ATTACK
SIM Swapping - SMS authentication codes are a problem for hackers, but they have a way around them and they don't even need your phone! They contact your network provider, claiming to be you and claim they lost their phone and that they'd like a transfer of their old number (i.e. your current number) to their SIM card.
The network provider deletes your phone number from your SIM and installs it on the hacker's SIM. Once they have your number on their SIM card, they can circumvent SMS codes and when they log into your bank account, the bank sends an SMS verification code to their phone. They can then log in to your account.
DEFENSE
To perform a SIM swap, scammers have to get your personal information in order to pass the checks, so always keep your personal details personal.
ATTACK
Phishing is one trick is hacking the email accounts of solicitors and sending phishing emails from a previously trusted address. That makes scams hard to spot!
DEFENSE
If an email address looks suspicious, treat it with great caution. If the address looks legitimate but something seems strange treat it as suspicious!
ATTACK
Keyloggers are a type of malware that record what you're typing and sends the information back to the hacker. If you go to your bank's website and type in your username and password, the hacker has all the information they need to break into your account!
DEFENSE
Install a good Antivirus and make sure it checks your system frequently. A good antivirus will sniff out a keylogger and erase it before it can do damage.
If your bank supports two-factor authentication, be sure to enable it because the hacker won't be able to replicate the authentication code even if they get your login details.
ATTACK
Sometimes, a hacker will target the communications between you and your bank's website by what is called Man-in-the-Middle (MITM) attacks...the hacker intercepts communications between you and a legitimate service.
When you send your login details, the hackers sniff out your details and steal them. They use a "poisoned DNS cache" which means that your bank's website address is cloned and goes to a clone site owned by the hacker. This cloned site looks identical to the real thing.
DEFENSE
Never perform any sensitive activities on a public or unsecured network. Use your home Wi-Fi and when you log into a sensitive site, always check for HTTPS in the address bar. If it's not there, there's a good chance you're looking at a fake site.
If you need to perform banking or other personal activities over a public Wi-Fi network use a VPN service that encrypts your data before it gets sent over the network.
ATTACK
Mobile Banking Trojans - Tricking Users With Fake Banking Apps. Crooks spoof an existing banking app by creating a perfect replica of a bank's app and uploads it to third-party websites. Once you've downloaded the app and you enter your username and password they are sent to the hacker.
Then there are mobile banking Trojans which aren't disguised as a bank's app; the Trojan scans your phone for banking apps and when it detects one, the Trojan puts up a window that looks identical to the app you just booted up. Hopefully, the user won't notice the swap and will enter their details into the fake login page which are then sent to the hacker.
DEFENSE:
Never install banking apps from third-party sites! Real bank apps should have a lot of downloads.When downloading apps from an app store, if it has a very low number of downloads and little to no reviews it could be malware so avoid it.
Be careful what permissions you give any app. For example, If a mobile game asks for permission with no explanation as to why it wants them, don't do
Further reading:
How to Protect Yourself Against Hackers (from the Minnesota Attorney General's office)
18 Ways to Secure Your Devices From Hackers (Business News Daily)
No comments:
Post a Comment