initiate an illegal money transfer. It even tries to install mobile malware on a smartphone, which allows criminals to steal the OTP.
By regularly applying software patches and using an updated genuine antivirus solution, you can stay away from this malicious software to a good extent. In order to have a healthy PC, always ensure that cracked/pirated operating system/software are not installed. Always remember that nothing comes for free.
Do not trust open/free Wi-Fi
Do you pay your bills online while having pizza and enjoying free Wi-Fi at your favourite coffee shop? Better stop before you pay. Like a lion waiting for its prey, someone is waiting in that Wi-Fi network to steal your credit card information, Internet banking credentials and a lot more even before it reaches your bank.