Sophisticated online bank account hacking uncovered
Published 3 February 2012
The BBC reports on a new sophisticated hacking technique called 'Man in the Browser' (MitB) which allows criminals to steal money from your bank account without your knowledge.
Criminal hackers are upping their game against banks' increasingly sophisticated security software. The BBC reports on a new hacking technique called 'Man in the Browser' (MitB), which allows criminals to move money out of your bank account and hide the evidence by controlling your on-screen bank balance.
Victims log in to their usual online bank account and are offered the opportunity to try an "upgraded security system". If you did, the MitB malware could enter your web browser. It lives there and can get between you and the website you're visiting, making changes to what you see on-screen and altering what you enter.
Criminals are using this malware to specifically target online bank accounts.
Security devices like PINSentry from Barclays and SecureKey from HSBC (the ones that look like calculators) are designed to give an extra level of password protection, although the hackers are even managing to get around these devices too.
All banks are equally vulnerable to this new threat, although there are steps you can take to spot it. If your transaction is taking longer than usual, it may be because it's being transferred through a hacker's system. If you're asked for more information than usual, to do with passwords, there may be something going on. Infected computers often run more slowly too.
To avoid falling victim to this particular threat, follow your bank's official advice about online security. Use up-to-date anti-virus software and watch out for anything suspicious or unusual. Report anything suspicious to your bank over the phone - not email - including the time and date it happened.
Banks in the UK will usually refund genuine victims of online fraud. They also have additional 'back-up' security systems of their own to prevent fraud, although it's recommended that all online banking customers use their own online security anti-virus products too.
£16.9 million was lost to online banking fraud in the first half of last year according to Financial Fraud Action UK. And the Government is getting involved. It's proposing an advertising campaign to raise awareness among the public about how to protect yourself online with some basic precautions.