The Cocoon Blog
The Internet as it should be: private, secure and virus free

According to Bloomberg Businessweek: Online banking fraud is primarily carried out in two ways. In a phishing attack, criminals impersonate bank websites in order to get unsuspecting users to provide their login credentials. The other modus operandi of online banking frauds is to install keystroke-logging malware.

Attack Vectors

Of course there are other banking attack vectors such as man-in-the-middle attacks,man-in-the-browser attacks, cross-channel attacks and pharming (Trojan horse/virus on the victim’s computer). Banking Trojans like Gozi Prinimalka, SpyEye and Zeus can target an online bank site and detect when victims access their bank website. The attackers then have the capability to steal log-in credentials and other personal data associated with the victim’s account.

Blackhats

Back in September of last year, a cybercriminal who goes by the name “vorVzakone” announced in an underground forum a new blackhat project known as Project Blitzkrieg.

VorVzakone said at the time that the operation will target the customers of 30 U.S. banks using a Trojan program that has been in development since 2008 and has more functionality than Zeus or SpyEye — crimeware toolkits commonly used to steal money from online banking accounts. –ComputerWorld

During the spring of 2013 (and it is right around the cyber corner), VorVzakone plans to target the customers of 30 U.S. banks. I don’t have a clue as to the banks that will be targeted, but I plan to be prepared for it.

“Skype flooding” is also part of the VorVzakone operations package so that customers will not be able to contact their banks to verify funds. Does it make you mad that cybercriminals are becoming so vain that they can boast about their cybercriminal plans prior to executing them?

Phishing

You’ve heard of phishing attacks by now.  Phishing occurs when a victim is tricked into handing over their private information under false pretenses. It’s a simple concept that can be executed via simplistic or complex methods.

Often enough, if a cyber criminal gets a hold of a victims email address, they may create a fake message appearing to come from a trusted source. For instance, if a cybercriminal hacks into your banks database, they may gain access to your email address. They can then send you their phishing message, which is identical or similar to a message your bank would normally send you. These fake messages will often ask you to visit a rogue landing page (again, identical to that of your bank) where they will provide a form that asks for your personal information. Due to the highly tailored nature of these scams, a surprising number of people fall victim to them every day.

URL Check

It’s important to check the URL of any website you visit before giving up personal data. A website’s privacy policy will often tell you which information they may ask you, and what types of data they collect on you. The more information a cybercriminal gains about someone, the easier it becomes for them to obtain login information, bank account credentials, social security numbers and so on. You’d be surprised how many people are susceptible to hacks just by what is publicly available online, coupled with some common sense. This is further proof of why it’s so important to remain vigilant when banking online.

 Online Banking Tips

1. Update your computer or device on a regular basis

2. Make sure you are using a secure site  

Look for “https” instead of http and look for the “lock” icon on the address bar of the browser you are using

3. Use a secure password

Minimum of 8 characters
Include a mix of numbers, letters, Uppercase & lowercase
If you can use special characters (&%#*), be sure to add those too
Change your password a minimum of every 3 months and never use the same password at any other site

4. Use your own devices to bank online

Never use a public computer
Consider using a dedicated computer for all financial transactions conducted online
Layer your connection with your bank by using a service such as Cocoon

5. Monitor your bank accounts
Always be aware of what is happening with your financial accounts

My Banking Solution

I use desktops with Vista and Windows 7, an iMac, a laptop (Win 7), a Linux server, an iPhone and an Android. I find myself layering different operating systems with whatever flavor works for me. On Windows and iMac I generally use Cocoon in varying capacities and also use Cocoon on my iPhone as my primary browser of choice. On my Linux machine I am mainly inside my terminal and rarely use a browser. Cocoon is always my top choice for browsing the Internet or banking online because it adds an additional layer of Internet security – and in 2013, we need additional layers of online protection to thwart cybercriminals like vorVzakone.

Do you have any online banking tips to share?  Leave a comment at our blog or visit us on Twitter and Facebook.

“Tatanga is an online banking Trojan horse that was first discovered in May 2011. It is able to inject rogue Web pages into browsing sessions and affects nine different browsers, including Internet Explorer, Mozilla Firefox, Google Chrome, Opera and Safari.The malware is known to use social engineering techniques against victims in order to bypass security measures enforced by banks, like one-time passwords (OTPs) or transaction authorization numbers (TANs)”. –Lucian Constantin | PCWorld

You’ve heard of phishing attacks by now. We touched on some of the facts about these kinds of scams and discussed Norton’s claim that of the 12,000 or so people surveyed in 2011, roughly 10% admitted they have been the victim of a phishing attack in the last year.

Phishing occurs when a victim is tricked into handing over their private information under false pretenses. It’s a simple concept that can be executed via simplistic or complex methods.

Often enough, if a cyber criminal gets a hold of a victims email address, they may create a fake message appearing to come from a trusted source. For instance, if a cybercriminal hacks into your banks database, they may gain access to your email address. They can then send you their phishing message, which is identical or similar to a message your bank would normally send you. These fake messages will often ask you to visit a rogue landing page (again, identical to that of your bank) where they will provide a form that asks for your personal information. Due to the highly tailored nature of these scams, a surprising number of people fall victim to them every day. It’s important to check the URL of any website you visit before giving up personal data. A website’s privacy policy will often tell you which information they may ask you, and what types of data they collect on you.

The more information a cybercriminal gains about someone, the easier it becomes for them to obtain login information, bank account credentials, social security numbers and so on. You’d be surprised how many people are susceptible to hacks just by what is publicly available online, coupled with some common sense. This is further proof of why it’s so important to remain vigilant when shopping, banking, and browsing online.

Check back with us soon for Part 6 of our pickpocket series.

Part 1: The Online Pickpockets of The World Wide Mall

Part 2: The Online Pickpockets of the Worldwide Mall

Part 3: The Online Pickpockets of The World Wide Mall

Part 4: The Online Pickpockets of The World Wide Mall

Part 5: The Online Pickpockets of The World Wide Mall

We have taken a look at some of the ways commerce has evolved over the past decade, and the raw numbers that have emboldened the movement.  A worldwide surge of online espionage and crime has led initiatives by criminals, governments, and corporations into action. Each entity is striving to steal from, protect, and take advantage of the expanding scale to which online crime has tipped. It has become clear who’s after our money, but then who will protect us in this time of need?

Here in the United States, our government has become aware of the issue of online privacy and security, and Senate talks are rampant on the subject. The recently proposed Cyber Security Act of 2012 is being considered as a centralized means of reducing the problem. Critics argue that the Act is expensive and poses a threat to online privacy. The Act would essentially put the job of fighting cybercrime in the hand of the Department of Homeland Security, and would introduce a slew of new expenditures for big companies such as Google and Amazon.  Whether or not the Act would truly reduce the amount of cybercrime in the U.S. is unknown, but our privacy could likely suffer.

The age old argument of government regulation versus the private sector reinforcement certainly rings true to cybercrime today. What we can be sure of, however, is that public education remains a win-win for everyone, everywhere. Be sure to check back here tomorrow for some tips on how to stay safe on your own accord.

Part 1: The Online Pickpockets of The World Wide Mall

Part 2: The Online Pickpockets of the Worldwide Mall

Part 3: The Online Pickpockets of The World Wide Mall