Warning over online banking fraud attacks
Banking malware is a kind of software used by cyber criminals to target online bank accounts and allows them to obtain personal and financial details, and 41 per cent of computers infected by viruses are subject to this type of threat.
Computers or mobile devices may become infected if their antivirus or system software is not up-to-date. Once a virus has infected the device, a cyber criminal can remotely take control of the internal functions of the device and steal personal data and access online bank accounts, as well as encrypting files and distributing malware to other computers.
There are four types of malware which cyber criminals use to steal personal data:
Virtual Network Computing (VNC): commonly used when public wi-fi networks are used, cyber criminals can remotely access a device and infect it with the malware.
Cookie Grabbers: can pick up on information entered while the user is on the web, such as banking passwords.
Spy Modules: monitor web browser activities and let the criminal; attack as soon as the user accesses, for example, a banking website banking website.
Drive Scanners: these search files and folders on the infected device and looks for documents containing passwords or other useful information.
Action Fraud and the City of London Police have identified activities which could lead to a user’s computer coming under attack:
- Don’t click on links you receive in unsolicited emails or SMS messages. The links may lead to malicious website and any attachments could be infected with malware.
- Only install apps from official app stores, such as Google’s Play Store, or Apple’s App Store. Jailbreaking, rooting, or disabling any of the default security features on your mobile device may leave it more susceptible to malware infections.
- If an online banking login page asks for details such as the 3 digit (CVV) number on the back of your card, the long number on the front of the card, your card’s expiry date, or the 4 digit PIN for your card, then don’t login until you’ve called your bank to verify that you’re logging in to a genuine web page.
- If you receive messages, browser pop-ups or calls claiming to be from your bank and asking you to do transfer money out of your account, don’t respond to them. Your bank will never ask you to do this, and you should inform them immediately.
What to do if your computer has been infected with malware:
- Disinfect your computer - for free - by using software from providers such as Microsoft and Symantec.
- Change all of your passwords on banking, email, social media and other potentially sensitive online accounts.
In a three month period the City of London Police detected 280 different malware families, including the most popular, Ramnit which has infected 3.2 million computers globally between 2010 and 2015.
City of London Police’s Commander and National Coordinator for Economic Crime, Chris Greany said: “We live in an age where computers and mobile devices dominate our lives, both during work and play. Cyber criminals are increasingly using malware to access our financial details and are constantly adapting it so that they can try and get ahead of the security measures put in place by law enforcement and industry".
“Both the public and businesses need to be aware of this and accept that whilst it is safe to use online banking; they should follow our protection advice which will help them to avoid their online bank accounts being compromised”.