TREND MICRO - INTERNET BANKING - CARE FOR YOUR CASH ONLINE

8/3/2019 TREND MICRO - INTERNET BANKING - CARE FOR YOUR CASH ONLINE

1/12


2/12

nternet or online banking is now a popular banking service,thanks to developments in the Internet and in mobiletechnologies. Accessibility, availability, and mobility are justthree of the reasons why more and more users choose to

bank online. Apart from established nancial institutions likethe Bank of America, HSBC, and Citigroup, so-called director Internet-only banks like ING Direct and Charles Schwabalso offer online banking services.I


3/12

Online banking continues to grow in the United States,as nearly 60 percent of the countrys Internet population

conduct banking transactions online. Internet banking is alsogrowing in Asia/Pacic, particularly in Southeast Asia. The number

of visits to online banks across Malaysia, Hong Kong, Vietnam,Singapore, Indonesia, and the Philippines increased by 24 percent fromJanuary 2010 to January 2011. The popularity of smartphones and mobile

apps is also making mobile banking a popular means to digitally conductbanking transactions. In the second quarter of 2010, 13.2 percent of thetotal number of U.S. households accessed their bank accounts via theirmobile devices.

Despite continuous growth, however, mobile and Internet banking usersare still quite concerned about security. A comScore 2010 report says one-third of the total number of online bankers in the United States do not paytheir bills online due to various security concerns. This fear is, however, notunfounded, as reports of related spam and phishing attacks against Citi,Standard Chartered, the National Bank of Kuwait, and the Public Bank ofMalaysia continue to plague users worldwide.
http://www.comscore.com/Press_Events/Presentations_Whitepapers/2010/The_2010_State_of_Online_Banking_Reporthttp://www.comscore.com/Press_Events/Press_Releases/2011/3/Online_Banking_on_the_Rise_in_Southeast_Asiahttp://blog.nielsen.com/nielsenwire/consumer/mobile-banking-a-growing-and-lucrative-market/http://blog.trendmicro.com/citi-prepaid-phishing-services/http://blog.trendmicro.com/phishers-send-out-standard-chartered-spam/http://blog.trendmicro.com/national-bank-of-kuwait-phished/http://blog.trendmicro.com/public-bank-of-malaysia-phished/http://blog.trendmicro.com/public-bank-of-malaysia-phished/http://blog.trendmicro.com/public-bank-of-malaysia-phished/http://blog.trendmicro.com/public-bank-of-malaysia-phished/http://blog.trendmicro.com/national-bank-of-kuwait-phished/http://blog.trendmicro.com/phishers-send-out-standard-chartered-spam/http://blog.trendmicro.com/citi-prepaid-phishing-services/http://blog.nielsen.com/nielsenwire/consumer/mobile-banking-a-growing-and-lucrative-market/http://www.comscore.com/Press_Events/Press_Releases/2011/3/Online_Banking_on_the_Rise_in_Southeast_Asiahttp://www.comscore.com/Press_Events/Presentations_Whitepapers/2010/The_2010_State_of_Online_Banking_Report


4/12

Each step of the Internet banking process exposes users likeyou to risks of theft of personal information, money, or evenyour identity. Read on to learn about some of the challenges

Internet bankers face and what precautions you should takeso you wont become the next victim.

Signing up for an online banking account usually includes options tosubscribe to monthly updates, to newsletters, and to other auto-generated promotional email messages. Scammers often usethese in phishing attacks to trick you into clicking maliciouslinks or into downloading malicious le attachments. Phishing

email messages are usually fake noticationswith malicious links that can lead you to

malicious sites or that can lead tosystem infection.

Apart from email messages, cybercriminalsalso take advantage of other technologies

like voice over IP (VoIP) to steal yourpersonal credentials even via phone. If

they get hold of your phone numbervia any meansyour online banking,social networking, or other online

accountsthey can call you on abudget via VoIP devices andentice you to give out otherwise

private information.


5/12

Most online bankers access their bank accounts after receivingnotication email messages. Cybercriminals deftly spoof login pages to

look very similar to the real ones. This is the easiest way by which theycan steal your user names and passwords so they can access

your accounts.

The safest way to access your online bank accounts is to use bookmarks or totype the sites addresses into your browsers address bar. Keep in mind thatthe links cybercriminals often provide in their phishing email messages aremalicious. These lead to spoofed pages that can spell a lot of trouble for you.

To address these and other similar issues, online banks have taken tousing an additional layer of protection for their customerstwo-factorauthentication. Two-factor authentication requires users to provide theirrespective user names and passwords, apart from other more personalinformation that the banks send them via a physical device (e.g., a token IDor their mobile phones) or a biometric print in order to prove their identities.

In retaliation, cybercriminals started using the so-called form eld or Webinjection technique to steal information. To do this, they add elds tolegitimate login pages, behind which are found JavaScripts that steal the data

you type in. To ensure compliance, these scripts even display prompts urgingyou to ll in the missing information. Even worse, these can hinder you fromaccessing your account if you leave the additional elds blank. This techniqueallows the bad guys to steal your secondary passwords that you use tocomplete nancial transactions.
http://blog.trendmicro.com/a-look-at-zbot-2-0-information-theft/http://blog.trendmicro.com/a-look-at-zbot-2-0-information-theft/http://blog.trendmicro.com/a-look-at-zbot-2-0-information-theft/http://blog.trendmicro.com/a-look-at-zbot-2-0-information-theft/


6/12

Cybercriminals steal information in various ways. They can insertWeb injects anywhereinto the login, bill payment, or fund transferpageso they can ask for your ATM PIN. This is possible if yoursystem is infected with malware like ZBOT Trojans.

Some ZBOT variants can monitor your browsers address barwhenever you access an online banking site. Cybercriminals even

recreate several legitimate pages to which they can add speciallycrafted Web injects. Some malware even change your browsers proxyconguration. This lets the bad guys get the information you inputbefore it even gets to your intended recipients hands so they can hijackyour banking session.

All of these malicious routines are silent and so effectively fade into thebackground. Some of the pages cybercriminals use may not even be

infected. Sometimes, all a malware has to do is hijack your session IDatemporary unique ID that a certain site gives for the duration of your currentvisitto steal your credentials. It expires after you log out of that site.Unfortunately, some Trojans can keep hijacked sessions open even afteryouve gone, which allows cybercriminals to steal from you.
http://about-threats.trendmicro.com/Search.aspx?language=us&p=TROJ_ZBOThttp://about-threats.trendmicro.com/Search.aspx?language=us&p=TROJ_ZBOT


7/12

The mobile phones of today have become smarter. Smartphones havevarious features that allow users to do everything they need to, includingmobile banking. Increased consumer condence contributed to the rise in thenumber of mobile banking transactions in 2010.

Keep in mind though that mobile banking differs from making mobilepayments or using mobile money. Mobile banking refers to using your

smartphone to conduct transactions like checking your account balance ortransferring funds. Making mobile payments, meanwhile, refers to using yourphone credits as electronic currency or as means to pay for purchases.

Your smartphone can serve as key to your online banking accounts. Thisfact didnt escape cybercriminals attention, prompting them to createmalware targeting smartphones.

To keep up with technological advancements, online banks are starting todevelop apps for their clients use as well. These apps can be Trojanized or beturned into malware downloaders. Cybercriminals can infect your smartphoneto steal the information stored in it. They have also taken to hijacking thetext messages that banks send to your smartphone as part of their two-factor authentication systems. Doing this allows them to bypass even thebanks additional security measures.

Mobile user interface (UI) spoong isanother means by which certainmalware steal information fromvictims via their smartphones.Cybercriminals can also send you

text messages that require you to

respond with your account number,user name, PIN, and otherpersonal information in exchangefor enticing promises.
http://blog.trendmicro.com/zeus-targets-mobile-users/http://blog.trendmicro.com/mobile-ui-spoofing-another-reason-for-smart-surfing/http://blog.trendmicro.com/mobile-ui-spoofing-another-reason-for-smart-surfing/http://blog.trendmicro.com/zeus-targets-mobile-users/


8/12


9/12

nline banking may bring about a lot of

advantages like mobility, convenience, andaccessibility. Remember though that theseadvantages may also provedisadvantageous in terms of security. Toensure safety while banking online, keepthese tips in mind.

Be cautious about choosing your bank. Make sure that thebank you want to open an account with is legitimate andthat it provides insurance. Unlike actual bank robberies,online fraud takes money from customers like you

instead of from the bank. So, its only logical for Internetbanks to insure online accounts.

If you can live without monthly newsletters andupdates from your online bank, dont sign up

for subscriptions.

If you choose to receive email notications, however, viewthese over secure Internet connections and on private

systems with rewalls enabled. Avoid clicking links in emailnotications. Banks do not ask for personal information,especially passwords, via email messages. No matter howlegitimate an email message looks, its still best to conrmwith your bank if they really need your personal information.To do so, call your bank. Their contact details are usuallyfound on their ofcial site. Dont call the number specied in

the email message because this is most probably just asfake as the message itself.

O


10/12

Dont be too trusting of personal calls supposedly fromrepresentatives of your bank. Always ask for anincident report or for a trace number. If they cantgive you any, hang up then call the banks realnumber to report what just happened.

Make sure that you keep your access credentials and othersensitive information secret. Avoid sharing these. In fact, dontshare these even to close relatives or friends.

Carefully scrutinize your banks login page before enteringany information. Make sure that its URL is correct. If yourbanks URL, for instance, has a w, ensure that the URL onyour address bar has a wand not two vs. Note, too, that

secure URLs usually begin with https://and that legitimateonline banking pages usually have a small padlock icon onthe bottom right corner of your browser.

When lling out your online banks login page, be mindful ofany suspicious question. Stay away from login pages that askyou to give out more information than is usually required.


11/12

Make it a habit to regularly change your passwords. Dontuse a single password for different accounts. Keep your

passwords to yourself and use a mix of uppercase andlowercase letters as well as numbers and symbols.

When conducting transactions, pay attention to your systemsperformance. If it suddenly responds slower than usual, scanit with a reliable security software. Always enable its rewalland activate your OS and applications auto-update feature.

Activate your smartphones personal identication number (PIN)

or password lock feature. Avoid turning your smartphone oryour systems automatic login feature on. Immediately report theloss of a device to your bank. Like your system, we can helpprotect your smartphone, too, with Trend Micro Mobile Security.Note, however, that you should always be wary of installing appsin your phone because cybercriminals are now fond of creatingTrojanized apps that download malware onto any kind ofmobile device.
http://us.trendmicro.com/us/products/mobile-security/http://us.trendmicro.com/us/products/mobile-security/


12/12

TREND MICRO

Trend Micro, Incorporated is a pioneer in secure content and

threat management. Founded in 1988, Trend Micro provides

individuals and organizations of all sizes with award-winning

security software, hardware and services. With headquarters

in Tokyo and operations in more than 30 countries, Trend

Micro solutions are sold through corporate and value-added

resellers and service providers worldwide. For additional

information and evaluation copies of Trend Micro products

and services, visit our website at www.trendmicro.com.

2011 by Trend Micro, Incorporated. All rights reserved.

Trend Micro and the Trend Micro t-ball logo are trademarksor registered trademarks of Trend Micro, Incorporated. Allother product or company names may be trademarks orregistered trademarks of their owners.

TREND MICRO INC.

10101 N. De Anza Blvd.

Cupertino, CA 95014

US toll free: 1 +800.228.5651

Phone: 1 +408.257.1500

Fax: 1 +408.257.2003

www.trendmicro.com
http://c/Users/bernadetteca/AppData/Local/Adobe/InDesign/Version%206.0/en_US/Caches/InDesign%20ClipboardScrap.pdfhttp://c/Users/bernadetteca/AppData/Local/Adobe/InDesign/Version%206.0/en_US/Caches/InDesign%20ClipboardScrap.pdfhttp://c/Users/bernadetteca/AppData/Local/Adobe/InDesign/Version%206.0/en_US/Caches/InDesign%20ClipboardScrap.pdfhttp://c/Users/bernadetteca/AppData/Local/Adobe/InDesign/Version%206.0/en_US/Caches/InDesign%20ClipboardScrap.pdf

Documents

TREND MICRO - INTERNET BANKING - CARE FOR YOUR CASH ONLINE