More Articles from

October: Time to Emphasize “Virtual” Vigilance

Halloween scares come courtesy of ghosts, goblins and ghouls. Online threats are on the prowl year-round and go by names such as skimming, MITB attacks and the appropriately-named scareware. Here’s the second part of our feature on cyber crime and tips to help you protect yourself, as part of National Cyber Security Awareness Month in October. In our last blog we covered risks such as phishing, smishing and vishing. Here are a few more scams to watch out for.

Skimming – the process in which original data from a debit or credit card’s magnetic stripe is electronically copied to create a duplicate card. This usually requires that a “skimmer” device be in place to copy the magnetic stripe data, or that a scanner is used by an unscrupulous employee at a point -of-sale terminal. However, there have been some instances where merchant terminals have been hacked, making all of the cards used on that terminal available to the fraudster.

Tips to Protect Yourself:

  • Inspect the card-swipe apparatus to see if it can be easily moved, does not look like the rest of the equipment, or looks different than you recall. If so, be wary.

Man-In-The-Browser (MITB) attacks. ZeuS, for example, is a crimeware kit that steals credentials from various online services like social networks, online banking accounts, ftp accounts, email accounts and others, by covertly infecting a computer, lying dormant until it sees a particular URL and then wakes up and captures credentials. Commonly available antivirus software packages are not going to detect ZeuS more than 60% of the time. In other words, a crypter has been at work! (see part 1 of our cyber crime blog series for details on crypters.)

Tips to Protect Yourself:

Although there is very little currently that is fully effective against man-in-the-browser attacks, the following are good precautionary steps to take:

  • Anti-Virus or anti-malware applications: software deployed to desktop computers, aiming to detect and disable malware.
  • Separate computer used solely for online banking: a computer can be set aside and reserved exclusively for banking access, with other web sites and applications disabled.
  • Hardened browser on a USB Drive or “Live CD/DVD”:  a hardened browser used only for connection to online banking.
  • Completely close browsers after online banking sessions and delete browser cache and cookies.

And finally, in keeping with our Halloween theme…

Scareware – Fake security software that alerts the computer user to non-existent threats and tricks him/her into paying to have the threat removed. The most common variation of this is the fake virus alert scenario, wherein a pop-up warns of a virus that has been detected, and offers to sell the software that will remove the threat. Often the software that is downloaded is itself malicious, effectively extorting the computer user to pay for the privilege of infecting themselves with more malignant software.

Tips to Protect Yourself:

When you believe that you might be the victim of a scareware attack, don’t panic. End the scareware process by pressing “ctrl+alt+delete”, clicking on the Windows Task Manager tab and terminating the suspicious process such as the executable for the scareware (i.e. WinAntiVirus.exe, ErrorSafe,exe, DriveCleaner.exe, etc.). This should then allow you to run anti-malware tools that can help you identify and remove the scareware. Among others, Malwarebytes and Superantispyware are good freeware tools that can detect and remove many variations of scareware.

Additional precautions:

  • Keep a current version of an industry-leading antispyware, antivirus and firewall product
  • Do not download free products or purchase them from unknown web sites and vendors
  • Do not purchase a product that is the result of an unexpected alert
  • Don’t click on links in e-mail or on social networking sites
  • Use a credit card that has sufficient fraud protection
  • Never use a debit card online

Remember that the Internet can be a scary place, but you’re more likely to stay safe if you learn how to identify threats and avoid them. Check out the good advice at the NCSAM page at staysafeonline.org or the OnGuardOnline.gov website. What tips do you have to help people stay safe online?

This guest blog submission was contributed by Ken, Susquehanna Bank’s Chief Information Security Officer.

[del.icio.us] [Digg] [Facebook] [Google Buzz] [Twitter]
Tags: , .
Posted in Banking Basics, Financial Education.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>