Internet banking, mobile banking apps, online shopping... It’s convenient, modern, but not always safe.
To get their hands on your money, cybercrooks hunt for information about your card and login credentials for banking services. They have many tools at their disposal, malicious apps for computers and gadgets among others.
Since you are not likely to voluntarily infect your own device, they resort to deception, for example, by concealing malware in a pirated version of a game or a fake Flash Player update. Malware disguised as a useful app is called a Trojan.
What happens when you install such a program? It will probably disappear immediately or return an error at startup, although it may work as expected. In any case, it is bound to have some not-so-nice additional functions. Which ones exactly depends on the type of Trojan.
For example, a mobile banking Trojan lays its windows, which are exact copies or even transparent, over your bank’s official app. And when you enter your username and password in such a window, they are immediately fed to the cybercriminals.
Another malware type, a keylogger, as the name suggests, logs all keystrokes on the computer keyboard, including those performed toenter login and card details when shopping online (including the security code on the back!)/ Guess what they’ll be used for?
Smartphones and tablets usually have no physical keyboard. But attackers have found a loophole. An alternative virtual keyboard with a bunch of cheery emoticons is a great disguise for malware.
Are your bank payments protected by SMS code? This helps, but alas, not always. Some stores do not require such confirmation on payment. Besides, a smartphone-based malicious app can simply request access to SMS, and if you grant it, the attacker can receive the code instead of you, and then delete the message. You won’t even know that something went wrong!
Moreover, there are ways to trick data out of you, but we will discuss those in lesson 5. Meanwhile our next topic will be about how to protect money from all these types of malware.
Smartphones do not have a physical keyboard. Does this mean that keyloggers can’t swipe my online bank password on a smartphone?