How Online Banking Raises Your Risk of Identity Theft

Are you hooked on the convenience of online banking? Do you think Zeus is the Greek king of the gods and Oddjob and SpyEye are the bad guys in James Bond movies?  Then you could be in for a rude awakening.  In reality, they’re the names of cutting-edge malware used by organized cybercrime rings to take over online bank accounts and drain them of cash.

Online banking fraud has reached epidemic proportions worldwide.  And cybercriminals are not only targeting big banks.  They’re zeroing in on consumers’ PCs. A whopping 39% of the world’s PCs are now infected with financial malware that’s designed to steal your information and your money, according to the Anti-Phishing Working Group.

Online Banking Fraud Could Happen to You

If you think online identity theft and online bank fraud only happen to other people, these stories from victims posted on Yahoo! Answers might change your mind:

“Last week, I attempted to log into my online bank account…and then it told me before I could view my account, I had to verify the debit card associated with the account … I got a call from my bank from the anti-fraud department asking me to clarify some payments that had gone out on my card.  In the end, they told me my online banking was compromised and that it was because my PC was infected with a virus.”

“I recently lost money from two of my banking accounts.  Both are with the same bank and both were hacked in the same manner. Similar ‘under the radar’ transactions were carried out … I am worried that I may lose more in the future if I do not determine the cause of such loss.”

“I got a virus and it took a few minutes to get it off and now my online banking information was stolen and they have Social Security number, my account number, my pin was changed, they might have even more information.”

Malware Has Automated Online Identity Theft and Bank Fraud

Sophisticated computer viruses can not only steal money from your online account, they can hide the crime.  Earlier this year, the security firm Trusteer found a new version of the SpyEye Trojan that replaces banking Web pages to prevent the account holder from noticing that their money has disappeared. The virus waits until the customer with the infected computer logs in to his online banking site. Then it steals his log-in information and tricks him into providing more information like his debit card details.  After it uses the stolen card number to make a purchase, the virus intercepts the customer’s future visits to the banking site. And it alters transaction records and account balances to conceal any signs of fraud.  Think this sounds like a far-fetched caper right out of Mission Impossible?  Well, in June, researchers at the security company Trend Micro reported on a new module for SpyEye and Zeus that automatically withdraws money from a victim’s account without the hacker having to monitor the crime, even if there’s strong authentication. These automated transfer system (ATS) attacks eliminate the need for money mules to receive the stolen funds.

Not surprisingly, the Anti-Phishing Working Group found that the financial services sector gets hit by more malware attacks than any other sector.  That’s not all. Anyone with access to online criminal forums can buy malware that targets financial institutions. And they don’t have to have any special skill set to use it.

How to Stay Safe When You Bank Online

Remember, if you bank online, you could be just one click away from disaster.   Ask your bank what it’s doing to protect you on the PC you use for online banking.  That’s where attacks occur.  Make sure your firewall is turned on and your security software is up-to-date.  Avoid the temptation to click on phishing hyperlinks in emails, even ones that appear to be from your bank.  That’s the surest way to download malware onto your computer.

Above all, never conduct online banking at Wifi hotspots without using a virtual private network solution like PRIVATE WiFi™. VPN software transmits the information traveling to and from your computer through a secure tunnel that’s invisible to hackers.  That means you can’t fall victim to evil twin attacks that could be used to inject malware onto your computer t Wifi hotspots.