Prevent Bank Account Hacking--December 2009



Posted: Monday, December 14, 2009

by
Panama Legal

Executive Summary – Thefts of funds from bank accounts using online banking is on the rise. One cause is the infecting of computers with viruses and Trojans through social networks like Twitter and Facebook. The popularity of these types of sites has opened up people to all sorts of viruses that they would previously not be exposed to. People years ago learned to not open files sent in emails unless they were really sure who the sender was and what was in the file. Additionally the large free email services began screening for viruses on uploaded files and incoming files, which really cut down the simplicity of sending out viruses in mass. Banks generally indemnify clients for online banking losses due to hacking but it can still be problematic filing a claim and getting reimbursed.

The Targets – Generally the hackers go after business accounts that have reasonable amounts of money and a lot of activity. The point is to send an interesting and specific enough email to the recipient to get him to open the email (subject header) and then to get the person to click on a link. The clicking will install a virus or Trojan in their computer. They will then capture screenshots, install a keystroke logger, get passwords from unsecured password files or other vital data. Another way it is done is by installing software from evil websites designed to install such software.

Protective Measures Against Bank Account Hacking –

  1. Do not use your windows computer to access bank accounts or to store banking passwords on. They are the most popular operating systems thus they will draw the lions share of development of hacking tools by the hackers. The target audience is the greatest with a windows computer. Use Linux or Macs. They are secure systems. Before an application (think malware) can run it needs to get permission from you in the form of a password being entered into a popup screen notifying you of the newly installed software trying to run. This means you can have bad software put into your computer from stupidly clicking on a bad link etc and the software cannot harm you because the computer will not let it run. This is applicable to Mac and Linux and possibly some of the latest versions of Windows but I never trust windows for anything.

    All this spam you get is sent from bot networks which are the result of windows vulnerabilities allowing the spammers to easily install malware in people computers and take them over in the background and send spam, do DDOS attacks etc. Thank you windows. My guess is over 95% of the hacking is done on windows computers. You can buy a windows computer, reformat the hard drive and install Linux which works like a Mac, very easy, free or cheap, uses less memory and resources, more stable, way more hack resistant (not even a comparison) and overall provides a more pleasurable experience. Just have your local computer store do the installation for you.

    Most of the same programs you use will have a Linux version or there will be an equivalent and probably available for free like the Sun Office Systems freeware to replace Excel, Word etc. Macs are every bit as good as Linux just cost more. Their hardware seems to be the best quality out there for mainstream computers. Linux and Mac are related closely. Easiest is go buy a Mac. Cheapest answer and also a good one is to reformat a windows computer and run Linux. Do run ant-virus programs and firewalls anyway even if it is a Mac or Linux.

  2. Use obscure brands of browsers and email programs. Do not use the mainstream browsers especially if you are on windows. Try Google Chrome if you are using Windows. Do not use the popular email programs. Use web based email or else use an obscure brand. With an obscure brand the target audience for the hackers is very small and they will not waste a lot of time developing a hack for such a program.

  3. Firewalls. Do get and use a software firewall. It should be application based so every application trying to run has to get permission from you to run. A new application (malware) cannot hurt you since it cannot run without this permission. The trick the hackers use is to make the firewall think it is a common program updating like Word or something and get you to click on it. Be careful and read the prompts and if in doubt just deny it the right to run or connect to the Internet. Use an off the beaten path firewall, not the common brands. Read firewall reviews on the net and pay attention to what they call leakage.

  4. Wireless Routers. Great protection but should be used in addition to firewalls. Always use the most secure encryption, never run without encryption. An encrypted wireless router with a good software firewall will give you a lot of protection, a whole lot.

  5. Anti-Virus programs are great and should be run. Avoid mainstream ones in that the governments can cause them to not detect their malware, not good. Use only open source code programs. Try Clam. Open source means all the code is available for inspection and thus no exclusion rules for government software, it makes this deception impossible. Open source code products are free and you should use them whenever possible.

  6. WiFi Networks away from office or home. These can be dangerous. Numerous attack possibilities. Use an encrypted VPN network from a third party provider that provides their own DNS. This will prevent DNS poisoning. The game the hacker's play is to try to get you to go to a site that looks like a popular bank but is not the bank it is their copycat site and then they get your passwords when you try to enter the site. The site then says problem check back in three hours or something and then they go and hack your account. Avoiding airports, hotels, restaurant Wi-Fi networks on a secure computer is a good idea but by all means sign up for a secure VPN service that has its own DNS if you must use such networks for banking. This will make it far more secure.

  7. Password file folders should be encrypted and open source code to ensure the company who made it is not dirty. Keep all secure passwords in this only, nowhere else.

  8. Encrypt your whole hard drive. This is for those with special needs or those who want to be very protected. Get True Crypt. It is open source freeware that will encrypt your entire hard drive or portions of it. Not easy to use, not so hard either but very effective and open source so no games being played.

  9. Get a hard drive cleaner to overwrite deleted files with X's and O's to make deleted data unrecoverable. Overwrite at least twice. Some say seven times but for most of you twice is overkill. If you want overwrite files many times but it takes a lot of time. If you overwrite files twice and free hard drive space, say two or three times a week over time everything except newly deleted files is really buried. So overwrite trash bin files and free hard drive space. Sometimes a hacker looks in your not plainly visible files to see what he can learn like a stored password entry in windows. Do run such hard drive cleaners frequently, like once or twice a week. Delete any data left in browsers, etc also.

  10. Flash Drive Games. Keep all vital information on a flash or USB drive. Encrypt the drive with True Crypt, not hard to do. Then you can carry all your secure files with you easily and they are encrypted to guard against loss. Just plug it in when needed.

  11. Stay away from trash sites and social networking sites. If you must go to them buy a separate computer only used for this sort of activity. Create a backup and if you get hit with malware just reformat the hard drive and then load up your backup. Keep no vital data on this computer and do not use it for business or banking.

  12. Never use any of the software that lets you operate your computer from a separate location over the Internet. These products are very dangerous and leave you open to a lot of attacks. Never allow file sharing with external computers as a rule.

  13. I would not use any of these file-sharing networks to download music, video etc. This is a popular way to infect computers.

  14. Keep current on the security updates with your software. Let the program tell you the update is available.

  15. Use passwords that are at least 8 characters alpha and numeric. Never use just alpha or just numeric. A really secure password is 16 characters alpha, numeric, and case sensitive and of course 32 characters better still. 16 characters is really quite secure, 8 characters is minimal.

  16. Consider running full hard drive virus scans before each log in to your bank account. This is a good idea just to double-check everything.

  17. Give your bank an email account that is secure, not in a privacy invasive country. Do not give this email to other people or use it for general correspondence. This should take care of phishing emails.
Summary – The hackers used to focus on stealing credit cards now they go after bank accounts. Credit Card fraud is still massive but bank account fraud is more lucrative. Some people are more careful about their credit cards that they are with a bank account containing millions of dollars in it. There are tricks that the banks could adapt but they a re not so smart. One such trick is to only let one specific ip address log into the bank account. Then the hacker has to take over your computer and use your ip address to log in and this increases the magnitude of their task greatly.

You could get a situation with the bank where only the balance and history can be checked online. Wire requests would be sent in by fax. The hackers do not get into faxes BUT do not use Internet fax services. Use a real fax machine, then shred the fax since it has a password and account information on it and flush the shredded paper down toilet or burn it in an ashtray just to make sure. Good safe banking.

http://www.panamalaw.org


This Article has been viewed 194 times. (Not updated in real-time.)
No comments yet.
We want your comments! If you can read this, you don't have javascript enabled, so you can't use this comment system. Please enable javascript.