Wednesday, 4 June 2014

Here's how to protect your cash from a bank hacking crime wave

How to protect your cash from a bank hacking crime wave
Banks are trying to hold their customers responsible for online fraud as they fight a desperate war against internet hackers.
The High Street names are writing tough new rules that mean current account holders will be made to take the blame if they fall prey to online crooks.
Online banking and the number of  customers using apps to run their financial affairs is booming.
But the number of hackers trying to break into our accounts is also rocketing. A recent report by an internet security firm found 160,000 types of computer virus are being developed every single day.
These bugs aim to find holes in your online security and grab vital bits of personal data in order to take cash from your account.
So, banks are demanding customers take steps to protect themselves — otherwise they will fail to get a payout if they are a victim.
The new rules include making customers shred bank statements and have different Pin codes for each card, banning them from writing down their online banking details, outlawing the use of websites that store personal details and barring some banking services for customers who have second-hand phones.
The crackdown comes as police revealed that a new virus, called GameOver Zeus, may have infected 15,500 computers in Britain and is targeting your bank details.
Earlier this year, another computer programme posed a similar threat. And last month it was revealed that internet  giants  eBay and Paypal had been the victims of hackers who stole millions of their customers’ details.
Britain is in the grip of an online fraud epidemic and 2014 is expected to be a record year for losses to this kind of crime. 
Official figures show £40.9  million has been lost to hackers who have found increasingly sophisticated ways around the systems put in place by the banks. This is money that the banks have not been able to get back and have lost for good.
Last year, someone became the victim of bank fraud every two minutes. Fraud accounts for about 7p in every £100 spent.
More than 60 per cent of all fraud involved parts, or all, of a person’s identity being stolen —  i.e., their account details and passwords.
Half of all cases involving bank accounts saw that person’s account being taken over by a fraudster.
WHEN HACKERS GET INTO YOUR ACCOUNT
The important thing to remember about online bank crime is that it is almost impossible for a hacker to raid your account if they don’t have any of your details.
To break in and take your cash, they  need, at the very least, the full details on your bank card. 
But often even this is not enough as more personal information is needed. That could mean your full address or date of birth.
Banks know this. Their security is incredibly tight and their computer systems are remarkably good at spotting unusual transactions. 
In the case of fake cash machine withdrawals, they can also tell whether your original card has been used and if the criminal took several attempts to guess your Pin.
The law is on your side. Unless a bank can prove you’ve been negligent — and has evidence to back this up — it should refund you any losses.
But they are also desperate to stem the flow of money heading into the hands of fraudsters. In most cases where your account has  been raided by hackers, you’ve probably been tricked into giving away your details. 
This may have been done surreptitiously by gathering them from other information about you on the internet. 
That could mean from a Facebook page, details you’ve been duped into giving to a fake website or even personal information supplied when applying for something online. In recent cases, hackers are employing call centres and couriers to lure potential victims into revealing their details. This can be done by pretending to be from the police, your bank or a computer software company.
Money Mail has seen cases where customers have been refused a payout because they have admitted to giving their name and some critical account details to a person they thought was an official figure.
In an age where people have dozens of passwords and account details, many struggle to remember all their details and need to find a way to store  this information.
That’s why banks want to make it explicit about when they think you’ve been negligent.
TEENAGE GEEKS AFTER YOUR CASH
According to fraud agency CIFAS, the majority of online banking victims are aged 50-plus — and there has been a huge increase in the number of pensioners falling prey in the past year.
By contrast, the criminals are largely aged between 21 and 30 —though many are teenagers. 
A recent report by Cifas described these crooks as ‘imaginative, creative and resourceful’.
Spokesman Richard Hurley says: ‘If you were a pickpocket, you’d go to the place that offered richest pickings. 
Therefore, it’s not surprising that with the growing number of people going online, there is a boom in internet fraud. 
‘As a result, we need to make sure we take all possible steps to improve our computer security. 
‘Failing to do so is as much of a risk as going out and leaving your front door open.’
Security experts say there is a growing online marketplace for criminals buying and selling personal data — and they are not hard to find on the internet for anyone with a reasonable understanding of computers.
They discuss their tactics and techniques on forums in Eastern Europe and China, which helps them stay one step ahead of the banks. 
Incredibly, some aren’t in it for the money — they are disgruntled with big business. But they find they themselves become pawns for organised crime gangs.
Dr Siraj Ahmed Shaikh, who teachers cyber security at Coventry University, says: ‘They don’t have sympathy with big corporations because they believe they are guilty of tax evasion. They want to damage the reputation of these companies. But sometimes the line becomes blurred between their ethical stand and the money to be made from online crime.’ 
YOU’RE ROBBED - THEN BLAMED
You would think that with sophisticated technology constantly being developed it would make it even harder for the hackers to get hold of our bank details.
But, incredibly, the launch of more phones and the growth in the number of customers banking on the move makes the internet banking system more susceptible.
That’s because the online technology used to run these gadgets is always changing, and with each new  bit of software comes the opportunity for hackers to find a loophole in the security.
When the new iPhone 5 was launched, it took one computer whizz-kid just eight hours to break into it. 
It used to be the case that banks could hold you at fault only if you had given away your Pin. 
But some have introduced a list of up to 30 rules that customers must stick by or risk not being repaid their fraud losses.
The idea is to make it as hard as possible for criminals to get their hands on your details. These include: 
  • Shredding bank statements and other official records.
  • Having separate Pins for different cards. 
  • Not letting your computer save your passwords or automatically use them for online forms. 
  • Ensuring your mobile phone is locked when you are not using it. 
  • Checking no one can hear your calls to your bank. 
  • Keeping virus software updated on your computer.
Banks won’t necessarily hold you to blame if you don’t do all these things. But failure to take these steps could see you branded negligent.
Last month, Lloyds Bank sent out new terms and conditions to its customers. 
These make it explicit that customers who have mobile phones that have been altered to allow them to get access to unusual software (known as being ‘jailbroken’ or ‘rooted’) may be barred from using bank apps.
On top of this, customers are banned from giving their bank details to websites that store your financial information in one place.
Other High Street banks have similar rules.
TRICKS YOU NEED TO KNOW
  • Don't ever give out your  personal information to strangers.
  • Never use personal details as passwords — such as birthdays of loved ones or your pet’s name.
  • If you're asked for personal details when signing up with a company, use a random word you’ll remember instead. Just because they ask for your mother’s maiden name doesn’t mean you have to give her actual one.
  • Don't do online banking in a public place, such  as a cafe. By using wireless you expose yourself to the risk of fellow customers being able to hack into  your account.
  • Never write down your Pins and passwords in a book, even if it’s locked in a filing cabinet. You may think that it’s safe, but don’t under-estimate criminals.
  • Make your password as long and  as random as possible. Modern software allows a computer to make  1,000 guesses a second — meaning that a random five-letter password can be cracked in four hours.  But it would take a life- time for criminals to work out a  20-letter password.
  • Get yourself an online mentor if you’re not confident on the internet. This could be a close relative or friend. You shouldn’t give them your bank details, but they can help you decide if something isn’t right.
  • If your gut feeling is that something is not right, contact the police and your bank. If you’ve been called by suspected criminals on your home phone, call from a different line.
  • Never reply to emails that appear to be sent from your bank and, in particular, never give them your passwords or log-in details.
  • If your computer is behaving strangely — windows keep popping up or strange internet pages are appearing — then don’t log in to your bank account. It may be infected.




Ruth Lythe
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)