Although it’s very comfortable, online banking has generated new forms of cybercrime connected with data theft when paying online. How is the dangerous software stealing savings accumulated on the accounts? Can one be safe from such attempts and how?
According to Kaspersky Lab experts, the most dangerous type of harmful software is banking Trojan. Having been installed on the computer, it automatically gathers all the data connected with online payment and can even conduct financial transactions without user’s approval. The criminals are using two types of software: one attacking clients of various banks and second, attacking clients of one bank.
How can you ‘catch’ a Trojan? They are usually sent in phishing messages which maneuver the user into clicking a hyperlink or opening the included file. Mass distribution of Trojans happens due to gaps in Windows’ and other popular applications’ security systems. As soon as a harmful program gets into the computer it installs Trojan. Hackers can also use packets of harmful applications, which, due to gaps in security systems, are able to infect many different applications.
After being installed on one’s computer, Trojan uses various techniques to steal data. It can note which keys on a keyboard are used, make screenshots of a form with the important data, transmit the symbols clicked on the touchscreen, change system settings (which can lure the user to fake websites) or inject the browser with harmful code, monitoring the transmission of data between the browser and the server.
With the use of Trojan, hackers can receive data connected with a bank account, which the victim uses on bank’s website or add to the online banking system’s websites additional forms giving the criminals important information.
Moreover, bank Trojans can overcome additional security devices such as two-component authentication using the one-time password – so called TAN codes.
What has been presented above may indicate that banking transactions are not safe. However, there are other solutions making security of online conducted financial transactions more efficient. In order to ensure that online financial transactions are safe one has to use several mechanisms. Financial data should be protected from banking Trojans with the use of antivirus as well as special technologies, such as ‘Safe money’, using browser in secure mode and additional keyboard security. On the other hand, the authenticity of payment and banking online should be verified by checking of numeral certificate and hyperlinks – states Nikołaj Griebiennikow, head of technical department in Kaspersky Lab.