Dangers to your bank account – how to perform online-banking securely

  • December 13, 2012
  • 5 min read


Users of online-banking are generally more conscious of the risks they take when performing online transactions than with any other online service. This isn’t surprising, because if the wrong person gets their hands on your login details or in the worst case your TAN numbers as well, they can easily empty your account from anywhere in the world. Nevertheless, far too many users still bank online with little care, resulting in billions in damages every year.

The secret eavesdropper

Several years ago, phishing was the method most commonly used by criminals to get their hands on online-banking login details. Today however, very complex malware has become the method of choice. The prevalence of malware targeted at victims’ bank accounts has grown to such a massive extent that two terms have been established to classify it: Financial malware and banking trojans. The latest versions of this malware rely on a particular form of the “man in the middle” attack, the so-called “man in the browser”.

“Man in the middle” means that the communication between two partners (you and and your bank, for instance) is intercepted, making it possible to eavesdrop and also manipulate. In the case of “man in the browser” attacks, this is performed directly in your browser. This is why SSL encryption intended to protect you from conventional “man in the middle” attacks, is ineffective.

Financial malware usually injects itself into running browser processes and thus gains full control. This means that financial malware not only knows which websites you open and exactly what you are doing on these sites – including all user details and passwords that you type in – but is also able to manipulate the website displayed, without your knowledgebase. This is particularly harmful to you as a victim, if transfers you make are manipulated and redirected to other accounts. Even existing forms on bank websites can be subtly modified so that more than one TAN can be requested. These TANs and the copied login details enable the criminals to gain full control of your account.

The victims have little or no chance

There are a number of inter-connected reasons why attacks on online accounts are so popular. The criminals gain immediate access to an account, which leads them directly to their goal: Money. The nasty thing about all of this is that their access often remains unnoticed for a long time. There are several reasons for this:

Online-banking – the safe way!

Although it may not sound promising so far, it is, of course, possible to use online banking securely. However, we strongly recommend the use of a capable security suite such as Emsisoft Internet Security Pack. This includes Emsisoft Anti-Malware and Emsisoft Online Armor and consists of the following excellent features:

Emsisoft Anti-Malware’s surberb online-banking protection has been confirmed by the independent anti-virus testing agency MRG-Effitas. In an extremely complex test, typical attack vectors of financial malware such as several variants of Zeus, Citadel and SpyEye, were simulated.

Several methods of distribution were simulated, including downloading via Internet Explorer or by using a USB stick. In order to pass a test phase, the minimum requirement was that a tested program had to interrupt the transmission of the recorded banking data.

The appalling result: Only 4 out of 32 tested programs managed to pass all tests without any user interaction. At the forefront is Emsisoft Anti-Malware which immediately detects the execution of malware and blocks it reliably. Financial malware doesn’t even have the chance to infect your computer, let alone record your data. Read the detailed test report here.

 

Have a nice (malware-free) day!

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Your Emsisoft Team
www.emsisoft.com

What to read next