
Tuesday, September 8, 2009

Don't Say I Didn't Warn You on Dangers of Online Banking!

I've been blogging about the dangers of online banking for quite a while now.  So as more an more people fall victim to phishing attacks, keylogging, DNS Hijacking, SQL Injections, Cloned Bank Websites, etc. you can't say I didn't warn you...

Today I found a "mainstream" article (The Telegraph UK) that sums up my beliefs...specifically..."Don't Type...Swipe!  

Here are some excerpts:

Viruses, spyware, key loggers – the James Bond style vocabulary of the computer hacker is enough to make us paranoid about losing all the money in our bank accounts when we log on to online banking to pay the gas bill.

And it's not just an irrational fear. Take one acquaintance of mine. She's hardly computer illiterate – a web designer with programming skills, she keeps her antivirus and other security software up to date religiously. Yet this didn't stop someone hacking into her account and sending himself most of the money she had at the time. A quick look at the online forums confirms that she's by no means the only one to fall for this particular scam.

So is online banking secure? I've spoken to a couple of experts in computer security. Both were happy to bank online themselves, they told me, although they take rigorous precautions to keep the hackers out. But they're experts: what about the rest of us? We don't want to spend our lives keeping up with the latest online threats.

After all, the criminals have economies of scale on their side – they can put a lot of effort into perfecting their malicious software because, once it's ready, they can use the internet to get it onto the PCs of hundreds of thousands of people. So there's a huge underworld industry out there, all busily working out new ways to bypass our firewalls and get at our passwords.

My experts told me that the man in the street can bank safely online, but only if certain conditions are met.
Firstly, if your bank has given you a card reader – a gadget you connect to your computer and insert your bank card into – you are safe.

If you don't have a card reader, look at how you enter your password.

Do you just type it in?
That's a gift to the scammers – a simple piece of spyware software called a key logger can record the password and send it off to the fraudsters over the internet.

Fortunately, the banks are getting wise to this. Many have developed websites that make you enter your details using mouse clicks. Although in principle it's possible to write malicious software that tracks this too, it's a lot more work than a simple key logger. Editor's Note:  A little more work won't stop them, besides, as more banks go to this method, more hackers will dedicate their time to developing a mouse click logging program...especially when people start mouse clicking their PINs, as PINs are the "holy grail" for hackers.

If you don't have a card reader and you use the keyboard to enter your whole password, you are depending entirely on your security software – and the hackers only have to be lucky once.

Personally, after seeing what happened to my friend the web designer, I wouldn't take this risk. She got her money back in the end, but only after days of worry and frantic phone calls. And the banks are becoming more and more reluctant to bail out those who have failed to take online security seriously.

When it comes to internet banking, a little paranoia is no bad thing.

Reblog this post [with Zemanta]