I’m taking a rest after this but hey, before doing that – better put up this entry for everyone. Some might want to said that this kind of entry have flood the NET. But, this is my blog and I want to put it in, no matter what other might says.

People are haunt by electronic break-in, hacking, and cyberspace fraud for many years, which one of most hottest topic in news and blogs – Online banking threats. What consumers really have to know are how the hacker’s games or tools in their road toward tarnishing people’s life. We should remind ourselves on how they do their works. Read below list:

  1. Phishing Scam
    Phishing scam is the classic form of identity theft. It occurs when a person receives an official-looking email aimed to fish your personal information by false pretenses. For example, the message can ask recipients to change their passwords or resubmit contact information due to the bank’s technical problems.Links in those emails will redirect you to websites that look and feel like the authentic banking  sites. Scammers recreate pages using information and logos from legitimate websites in hopes to fool consumers. If you enter your account details into them, the information will go directly to the criminals.Avoiding phishing scam is simple: don’t click on links in e-mails that ask you to provide your personal or financial information online. Call the banking company if it appears to be from or open up a separate window in your browser, type in the official address of your bank and navigate the site on your own.
  2. Teaming up with an insider.
    A US Treasury Department analysis indicated that over half of all reported computer break-ins involved an insider. One type of insider is a person who finds weaknesses unknown to system administrators and uses this information to access online accounts.
    Another type of insider finds a job at the bank specifically to commit a fraud. People who work in the customer assistance department may try to steal consumer information databases. Law enforcement officials investigating computer crimes often tell that they find passwords even on Post-it notes stuck on the employees’ monitors. Other criminals join technology staff to find a glitch, bug, or vulnerability in the network and software.
  3. Using a worm or virus.
    Viruses like Trojans can be caught by downloading programs you think you need or clicking on a link to a greeting card of video that arrives in e-mails spam. Or, you can pick viruses up by visiting a web page that’s been corrupted by hackers.If you get infected with a virus, the data on your PC will be recorded and sent to the hacker automatically. Viruses can hide silently inside your computer only to activate once you enter information into specific websites, like banking sites.Then they steal usernames and passwords by copying the log-on page or capturing keystrokes.So-called man-in-the-middle Trojans are more advanced. They can make fraudulent fund transfers while the victim is on the banking website. Another type of new viruses can make a copy of the web page showing account balances, but the amount will be changed so the user will see what he or she expects to see.If you want to avoid catching worms and viruses, a suspicious eye and up-to-date anti-virus software can help. You need to be careful about where you surf on the Internet when you are not banking.
  4. Using malicious software on public computers.
    The scam typically begins when a hacker installs keystroke-monitoring software on any public computer to obtain customer login names and passwords. Fraudsters can even get a temporary job in a library, hotel business center, Internet café, airport, etc. to simplify this task.Then hackers wait until anyone types in the web address of online banking account, user name and password. All keystrokes entered on the computer will be recorded by the malicious software and e-mailed to the hackers’ PC.This emerging Internet fraud is a new version of the widely used phishing e-mail scams, in which spammers send out mass e-mails containing hyperlinks to fake websites.
  5.  Stealing passwords.
    Password theft, password cracking, and even password guessing are still serious problems. Computers can process large amounts of data in a relatively small period of time. It is estimated that financially-motivated hackers can guess passwords at the rate of 1 billion guesses a second.Dictionary attacks, hybrid attacks and brute force attacks are various methods used to guess or crack passwords. The only real protection against such threats is to use multilevel authentication or very long passwords. A 5-character password will take 10 seconds to guess, 6 characters – 1,000 seconds, 7 characters – 1 day, 8 characters – 115 days, 9 characters – 31 years, 10 characters – 3,000 years.
  6. Exploiting default settings.
    If a target network uses the defaults set by the manufacturer or vendor, it is much easier to attack it. To see the scope of this problem, just Google “default passwords”. You will find a lot of websites that list thousands of the default log names, passwords, settings, access codes and naming conventions for various types of software and hardware.That’s why one of the most effective and simplest security precautions is to change the default settings to other alternatives. You also need to pay attention to the installation defaults like path names, folder names, components and configurations. If it is possible, consider all options for customization.
  7. Attacking wireless networks
    Wireless networks provide a lot of benefits, for example freedom from wires and the ability to be mobile within your office or home. However, hackers find it easier to make DOS, interference, hijacking, eavesdropping, man-in-the-middle, spoofing, and other attacks in wireless networks.You will need more time and efforts to secure wireless networks than to deploy a traditional wired network. In addition, many organizations have discovered that workers have brought in their own WAP and opened up security holes in wireless networks.
  8. Gaining access to the servers.
    Some hackers prefer attacking the hardware itself. They exploit attacks-prone Web systems to take control of the servers running the bank’s online operations, for example Microsoft IIS (Internet Information Server) or Unix Web servers.By gaining access to the servers through security holes, a hacker can modify any trusted applications to perform fraudulent operations. Such internal applications probably won’t be noticed by the network’s security system.
  9. Using back door’s  programs.
    A backdoor program allows the hacker access to your computer, bypass normal authentication , get full access to every facility and file on your computer (including your bank account’s log name and password) and send this information to the hacker’s PC.The backdoor could be an installed program (e.g. Back Orifice), or a modification to an existing program or hardware device . A specific form of backdoors is rootkits,which discloses the presence of other users, programs, services and open ports.
  10. Monitoring vulnerability researches.
    Hackers often read websites, blogs, discussion boards, and other sources of public information to learn more about bugs, issues, and vulnerabilities with hardware and software. Their aim is to find about possible attack points before users and companies become aware of this bug.To combat vulnerability research on the part of the hacker, you have to be just as vigilant as the hacker. Keep watching on discussion groups and web sites to learn about problems in order to protect against them just as intently as the hacker is looking for problems to exploit.

With all that risks, threats, and vulnerabilities existing in IT environment, 100% online banking security is just a dream. Keep in mind that hackers are looking for the easiest way to penetrate into online banking systems, and they know that the biggest security hole is usually sitting between the keyboard and the back of the chair.


p/s: Read also my entry on “Meets Identity Theft Crisis Freak Outs