Internet Banking-Safety is in your hand

Use of Internet and ATM for banking is common nowadays.  Even a novice could operate internet banking interface with ease.

Yet use of ATMs and Internet banking for banking could be termed as a double-edged weapon.

If it is not handled properly you could end up in loosing your hard earned money.

We provide here various methods used by fraudsters to hoodwink the users of internet banking and ATMs.  We have also listed the safeguards suggested by bankers for safe use of internet banking and ATMs

Phishing

Phishing flow chart

Phishing is an attempt by fraudsters to ‘fish’ for your  Banking details. A phishing attempt usually is in the form of an e-mail that appears to be from your  Bank.

The e-mail usually encourages you to click a link in it that takes you to a fraudulent log-on page designed to capture your details.

Fraudsters send fake e-mails claiming that your information has been compromised, due to which your  Bank account has been de-activated/suspended.

They will ask you to hence confirm the authenticity of your information/transactions like credit card number, personal identification number (PIN), passwords etc.

In-Session Phishing

Typical fraudulent pop-up window

This fraudulent method is more sophisticated.  Even regular internet users could fall as prey.

In-session phishing is a method used by fraudsters where malware detects when the account holder enters into bank internet banking account by entering username and password.

After your open your bank website a pop-up window would open above your bank web page and would ask you type username and password.  This pop up window is not belonging to bank but to the fraudster who would steal your banking information.

Since the user has logged on to the  Banking website only a short while before, he is not likely to suspect the authenticity of this pop-up and is thus more likely to provide the requested details.

Spoofing

Spoofing Model for showing fake bank website

This is more sophisticated form of phishing.  Website spoofing is the act of creating a website, as a hoax, with the intention of performing fraud.

To make spoof sites seem legitimate, spoofers use the names, logos, graphics and even code of the actual website.

They can even fake the URL (website address) that appears in the address field at the top of your browser window and the Padlock icon that appears at the bottom right corner.

In this case just like phishing Fraudsters send e-mails with a link to a spoofed website asking you to update or confirm account related information.

This is done with the intention of obtaining sensitive account related information like your Internet  Banking user ID, password etc.

Fake Bank Login Page

Check for the Padlock icon: There is a de facto standard among web browsers to display a Padlock icon somewhere in the window of the browser For example, Microsoft Internet Explorer displays the lock icon at the bottom right of the browser window. Click (or double-click) on it in your web browser to see details of the site’s security.

Actual Bank Login Page

It is important for you to check to whom this certificate has been issued, because some fraudulent websites may have a padlock icon to imitate the Padlock icon of the browser.  Check the webpage URL. When browsing the web, the URLs (web page addresses) begin with the letters “http”. However, over a secure connection, the address displayed should begin with “https” – note the “s” at the end.

For example: if a bank’s login page url is http instead of https there is every possibility that the login page you have entered is not genuine.  Note here only login page will have this secured connection while the home page or other pages of your bank website addresses (URL) will start as http only.

Vishing

Vishing Model

Vishing is a combination of Voice and Phishing that uses Voice over Internet Protocol (VoIP) technology

In this method fraudsters would be feigning to represent Banks.  Usually a recorded voice would seek for your bank details.

It is an attempt to trick unsuspecting customers into providing their personal and financial details over the phone.

If the bank or credit details are entered though telephone system those details will converted into data by the machine and sent to fraudsters.

Skimming

Typical tampered ATM

Skimming is a method used by fraudsters to capture your personal or account information from your credit  or ATM card.

Your card is swiped through the skimmer and the information contained in the magnetic strip on the card is then read into and stored on the skimmer or an attached computer.

Fraudsters insert a skimming device to the ATM’s card slot. This device scans the card and stores its associated information.

While a customer keys in his PIN, the wireless skimming device transfers the data to the fraudsters.

This information is then used by the fraudsters for online shopping or to make counterfeit credit cards.

At restaurants and shopping outlets, the credit card is swiped twice, once for the regular transaction and the other in the skimmer that captures the personal information which is retrieved later by the fraudsters.

Money Mule

Once the fraudster has captured personal information using anyone of the ways mentioned above, they need an account to which they can transfer funds from the compromised account. This is where a “Money Mule” comes into picture. A Money Mule is an unwitting participant in the frauds who is recruited by fraudsters to launder stolen money across the globe.  Fraudsters contact prospective victims (money mules) with job vacancy ads via spam e-mail, Internet chat rooms or job search Web sites. Jobs usually are advertised as financial management work, and ads suggest that no special knowledge is required.  Once recruited, money mules receive funds into their accounts.  Mules then are asked to take these funds out of their accounts and forward them overseas.

Tips for safe internet and ATM Banking:

• Bank will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet  Banking details, you should not respond.
• Always type in the URL yourself in the browser (say internet explorer) whenever you access bank site for internet banking. Don’t use bookmarks, links, shortcuts etc.
• Never click on any links or attachments present in an e-mail that seems suspicious.
• Do not open multiple browser windows when you  Bank online to avoid In-session phishing.
• Never type in your account details, user ID, password, etc. in any pop-up that may appear when you  Bank online.
• Always log off and close the Internet browser window after you have finished your online  Banking session.
• Never provide your bank details or credit card number over phone though the person talking on the other side is staff of bank or credit card company.  Also do not call and leave any personal or account details on any telephone system that you are directed to by a telephone message or from a telephone number provided in a phone message, an e-mail or an SMS especially if it is regarding possible security issues with your credit card or  Bank account.
• Sign on the reverse of your credit card as soon as you receive it.
• change ATM pin frequently to avoid skimming
• Keep a cap on the amount that you deposit in the bank, the ATM card of which you use to withdraw money often.  In other words, do not deposit your entire savings in the bank which you transact often though ATM card.  Instead you can deposit only the amount that is required for your monthly expenses in the account for which you use ATM card often.  Your savings could be made in the account for which you never use ATM card.
• Collect your receipts at ATM’s, restaurants and shopping outlets.
• Use your card with merchants that you know and can trust. Never allow a shopkeeper to take your card to a different shop/room for swiping.
• The law states that cardholders are not liable for fraudulent transactions as long as the original card is still in their possession.   The problems arise when a card is stolen or lost and is then used fraudulently.

Above all, always use reputed anti-virus and anti-spyware tools to keep your computer virus/malware/trojan free. Because these unwanted installations may prompt you to provide your personal and bank details, which will then be sent over internet to the fraudsters.