More online banking risk issues.
More online banking risk issues.
No systphishing, em is absolutely secure. This is evident given data security is a process rather than a task. Online banking is generally one of the more secure online information services for obvious reasons. It needs to be but there is risk associated with online banking generally.
The early risks were opportunistic and involved social engineering or phishing. Newer javascript vulnerabilities can be exploited without as much victim cooperation. This still involvesĀ phishing but at a more sophisticated level.
Javascript engines are common across many browsers so substituting one over another in the list of Internet Explorer, Google Chrome, Mozilla Firefox or even Safari won’t offer protection.
Older phishing methods such as emailing intended targets under the pretence of representing their bank do not bear much fruit now as most Banks make it clear to clients that they will never contact them through email.
The later system involves presenting a fake login screen to a user who has left their online banking screen open for a period of time. The banking page can be in the active tab or a separate tab or page.
This has a far greater chance of working for the phishers as it may seem logical to the user that online banking being a secure service may be set to log out after a period for their own protection. If they then retype the info they are providing it to fraudsters. To add insult to injury, the fraudsters may set their page to claim the entered info is incorrect and then ask for alternative code digits. Users will be familiar with this happening due to a typo and may therefore be comfortable retrying, this time with different digits therefore providing all of the required code.
The fraudsters do not need to know which bank you are with. The system holds a database of different banks and if your online banking is open it will present itself in format to be from your bank.
So, what should you do?
Only type in password or authentication details in response to you opening the site. Be careful typing in the security info. If you are told it is incorrect and you know it is not, do not retry. After you have finished your banking, close the window. Should you be asked for security info during an authenticated session, log out. Ensure you have adequate spyware and antivirus software. Seek advice about the Windows security updates applicable to you. Use a solid firewall, preferably a hardware firewall with up do date firmware.
Report concerns to your bank without delay.
If you liked that post, then try these...
101 Data loss risk variables. on August 6th, 2008
This is being provided initially in list format only.
Interview with Struan Robertson technology lawyer with Pinsent Masons. on September 30th, 2008
Interview with Struan Robertson, technology lawyer with Pinsent Masons.
Tags: browser vulnerability, Data Security, Google Chrome, Internet explorer, Mozilla Firefow, online banking, spyware
