Posted February 28, 2015 by Bex in Article

How to stop the Hackers.

The BBC has reported that criminal hackers have found a way round the latest generation of online banking security devices given out by banks.

With the top banks introducing more and more new security measures to ensure the safety of their customers money, the hackers have had to up their game and have consequently come up with increasingly advanced methods to crack these security devices. Devices such as Barclays PINSentry and HSBC’s SecureKey ask users to insert a card or a code to create a unique key at each login. These are only valid for approximately 30 seconds after which they cannot be used again. However, although this two factor authentification currently offers the best level of protection against online banking fraud, hackers are now conning account holders in an entirely different way. After logging in to the bank’s real site, hackers are offering account holders training in a new “upgraded security system”. The result is the account holder being completely oblivious to the fact that money is being moved out of there account.

One of the biggest threats to online banking is what is known as the ‘Man in the Browser attack (MitB). This clever piece of malware exists in a web browser and is capable of altering what a user can see as well as changing any details of what is entered on any given website. MITBFor it to work, the user must have visited a particular website, in this instance their bank, and in the most extreme versions, MitB is able to change payment details, amounts and on screen balances in order to hide it’s activity. Daniel Brett of malware testing lab, S21sec, explains that “the man in the browser attack is a very focused, very specific, advanced threat, specifically focused against banking. Many products won’t pick this up, they’ve got a much bigger scope, they’re having to defend against all the viruses since the beginning of time”

Security companies are continually researching and learning about newly released malware or updates to existing malware in a bid to outsmart the hackers. It can take weeks for them to fully understand the malware’s common features and they are on a never ending quest to search for and blacklist websites, emails and other sources, but even then they may only work out how to protect on a very superficial level.

Whilst security firms and banks are doing their utmost to provide top level security, what can you do to help them?  The key answer is to be vigilant. Take time to check your account on a regular basis and be aware of things like:

  • – A transaction that is taking longer than normal. A slower transaction speed could suggest it is being passed through a fraudster’s system.
  • – Don’t give more information away than is necessary.  If you are on the phone and you suspect you are being asked more questions than usual, inform the caller that you will phone them back in a few minutes. Alternatively, if you are doing online banking and are being asked for your whole password, where previously you have only been asked for part of it, alarm bells should ring.  It may suggest that your machine has been infected.
  • – If your computer is being particular slow it may suggest that you have been infected with malware as it will affect both the processor and internet connection.

bank-hacksIf any of these things happen to you or for whatever other reason you suspect that there is something unusual about your account you should contact your bank by phone, immediately. They will need information such as the time and date you accessed your account and will try to match this up with their records. If it does not, it is highly likely that your computer has been compromised.