According to Bloomberg Businessweek: Online banking fraud is primarily carried out in two ways. In a phishing attack, criminals impersonate bank websites in order to get unsuspecting users to provide their login credentials. The other modus operandi of online banking frauds is to install keystroke-logging malware.
Banking Trojans like Gozi Prinimalka, SpyEye and Zeus can target an online bank site and detect when victims access their bank website.
Of course there are other banking attack vectors such as man-in-the-middle attacks,man-in-the-browser attacks, cross-channel attacks and pharming (Trojan horse/virus on the victim’s computer). Banking Trojans like Gozi Prinimalka, SpyEye and Zeus can target an online bank site and detect when victims access their bank website. The attackers then have the capability to steal log-in credentials and other personal data associated with the victim’s account.
Back in September of last year, a cybercriminal who goes by the name “vorVzakone” announced in an underground forum a new blackhat project known as Project Blitzkrieg.
VorVzakone said at the time that the operation will target the customers of 30 U.S. banks using a Trojan program that has been in development since 2008 and has more functionality than Zeus or SpyEye — crimeware toolkits commonly used to steal money from online banking accounts. –ComputerWorld
During the spring of 2013 (and it is right around the cyber corner), VorVzakone plans to target the customers of 30 U.S. banks. I don’t have a clue as to the banks that will be targeted, but I plan to be prepared for it.
“Skype flooding” is also part of the VorVzakone operations package so that customers will not be able to contact their banks to verify funds. Does it make you mad that cybercriminals are becoming so vain that they can boast about their cybercriminal plans prior to executing them?
You’ve heard of phishing attacks by now. Phishing occurs when a victim is tricked into handing over their private information under false pretenses. It’s a simple concept that can be executed via simplistic or complex methods.
Due to the highly tailored nature of these scams, a surprising number of people fall victim to them every day.
Often enough, if a cyber criminal gets a hold of a victims email address, they may create a fake message appearing to come from a trusted source. For instance, if a cybercriminal hacks into your banks database, they may gain access to your email address. They can then send you their phishing message, which is identical or similar to a message your bank would normally send you. These fake messages will often ask you to visit a rogue landing page (again, identical to that of your bank) where they will provide a form that asks for your personal information. Due to the highly tailored nature of these scams, a surprising number of people fall victim to them every day.
This is further proof of why it’s so important to remain vigilant when banking online.
Online Banking Tips
1. Update your computer or device on a regular basis
2. Make sure you are using a secure site
Look for “https” instead of http and look for the “lock” icon on the address bar of the browser you are using
3. Use a secure password
Minimum of 8 characters
Include a mix of numbers, letters, Uppercase & lowercase
If you can use special characters (&%#*), be sure to add those too
Change your password a minimum of every 3 months and never use the same password at any other site
4. Use your own devices to bank online
Never use a public computer
Consider using a dedicated computer for all financial transactions conducted online
Layer your connection with your bank by using a service such as Cocoon
5. Monitor your bank accounts
Always be aware of what is happening with your financial accounts
My Banking Solution
I use desktops with Vista and Windows 7, an iMac, a laptop (Win 7), a Linux server, an iPhone and an Android. I find myself layering different operating systems with whatever flavor works for me. On Windows and iMac I generally use Cocoon in varying capacities and also use Cocoon on my iPhone as my primary browser of choice. On my Linux machine I am mainly inside my terminal and rarely use a browser. Cocoon is always my top choice for browsing the Internet or banking online because it adds an additional layer of Internet security – and in 2013, we need additional layers of online protection to thwart cybercriminals like vorVzakone.