Tuesday, April 23, 2013

Safe online banking advice

I decided to write this for my family but thought I would share it out to a broader audience  Recently my sister called me on my mobile to ask why some people claiming to be from Microsoft had phoned her about problems she had on her laptop.



Shocked at the phone call she did the right thing and gave me a call where I informed her it was a scam and they were trying to infect her computer more. I also learnt at the time that my dad had used her laptop to purchase flight tickets to France and that my dad had gotten a phone call from the banking warning him of attempted illegal transactions.

Luckily in this case the bank (and my sister) were on the ball and no one lost money. My family literally dodged a bullet that has cost many others their entire savings.

One thing that stuck to me in all of this was my sister saying, "but why do they not warn out about this?". She is right, there is often very limited information. So this article will hopefully tell you what is happening and how to protect yourself.

The Scam

The scams are pretty simple. Hackers (through various means I will go into more detail later) get hold of your banking login details. They have criminal cartels throughout the world and South Africa is no exception.

Once they have identified their victim and have harvested enough information about that victim (cellphone details, address, telephone number, ID and banking credentials)... they will have on of their local operatives phone a local cell phone company and by using a little social engineering and pretending to be you, they will get you sim swap done on your cellphone without you knowing.

They will then login to your bank account. Intercept all your OTP`s (one time passwords normally sent via SMS) because of the sim swap and transfer all your money into a temporary account. This temporary account is normally another victim who has being conned into providing them an account to use. It is then transferred out the country and you can basically kiss that money good bye.

The banks will always blame you and tell you is your fault. Your money is gone and there is almost no legal recourse available to you.

How do they get your banking details?

There are several popular ways to do this. First I need to tell you about the mindset of these hackers. These hackers are poor, 3rd world, mostly of Eastern European decent. They live in such poverty that the average bank account of the average middle class South African is a gold mine. They will dedicate a large part of their time totally to you if they feel they can score a paycheck off you.

The two most common forms are getting the banking details are through phishing and java drive-by.

Phishing emails most of you are familiar. It is that email claiming to be from your bank that says something or other has happened and you need to login to confirm or update your details. Or they may look like they come from SARS or another respected institution. This is an example of one of the scammers emails:
A payment of R4,067.14 has been made into your account from SARS eFilingIn other to process and confirm this payment,Please click here
Note: This email was sent from a secure server,please SIGNON to email us as mails sent to this address cannot be answered.

What happens when you click on the link (link removed for safety reasons) is that it takes you to a fake bank or SARS website that looks like the real deal. People input their login details and that information is sent directly to criminal cartels.

The next most common form of attack is the Java drive-by. In most cases there is very little you can do to protect yourself from these attacks. While keeping the most up to date version of Java running on your PC, and having a really powerful antivirus can help to some regards. It is almost impossible to fully protect your system from these type of attacks.

Basically all the hacker needs to do is get you to visit a website. That is it. The second you visit the website a java payload is installed on your computer (you do not need to interact with the payload for it to install, just visiting the website is enough). Once the payload is installed the hacker has full control over your computer and what they normally do is install a keylogger to record all your usernames and passwords for everything.

The scary thing about these type of attacks is that even visiting trusted websites only is not good enough. Hackers often target trusted websites that have weak security to upload their Java attacks onto it. So you the unsuspecting victim comes along to a website that is normally safe and bam. You are infected.

As long as you run Microsoft Windows there is basically little you can do to stop these type of hacks. It is one of the reasons Google banned Microsoft Windows from its network.

My bank has One Time Passwords. I am safe!

No you are not. Criminal cartels around the world are working closely together. A hacker will simply apply for a sim swap and steal your number to be able to accept the One Time Passwords. There is no cellular network that is safe from this. Just recently a lady lost almost R160 000 to such a scam:


The scourge of SIM swap fraud in South Africa is continuing unabated, with an MTN subscriber complaining that scammers stole R159,000 out of four of her ABSA accounts.
Small business owner Susan De Klerk recently said that she purchased an iPhone 5, and the requirement for a nano SIM meant that a SIM swap was needed.
According to De Klerk, she visited an MTN outlet at the “Mall @ Reds” shopping centre for her SIM swap, and the process was completed without incident. However, her new SIM stopped working after around three weeks.
She discovered shortly afterwards that fraudsters had stolen R159,000 from four of her ABSA accounts, and transferred the money to an account at Capitec bank.

.
What can I do protect myself?

So far the best protected banks are Nedbank and Capitec. They use those little authentication electronic keys instead of One Time Passwords.  I assume the other banks are going to go down this road shortly as more and more of their clients have their life savings stolen from them.

If you can afford it. Rather buy a dedicated Linux computer to do your online banking on. Linux uses its own version of Java that is more secure and seldom targeted by hackers. Linux desktops offer the most resilient protection against Java attacks.

If you can not afford a dedicated Linux desktop or just could not be bothered. There are a few things you can do to reduce the chances of your Windows desktop being compromised.
  • Make sure your antivirus is ALWAYS up to date. 
  • Make sure your operating system is ALWAYS up to date.
  • Run a spyware remove (Malware-Bytes) regularly. 
  • Make sure Java is at its latest version
  • Make sure Flash it as its latest version
  • Try not visit dodgy websites
  • Never run cracked software on your computer (over 80% of it is infected with a payload)
  • Do NOT do your banking or even use Internet Explorer. Yes, it is that bad. Stay with Chrome or Firefox.
  • Do not trust the default Microsoft antivirus.

Please note that even if you follow all my advice your Windows desktop will almost never ever be fully secure. I would recommend that you migrate to a Linux desktop as soon as you are able to. I hope you find this article a little useful. Ignore it at your own risk.

Some recommended tools for Windows users:

  • Avast AntiVirus. My personal preference. I personally think it is the best of the free solutions and for those of you lucky enough to own an Android phone, Avast has a great free security solution. 
  • Malwayre-Bytes. As their tag line states. An antivirus by itself is not good enough. You should do deep scans for spyware at least once a month. 

4 comments:

  1. Great post on Remit 2 India exchange rate you have explained the blog it so well..

    ReplyDelete
  2. According to the National Association of Unclaimed Property Administrators, 1 out of 8 people in the U.S. have unclaimed assets... With average claims of over $1,000!

    Find Federal & State Claimable Balances!

    ReplyDelete
  3. I have been using AVG security for a few years, I recommend this Anti virus to you all.

    ReplyDelete