Scary new banking scams
Scammers have developed a new way to control your computer remotely. And that can only be bad news for your bank balance.
It sounds like something from a James Bond movie.
Eastern European criminals ‘harvesting’ thousands of computers across the UK, infected with a special virus allowing them to control the computer and access all sorts of personal information.
But don’t expect Daniel Craig to come to the rescue – this banking scam is very, very real.
The scam all revolves around the Zeus 2 botnet – again, sounding like something straight out of a Hollywood script –a Trojan which sits in your computer system.
However, while previous forms of Trojan simply stole your usernames and passwords for certain sites, this botnet goes much further, tracking login information to banks, credit and debit card numbers, account types plus balances, bank statements, browser cookies, client side certificates, login information for email accounts and social networks and even FTP passwords.
This means the scammers have even more information about victims of the botnet, making them even more vulnerable. In fact it even allows the scammers to control your computer system remotely!
The UK has borne the brunt of this particular botnet, accounting for 98% of the affected computers, most likely because we have a particularly developed online banking culture.
However, with various forms of Zeus in operation worldwide, the number of infected machines worldwide runs into the millions.
What makes it all the more incredible is that there is nothing actually illegal about developing a Trojan like Zeus 2, nor is there anything wrong with selling a Trojan. And yet it is illegal to use a Trojan.
According to Trusteer, a provider of secure browsing services who discovered Zeus 2, the best thing we can do to protect ourselves is to follow the security advice of our individual banks, particularly if they offer secure online banking software, which is specifically designed to defend against malware like Zeus 2.
However, it’s not just Zeus 2 you need to be wary of – there are plenty of other banking scams which will see severely you out of pocket.
If you’re anything like me then you’ll tend to have a whole bunch of tabs open when you’re browsing the internet. I just function better in a state of organised chaos.
Follow these top tips to protect yourself against ID fraud
However, it’s people like me that are most at risk from tab napping (I know it should really be called tab nabbing, but sadly I didn’t get to name this particular scam).
It works by replacing a tab which has been inactive for a while with a fake page, designed to fool you into filling out some personal data. It seems extraordinary to think that the scammers can actually tell whether you have left a page inactive for a while, but they can.
So if you’ve logged onto your bank’s site, but then left the page for a while to look at a different site, when you return to the bank’s page everything may look as you left it. However, malicious code may have transformed it into a fake version which looks near enough identical.
Thankfully there are some simple things you can do to protect yourself. Always check the URL of any webpage before you fill in your details. You should also make sure the address starts with https://, which signals that it is a secure page, while keeping your tab opening to a minimum will also help.
Chip & PIN
Researchers at Cambridge University have uncovered a fundamental flaw in the Chip & PIN system, which would allow scammers to use your credit or debit card in shops, irrespective of whether they know the correct PIN.
Related blog post
The ‘man in the middle’ trick would involve two scammers – one paying for the goods at the till, and another within the store, with a separate card reader in a backpack or bag. The scammer with the stolen or cloned card would proceed as normal, but the second scammer would use the separate card reader to send a ‘pin ok’ signal to the shop’s own system.
Incredibly, the researchers reckon they have tried the trick out many times and succeeded, though the banks remain sceptical that it is either practical or possible.
Either way, the one way to be sure that you are not losing out in this way is to keep on top of what’s happening with your bank accounts so that you aren’t met with any unpleasant surprises. Should a suspicious transaction appear on your statement you will then be able to raise it with your bank and get to the bottom of it, hopefully cutting off the scammers before they run riot with your bank account.
It’s rare for a day to pass without an email appearing in my inbox offering me a loan. No doubt some of them are genuine marketing attempts, but there is a growing problem of fake loans in the UK.
With a fake loan, you’ll be contacted, whether by phone or email, and offered a very competitive loan. However, in order to get the loan you’ll need to pay a set-up or administration fee. Of course, there is no loan, there’s no actual loan company either, and you end up out of pocket.
However, these fake loans don’t always ask for a fee – sometimes they are merely a front for a phishing scam, where they just want your bank account details. This form of fake loan can lead to far greater financial loss.
To protect yourself, remember to never shell out on an upfront fee – conventional firms don’t operate like this. And avoid handing over any details to firms that have contacted you, rather than you going to them.
This is a classic article which has been updated.