Monday, October 7, 2013

How to Spot Banking Cyber-Criminals in the Act

Banks are trustworthy financial institutions that we don’t think twice about handing our money over to.   This is why we have to be aware of the banking thieves waiting for us to give up our personal information, because many of these attacks seem very convincing.

Cybercriminals are good at swindling you into thinking they are trustworthy companies just trying to help you out.  Don’t be fooled, there are ways to tell weather or not the emails and phone calls are fake.

Hesperbot a new Trojan that has been detected by ESET, uses high-tech mechanisms to bypass the banking security systems.  This is canny social engineering trick for victims to fall for the scam.

Here are some tips to use when distinguishing between the behavior of a banking thief and the real institution:

Never confirm anything through a text message
Banks will send you a text, informing you that your account has changed.  Do not believe this!  Banks will not ask you to confirm anything through a text message.  Do not ever click on links or put in passwords from a text message you may receive from a bank.

Don’t believe any deadline threats
Banks will let you know if something is “urgent” with suspicion of fraud pertaining to matters regarding your funds.  Banks will not ever send you a message threatening a deadline about your account shutting down. Cybercriminals are always in a rush to get you to fall for their scam.  Their websites are often flagged or blocked pretty quickly so the faster you respond to their “urgent” message, the better for them.

Don’t trust links about a “new version” of your banking app
There are noted attempts of fraudulent instillation on your phone with a new app for your banking system.  The malicious apps are trying to bypass security systems to get into your bank accounts.  You can call your bank to double check on the upgrade, or go to their website.  These apps are now being analyzed.

Watch out for shortened URLs in an email
Cybercriminals can use shortened URLs to trick people into clicking onto a fraudulent website.  URL-shortening deceives users into clicking a link without ever knowing where it will take you.  You may have seen shortened URLs from twitter and YouTube, but your bank will not use them.

Don’t trust couriers to pick up your “faulty” bank card
Courier scams are starting to become a problem with bank fraud.  The “bank” will call you telling you a courier will arrive to collect a faulty bank card.  A courier then arrives at your home asking for your bank card because it is “faulty” then proceed to give you a new bank card that is safe to use.  Do not fall for this.  And don’t let them in your house.  If your card is indeed faulty, the bank will instruct you to destroy it.  Never hand your bank card over to anyone.

Watch out for phone calls for you to “prove” your identity
A new scam is a phone call from either “the police” or “your bank”, telling you they have found fraudulent transactions on your card.  The criminals will ask you to prove your identity by calling a real bank number.  The trick is, when you hang up the criminals are still on the phone with a fake dial tone, then they ask you to enter your passwords and you just gave your account into away.

Don’t believe new email addresses
Be wise to receiving an email to your work email or any other address letting you know they are contacting you this way because it is a work day and they are more likely to get a hold of you.  Banks will not add another email address on their own.  The email address you give them should be the only one in their system.

Check to make sure the web page is secure
If you are on a real banking website, there should be a symbol in your browser’s address bar.  This shows you it is secure with a lock padlock or unbroken key symbol.  If there is no symbol in the browser, be wary, the page may not be real.

Banks should always use your name
If you receive an email addressing you as “Dear Customer” or “”, go no further.  Banks will always use your name and even include the last four of your social or account number.  Any emails addressed to anything friendly sounding but your name is often spam.

Don’t give up your personal information
When a bank gets a hold of you in suspicion of fraud, they will ask you to verify personal information.  Usually your phone pin number is asked for you to use, not your debit card pin.  Never give up any personal information like your mother’s maiden name or the name of your first pet.  Scammers use this to hack into other accounts of yours.

You can find a list of detailed phishing scams from ESET here.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+
A scam-spotters guide: Ten things your bank will NEVER do – but cybercriminals will – We Live Security

No comments:

Post a Comment