In recent times, hackers have developed ingenious methods using unique and complex arrays of cyberattacks to outwit security systems. They can be seen gaining sensitive financial information of individuals from banking servers or personal devices of an individual.
Here are some common types of cyber threats that are taking place these days:
In this, the hacker sends an email to the victim claiming to be a trusted sender (such as a bank or online shop), or set up a fake website that claims to be genuine. The hacker may also attach a banking Trojan to the email. Once the victim downloads and opens it, the Trojan steals activities and information, said Khushhal Kaushik, Founder- Lisianthus Tech in interaction with CNBC-TV18.
Another method, Kaushik said, involves hackers first purchasing real account information in bulk amounts from the dark web and then re-targeting those accounts using phishing emails.
“In such phishing emails, the disguised hackers request the victim to follow some simple procedures on a web page, which has been set up by the hackers to deliberately steal login information and other important credentials,” he explained.
Another common is fraud is using banking trojans.
"At times, hackers embed the fake applications with banking Trojans, such as the bank bots Cabaret Pink Slip, which intend to attack banks and stock brokerage firms to facilitate hacking operations. This malware uses an active directory attack to lock down users with multiple login attempts. These bots and trojans are focused on stealing money from victim bank accounts," Kaushik said.
Hackers also employ what is known as macro malware which is developed using programs such as the VB Script programming language used for MS-Word and MS-Excel. Legitimate-looking files are usually sent via phishing emails that contain malware-infected attachments such as cover letter reports by job seekers in the form of CVs and MS Word files, Kaushik said.
"Even any advanced antivirus programs not easily detect macro viruses. So, hackers are staying ahead of the game. Malware can comfortably hide within a system for long periods of time which gives hackers enough time to infect users' systems. Using free Wi-Fi is like requesting hackers to invade privacy. User data is shared by a person on the Internet can be intercepted by a hacker. This includes valuable personal data, such as usernames/passwords for online bank accounts," he added.
In fact, Kaushik further said, a user would find it difficult to differentiate between free Wi-Fi provided by an authorized agency and one installed by a hacker. Because of this, many banks have started using two-factor-authentication methods to keep their transactions secure. However, there are some advanced Trojans, which can circumvent these security measures. One such Trojan, Bankbot, mimics real banking applications to steal the login details of users.
So, how can customers secure themselves while using banking?
Kaushik said that it’s always advisable to avoid opening or downloading any attachments on the device without knowing the context.
"It’s equally vital to invest in a genuine and licensed antivirus software on all the devices. Additionally, users should never click on suspicious links within an email that may hold genuine information claims and abstain from sharing personal details on social media. Resorting to a VPN service is another way for users to neutralize and overcome potential cyber threats migrating. Free internet or hotspots should even be averted when travelling. Instead one should use a paid VPN to encrypt network traffic," he said.
How can corporates and government strengthen their cyber security?
On this, Kaushik said that the systems will remain weak unless the technical foundation of the internet system is strengthened as some of the technical products that we use in our day to day work are still dependent on other countries.
To secure the Internet in a foolproof manner, Kaushik said that the hardware devices should be indigenously built with built-in security features.
"Unless this is achieved, the government's Cyber security will remain 'porous' and vulnerable. There should be multi-factor authentication to track all logins across companies. If a company uses third party vendors for any services etc, they should make sure that they have their own security auditing or test reports. There should be dedicated cyber security and IT, support person, for the company. While it's important to use cloud-based and physical backups of important files, it's even more important to audit those backups regularly, he told CNBC-TV18.
In case of cyber fraud, what should customers do?
According to Kaushik, they should first freeze their bank accounts and credit cards and then change the internet and mobile banking passwords.
"They must inform the bank about the cyber fraud that has happened within 24 hours. Also, they should initiate a legal process to minimize the negative consequences of cybercrime. Customers can contact their local cybercrime investigation cell to file a written complaint against cybercriminals. Or the same can be done online," he suggested.
Disclaimer: The views and investment tips expressed by investment experts on CNBCTV18.com are their own and not that of the website or its management. CNBCTV18.com advises users to check with certified experts before taking any investment decisions.
(Edited by : Abhishek Jha)
First Published: IST