Secure yourself against hack attacks and cyber-crooks
E-banking is hugely convenient, but perils lurk online. Here’s how you can build up your defences
As the nature of financial transactions carried out by
Indians has begun to change from physical currency to the electronic mode,
cyber criminals are devising new ways to fool individuals and steal their
money. More sophisticated attacks are expected in the future as the increasing
user base adds to the complexity of operations. This is also accentuated by the
convergent nature of the economy, where e-tailers have become banks (with
mobile wallets), and banks have morphed into e-tailers. On the one hand, businesses
are busy wooing consumers; on the other, hackers/fraudsters are looking to
exploit banking platforms and tricking these customers.
Although financial organisations are working tirelessly
to keep their systems and platforms safe and secure, customers also need to
carry out their share of due diligence and be wary of the threats that lurk. In
fact, many of the tricks that criminals use fall beyond the purview of banks;
this, therefore, calls for users to acquire a greater understanding of the
perils they face and the safety measures they need to adopt.
Malware
The development of financial malware is a significant
threat for all users transacting with credit/debit cards, mobile banking apps
or on similar platforms. Ransomware may have grabbed all the limelight, but
banking malware tools are still siphoning off millions globally. In India,
cyber criminals are using malware tools to gradually steal money. The
credentials harvested from customers and the compromised IT systems of banks
are often used to carry out the fraud.
Financial malware such as Zeus, Neverquest, Gozi, Dridex
and Ramnit continue to haunt users and banks. In the year gone by, these
malware played a key role in duping users of their money.
Besides, malware attacks at the point of sale and on
mobiles are causing heightened concern for banks, especially when criminals
chase higher returns by targeting high-value accounts held by individual users,
corporates or business customers.
Social engineering
Social engineering is increasingly being used to
manipulate users to get them to share confidential information, which helps
cyber criminals get access to their passwords or banking details. Criminals
also use the personal information to secretly install malicious software in a
user’s system — which can then give them access to the user’s personal details,
including financial details.
During the ‘demonetisation’ frenzy in November-December
2016, there were incidents in which cyber criminals were able to steal money
from users’ wallet and transfer it to their own. In order to avoid being
caught, a host of cyber criminals did not steal all the money at one go.
Rather, they chose to siphon off the money in small chunks so that the users
could not immediately find out about the stealthy operations. All of this was
possible because several users were exposed to cyber criminals through various
social networks or other platforms. Checking the balance on your mobile wallets
or in your bank accounts periodically is therefore of vital importance. The
alarm bells should start jangling if you see the depletion of even small
amounts of money.
Another reason why it is becoming an increasingly common
tool for threat actors is because there are improvements in online
authentication methods, such as two-factor authentication or out-of-channel
authentication, which are not easy to bypass. Malware alone does not work.
Therefore, criminals pair malware campaigns with social engineering tactics.
Social engineering is generally targeted at customers, although there have been
examples of criminals targeting bank employees by directly utilising their
online accesses or by tricking them into installing physical devices into the
networks.
Deployment techniques
Cyber criminals are also exploiting vulnerabilities that
normally exist in mobile applications to steal critical information. They use
exploit kits to carry out their attacks. The deployment of malware is optimised
through the use of exploit kits by tricking users to click on a link. The
exploit kits automate the process of identifying vulnerabilities in victims’
web browsers and plug-ins (notably Java and Adobe) to enable the installation
of malware.
Less technical methods such as phishing emails, online
adverts and social media baits are also used to deliver malware directly
(through attachments) or indirectly (through hyperlinks to compromised
websites). Users need to be wary of any emails, messages that are laden with
suspicious-looking attachments or hyperlinks. A bit of rudimentary caution when
you receive such such messages can save users their money.
Botnets
Fraudsters are now using botnets to control systems
without their owners’ knowledge. It is important that users know how these bots
work and control their systems. In layman’s language, a botnet is a network of
compromised systems whose control lies with a malicious actor or hacker. A bot
is formed when a computer gets infected with malware that allows hackers to
take control of it.
Once established, botnets can facilitate further
infections, denial of service attacks, spread of skyware/adware, data theft and
anonymisation of criminal activities.
Botnet attacks can happen in organsations and firms where
many users work. If users have their banking credentials stored in their
systems, it is highly likely that hackers will take hold of them and steal the
money. These attacks are a nuisance for the banking sector. Organisations need
to have proper applications in place that deter botnet attacks.
Users should also be cyber-aware and update themselves
regularly with knowledge of the tactics that hackers use to take away money in
just seconds. While cashless transactions give us a lot of freedom and ease,
there is always a threat lurking. Negligence in the matter of sharing password
details and personal details with others may result in losses.
Source |
Business Line | 26th February 2018
Regards
Prof. Pralhad Jadhav
Master of Library &
Information Science (NET Qualified)
Senior Manager @ Knowledge
Repository
Khaitan & Co
Twitter Handle | @Pralhad161978
No comments:
Post a Comment