With so many users making the jump to internet banking, it’s no wonder that hackers are on the hunt for login details. What may be surprising, however, are the lengths that hackers go to in order to access your finances.
Here’s a look at how hackers target your bank account and how to stay safe.
1. Mobile Banking Trojans
These days, you can manage all of your finances from your smartphone. Usually, a bank will supply an official app from which you can log in and check your account. While convenient, this has become a key attack vector for malware authors.
Fake Apps
The simpler means of attack is by spoofing an existing banking app. A malware author creates a perfect replica of a bank’s app and uploads it to shady third-party sites. Once you’ve downloaded the bad app, you enter your username and password into it, which is then sent to the hacker.
App Hijacking
The sneakier version of this is the mobile banking Trojan. These aren’t disguised as a bank’s official app; they’re usually a completely unrelated app with a Trojan installed within. When you install this app, the Trojan begins to scan your phone for banking apps.
When it detects a banking app being launched, the malware quickly puts up a window that looks identical to the app you just booted up. If this is done smoothly enough, the user won’t notice the swap and will enter their details into the fake login page. These details are then uploaded to the malware author.
Typically, these Trojans also need an SMS verification code to complete the hack. To do this, they’ll often ask for SMS read privileges during install, so they can steal the codes as they come in.
How to Defend Yourself
When downloading apps from the app store, keep an eye on the number of downloads it has. If it has a very low amount of downloads and little to no reviews, it’s too early to call if it has malware or not.
This goes double if you see an “official app” for a very popular bank with a small download count—it’s likely an imposter!
Likewise, be careful with what permissions you give apps. If a mobile game asks you for SMS read permissions with no explanation as to why it wants them, stay safe and don’t allow the app to install. Never install apps from third-party sites, as they’re more likely to contain malware.
2. Phishing
As the public becomes savvy toward phishing tactics, hackers have escalated their efforts to trick people into clicking their links. One of their nastiest tricks is hacking the email accounts of solicitors and sending phishing emails from a previously-trusted address.
What makes this hack so devastating is how hard it would be to spot the scam. The email address would be legitimate, and the hacker could even to talk to you on a first-name basis. This is exactly how an unfortunate home buyer lost £67,000, despite replying to an email address that was previously legitimate.
How to Defend Yourself
Obviously, if an email address looks suspicious, treat its contents with a healthy dose of skepticism. If the address looks legitimate but something “seems off,” see if you can validate the email with the person sending it—preferably not over email, in case the hackers have compromised the account!
Hackers can also use phishing, among other methods, to steal your identity on social media.
3. Keyloggers
This method of attack is one of the quieter ways a hacker can gain access to your bank account. Keyloggers are a type of malware that records what you’re typing and sends the information back to the hacker.
That might sound inconspicuous at first, but imagine what would happen if you typed in your bank’s web address, followed by your username and password. The hacker would have all the information they need to break into your account!
How to Defend Yourself
Install a stellar antivirus and make sure it checks your system every so often. A good antivirus will sniff out a keylogger and erase it before it can do damage.
If your bank supports two-factor authentication, be sure to enable this. This makes a keylogger far less effective, as the hacker won’t be able to replicate the authentication code even if they get your login details.
4. Man-in-the-Middle Attacks
Sometimes, a hacker will target the communications between you and your bank’s website in order to get your details. These attacks are called Man-in-the-Middle (MITM) attacks, and the name says it all; it’s when a hacker intercepts communications between you and legitimate service.
Usually, a MITM attack involves monitoring an insecure server and analyzing the data that passes through. When you send your login details over this network, the hackers “sniff out” your details and steal them.
Sometimes, however, a hacker will use DNS cache poisoning to change what site you visit when you enter a URL. A poisoned DNS cache means that www.yourbankswebsite.com will instead go to a clone site owned by the hacker. This cloned site will look identical to the real thing; if you’re not careful, you’ll end up giving the fake site your login details.
How to Defend Yourself
Never perform any sensitive activities on a public or unsecured network. Err on the side of caution and use something more secure, such as your home Wi-Fi. Also, when you log into a sensitive site, always check for HTTPS in the address bar. If it’s not there, there’s a good chance you’re looking at a fake site!
If you want to perform sensitive activities over a public Wi-Fi network, why not take control of your own privacy? A VPN service encrypts your data before your computer sends it over the network. If anyone is monitoring your connection, they’ll only see unreadable encrypted packets.
5. SIM Swapping
SMS authentication codes are some of the biggest problems for hackers. Unfortunately, they have a way to dodge these checks, and they don’t even need your phone to do it!
To perform a SIM swap, a hacker contacts your network provider, claiming to be you. They state that they lost their phone and that they’d like a transfer of their old number (which is your current number) to their SIM card.
If they’re successful, the network providers strip your phone number from your SIM and install on the hackers instead.
Once they have your number on their SIM card, they can circumvent SMS codes easily. When they log into your bank account, the bank sends an SMS verification code to their phone rather than yours. They can then log in to your account unimpeded and drain your account.
How to Defend Yourself
Of course, mobile networks typically ask questions to check if the person requesting the transfer is who they say they are. As such, to perform a SIM swap, scammers typically harvest your personal information in order to pass the checks. Even then, some network providers have lax checks for SIM transfers, which allowed hackers to easily perform this trick.
Always keep your personal details private to avoid someone stealing your identity. Also, it’s worth checking if your mobile provider is doing their part to defend you from SIM swapping. If you keep your details safe and your network provider is diligent, a hacker will fail the identification check when they try to SIM swap.
Keeping Your Finances Safe Online
Internet banking is very convenient for both customers and hackers alike. Thankfully, you can do your part to ensure you’re not a target of these attacks. By keeping your details safe, you’ll give hackers very little to work with when they take aim at your savings.
MUO
