A recent article in The Independent on 10th October by Jerome Taylor entitled Be Warned – Your Computer May be Stealing Your Money sounds
the alarm from cyber-security experts that cyber-criminals have
attained new levels of sophistication in the methods they now use to
empty your bank account without you even knowing. Using “RATS” remote administration tools, cyber criminals can access your computer
and conduct transactions with your bank as if those instructions were
coming from you. Experts have described these new software tools as “blood-chilling in their complexity and efficiency.”
Almost 1/3 of all fraudulent bank transactions originate from the
customer’s own computer as cyber-criminals use fiendishly clever
malware tools to get around the complex online security checks being
introduced by the banks.
Banks and financial institutions across Europe have developed
ever more complex multi-layered security checks to combat online crime.
However, the latest software used by the criminals fools the bank into
thinking that they are making a legitimate online transaction. Uri
River, head of the cyber strategy organisation BioCatch, explained that
over 30% of banking fraud comes from the weakest link; the customer’s
own computer. This risk applies equally to business and personal online
banking customers.
So what can you do to stay safe?
Our checklist will help you make a start:
- Be aware that the risk is real and growing so make sure that, family,
staff and employees understand that level of the threat and do not
become complacent.
- Never divulge your banking password or Pin Codes to anyone –
least of all in response to an email claiming to come from your bank.
- Protect your personal and business systems and your data –
NOW. An investment in anti-virus, anti-malware and a strong software and
/ or hardware firewall is vital and worth every penny. Losing your hard
earned money is bad enough – losing valuable identifying data which the
criminal can use time and time again is unthinkable.
- Make sure you buy fully licensed copies of the security
software and ensure it is configured to automatically update daily. If
you don’t know to do this – ask for professional PC support. It can be
done remotely and quickly.
- Check daily that the software is doing it’s job – sometimes
the update process is disabled when you install new software or reboot a
PC. Check – Never Assume!
- Check and reconcile your bank account frequently. Don’t leave
it until the end of the month or assume that the unknown transaction on
your statement must have been a purchase you made…. it may well be a
cyber-criminal testing to see if you actually spot a small transaction
before he starts to empty your account. Criminals count on most people
not checking their bank balance often and not querying small
transactions.
- Use the security supplied by your bank to protect those sites
where you enter personal details and information which can identify you,
your business and your accounts. A few key details are all criminals
need. Trusteer Rapport is used by several of the big banks. A read of
the weekly log of the cyber-criminals attempts to gain entry to your PC
makes jaw-dropping reading. Tell your staff to read them too and ensure
they stay alert!
- Be aware that soon if you don’t use the software recommended
by your bank – they may not reimburse you for funds taken illegally from
your account. You may be considered to have been negligent. The level
of theft is now so high banks are going to have to pass on some of their
losses.
- Be link wary. Don’t click on links in unsolicited emails.
Scammers increasingly use generic language designed to hook your
interest or prey on your fears and you have clicked on the link before
you realise what you have done.
- Look to see who the email has been sent to. If there are another 10 names on the list – don’t click on the link.
- NEVER download program or software offered in an email.
- Be very, very careful of installing programs you have
downloaded from a website unless you have verified the website
certificate and scanned the downloaded file for malware and viruses
BEFORE you open it.
- Keep one credit card for online purchases. Avoid using debit
cards as these trace directly to your bank. set the credit card limit to
a level that if the card was stolen you’d be able to cope without that
amount of money.
- Keep a separate and dedicated email address for online
shopping and whenever you have to give email details online. Keep a
separate email address for friends, family and business.
Finally, if you are scammed report it at actionfraud.police.uk or call 0300 123 2040. Even if you can’t get your money back, spreading the word will help others.