Online Banking - Story (what to exploit)


    Posts : 146
    Join date : 2011-12-04

    Online Banking - Story (what to exploit) Empty Online Banking - Story (what to exploit)

    Post  zeusk on Sun Jun 24, 2012 11:43 pm

    Banks provide you several means to help you transact as easily as possible with your account – ATM cash machines, online banking, Phone banking, and so on. With the advent of each of these services, the opportunity for fraud has also increased. Take, for example, online banking. It’s so easy for us to use, and we all use it. The transactions that you do online are secure—just as long the account information stays with you. Anyone else possessing this account information could create havoc with your account.

    Ms. Jenny was so thrilled on opening her online account about 4 months ago. She transferred money to her mom’s account when needed, paid utility bills and just about any transaction that she could do online! However, when she received her statement this month, she was shocked. Her account statement showed bill pays and transfers to another account which she did not know whose it was—accounting to over $5700!

    Upon informing the bank and an ensuing investigation, the tool used for this fraud was detected. It’s her computer. How? A key logging software was found installed on her computer. It must have been installed with another bundle of software or was induced knowingly by a hacker. Whenever she transacted on her online account, her account details and password were logged by the key logger.

    How is it done?

    Consider what one fraudster did in Ms. Jenny’s case. Using a methodical approach, he installed a key logger to trap her key strokes.

    While the fraudster used a key logger to target Ms. Jenny, there are other methods that fraudsters use to gather your account information.

    One particularly common method is called phishing (pronounced the same as ‘fishing’). The trick here is to make YOU give your account login details to the fraudster yourself. To do this, the fraudster creates a website that closely resembles that of your bank and hosts it at a URL, which also resembles that of your bank. He then sends a series of emails at random, asking you to verify or update your account details by logging in, presumably for “security” reasons. You oblige by clicking a link supplied in the email and are taken to a fraudulent website, which is a look-alike of your bank. To log in, you enter your account details and password. In this fake website, the fraudster has captured your account login details—just another way to get your account information.

    Fraudsters just don’t stop installing key loggers, sending phishing emails to acquire your banking details; they also use more sophisticated techniques like “Vishing” (Phishing using Voice). Here fraudsters setup a fake call center using Voice over IP (VOIP). They will send you emails asking you to confirm your banking details as a security check at the phone number provided in the email. As you are not aware about this, you call the number believing it to be a bank phone number and end up giving your banking details and other personal information at the Interactive Voice Response (IVR) phone number. They record your calls and use it for fraudulent purpose.

    Phone Banking
    The means to make online banking frauds do not end at Internet banking. When you do not have access to the Internet and need to make transactions on-the-fly, banks give you the option of phone banking. In phone banking, you call up your bank, speak with an agent who would ask few questions to ascertain your identity, and then the agent performs transactions you request. How secure is this method? - It is safe as long as your personal details are secure. An impersonator who has access to your private information can call the bank on your name, prove identity based on your personal information, and ask for transactions.

    Check Fraud
    The fraudsters may use your Bank account number, Routing number and other personal details to issue checks at websites that accept online checks leading to online check fraud.

    The methods listed above are some of the more common methods of committing online banking fraud, both on the Internet and phone banking.

    What can you do to avoid it?

    Because of her bad experience, Ms. Jenny lost her savings and her faith in online banking. Should you lose faith? No. There are ways for you to prevent online banking fraud, which is what happened to Ms. Jenny. First, it is your knowledge that will help you. Here is a list of some not-so-difficult rules that you should follow to avoid being a victim of online banking fraud.
    DO NOT leave your personal documentation at places where it can either be picked up or viewed by anyone who do not need to see them.
    DO NOT log in to your online account from an insecure computer network.
    When accessing your bank’s Web site, check that the URL is correct and that you are not becoming a victim of phishing.
    DO NOT key in your online banking account login details at a website about which you are not sure. Look for the lock at the bottom or https (an‘s’ appended to ‘http’) in the address field of your browser.
    It is a good practice to type in the URL of your bank yourself, or bookmark it if the URL is difficult to remember. DO NOT follow links to a banking website from another website or email.
    When available, use alternative methods to enter account login details. For example, some banks allow you to click on an on-screen keyboard when logging in and avoid key presses altogether.
    DO NOT give your account details over the phone, unless you have initiated the call to a bank’s service center and make sure that you are calling the correct number listed on the banks website.
    DO NOT print your Social Security Number on checks.
    Scan your computer periodically to ensure that no spy ware or key logger is installed. Keep your antivirus software regularly updated
    Make sure that you have automatic updates turned on and regularly download the security patches if you are a windows user.
    DO NOT respond to emails that ask you to enter your bank account details in any way.
    DO NOT send personal information and bank account details over email.

      Current date/time is Mon Apr 22, 2019 10:29 pm