Today, I am going to tell how the hacker steals your money from your account. I will tell you several ways how they attack.
You will be shocked to know that most of the time we help the hackers to perform an attack. All the banks have a very strong security in their server side, so, most of the time it happens from the client side. And if you think that you don't have any online account or generally you do not use your online account for the transaction, but that does not mean you are secure.
Let's talk about attacks.....
1. Fake Email:
This is the most common type of attack and most of the people get trapped into it. There are several types of fake email attack also.
a)Verify your account:
This type of attack has a great success story in last 5-10 years. Generally, hackers send emails from a fake mailer website using the name of the bank to verify and update their bank account information. And many people thinks that it has been sent by the bank authorities really and they face trouble after that. See the screen shot.
It is saying to share E-Banking account details for verification, otherwise, the account will be deactivated.
I know what you are thinking... you are thinking that if someone reply with his details his details, it will go to the bank email.right???
But actually, it is not. Fake mailer has advanced features. when you reply to this mail it will automatically go to te person's account who has sent that mail.
b) IDN homograph attack:
You know there are some Russian Letters which exactly looks like the English letters. Okey, you are not believing me.
Do one thing.Copy the following 2 things one by one and paste in google and press enter
1. Computer screen ----- You are getting almost 52,50,00,000 results in google.
2. Сοmрutеr scrееn------ OPPPPPSSSS!!!!! There is nothing called computer screen in this world. Right? Then you are sitting in front of what??? That's funny...
So you can understand how much powerful attack is this.
So, if Someone send you a fake mail from bank's mail id and tell you to click on a link which looks exactly like your bank's website's link and will you click on it?
Remember one thing anyone can book a domain not only in English, in other languages also. So, If it looks like www.yahoo.com may be it is not original yahoo.com, may be the letter 'o' is replaced by Russian letter.
Solutions:
I have two very good solutions for you.
a) After opening the email address go to right side.Click one more and then click on show original
and then you will get the detailed information about the email, the actual sender and receiver and reply to - all these are clearly mentioned.
Here the most important point is Received, See the received option and you will get an idea that the mail has been sent from any fake mail.
2) If someone tries to perform IDN Homograph Attack just copy the main part of the link(mainly website part) and paste in in google. From the number of results you will get an idea about the originality of the link.
2. Keylogger
Probably you know about keylogger. It is a spy software that records each and every key stroke that you type in keyboard. There are two types of keylogger.
a) Local keylogger: It records the key strokes in a text file and stores in that computer only.
b) Remote Keylogger:
It records the key strokes of victims computer and sends the keystroke details to the hacker's computer who installed it.
If someone binds a keylogger with a free software that you download from the Internet and it gets installed when you install the software. Then the hacker will get not only your bank details, your Gmail facebook and other account details also.
Now there are some advance keyloggers which can record the keystroke of an on-screen keyboard also.
Solution:
Most of the banks have online keyboard in their website beside the login field which is much more secure way to use Internet banking.
There is an awesome software named as 'KeyScrambler' which protects user from keylogger, It encrypts each and every keystrokes. so if someone able to get the keystroke details also, but it will be in encrypted format.
3.Phishing page sent by unknown people:
The main question is what is a phishing page... Right? a phishing page is a fake page which exactly looks like the original page but the moment you enter any details in that fake page it will directly be stored as a text file in the server, That can be used by a hacker in future. I have also made a fake page of Gmail to show you.
Solution:
It is impossible to detect phishing page if you look only at the page.Because it looks exactly the same. The only way to detect a fake page is to watch the URL carefully. If it is a fake webpage of facebook, the URL of that page will be something else , not 'www.facebook.com'. Just look at the screen shot.
3.Fake call:
In many countries, there are a lot of fraud gangs who may call you and tell that he is mailing from a bank, and the validity of your credit card or debit card is going to expire. To keep your card active you have to tell the PIN , CVV and other things.
Solution:
Keep one thing in mind that No Bank Employee can call you and tell you to share card details. Because it is out of rule and Bank policy. If you receive any such call be sure that it is fraud, so never ever share your details. Because they will make a duplicate card with your details and will withdraw your money.
5. Payment through untrusted online website:
Sometimes you buy some products online from a non-popular website and pay through your debit card or credit card. But it is highly recommended not to buy products from an unknown website just for the discount. And if you want to buy really, Go for cash on delivery.
I came here from one of your quora answer, your site is good. Quite informative. Please write more and share more of such stuff. Btw, that computer screen search with russian o is showing your site in search results. :D :)
ReplyDeleteThanks a lot. I will do...
Delete