It’s not surprising that hackers are looking for login information, considering how many people have made the switch to online banking.
Surprisingly, these people will go to great lengths to get your money.
Here are some tips to help you stay safe and avoid being hacked.
1. Mobile Banking Trojans
You can now manage your finances all from your smartphone. A bank will usually provide an app that allows you to log in and view your account. This is a convenient way to attack malware authors, but it has also become a major attack vector.
Fake banking apps trick users
Spoofing existing banking apps is a simpler way to attack. A malware author makes an exact replica of a bank app and uploads it onto third-party sites. After downloading the app, enter your username, and password, and it is sent to the hacker.
Replacing a real banking app with a fake one
The mobile banking Trojan is a sneakier variant. These Trojans are not disguised as official apps for banks. They’re often totally unrelated apps with a Trojan embedded within. The Trojan scans your phone for banking apps when you install the app.
The malware displays a window identical to the one you have just opened when it detects that the user is opening a banking app. If everything goes smoothly, users won’t notice the change and will simply enter their login details on the fake login page. These details are then sent to the malware author.
These Trojans will often ask for an SMS verification code in order to gain access to your account. They will often request SMS reading privileges to access your account.
How to Protect Yourself from Mobile Banking Trojans
Keep an eye on how many downloads the app has when you are downloading it from the app store. It’s too early for us to know if the app has malware if it has very few downloads and has little or no reviews.
If you find an official app for a bank that has a low download count, it’s probably a fraud! Given the popularity of the bank, official apps should receive a lot more downloads.
Also, be cautious about what permissions apps ask for. Don’t give permission to a mobile app if it asks for permissions without explaining why. Even seemingly innocent services, such as Android Accessibility Service, can be used to hack your device.
Third-party websites are more likely to have malware than official ones. Although official app stores may not be perfect, they are much safer than any random website.
2. Phishing
Hackers have increased their efforts to trick people into clicking on their links as the public becomes more aware of phishing tactics. Hacking the email accounts of solicitors to send phishing emails is one of their most egregious tricks.
This hack is so dangerous because it’s difficult to detect the scam. The hacker could talk to your first name and your email address would be valid. This is how an unlucky home buyer lost PS67,000 despite having replied to an email address that was legitimate previously.
How to Protect Yourself from Phishing
If an email address appears suspicious, you should treat it with suspicion. If you are unsure whether the email address is legitimate, but it looks strange, verify the identity of the sender. In the event that hackers compromise the account, it is best to not communicate via email.
Phishing is another method used by hackers to steal identities on social media.
3. Keyloggers
This is one of the more subtle ways hackers can hack bank accounts. Keyloggers are a type of malware that records your typing and then sends it back to the hacker.
This may seem insignificant at first. Imagine what it would look like if you entered your bank’s website address followed by your username, and password. Hackers would have all the information needed to hack into your account.
How to Protect Yourself from Keyloggers
Make sure you have a great antivirus installed and that it is running on a regular basis. Antivirus software will detect keyloggers and remove them before they can cause damage.
Two-factor authentication is a feature that most banks support. A keylogger that uses this method is far less effective because hackers won’t have the ability to duplicate the authentication code, even if they do get your login details.
4. Man-in-the-Middle Attacks
Hackers may sometimes target your bank’s website and intercept your communications. These attacks are known as Man in the Middle (MITM attacks) and their name is clear: it’s when hackers intercept communications between you, a legitimate service, and you.
An MITM attack is usually surveillance of an insecure server, and analysis of the data that passes through. The hackers can “sniff” your login information and steal it by sending it over the network.
A hacker may use DNS cache poisoning to alter the site that you visit when entering a URL. A poisoned DNS cache means that www.yourbankswebsite.com will instead go to a clone site owned by the hacker. The fake site will look exactly like the real one. If you don’t pay attention, you could end up giving your login details to the fake site.
How to Protect Yourself from MITM Attacks
Do not perform sensitive activities over unsecured networks or public Wi-Fi. You should be cautious and use a more secure network, such as your home Wi Fi. Always check the address bar for HTTPS when you log in to a sensitive website. It’s possible that you are looking at a fake website if it isn’t there.
You can use public Wi-Fi networks to conduct sensitive activities. Why not control your privacy? VPN services encrypt your data before it is sent over the network. Anybody monitoring your connection will only be able to see encrypted packets that are unreadable.
