As the popularity of online transactions is on the rise, so are the
attempts by unscrupulous entities to defraud you and make good with your
money. Here are some common ways of defrauding the online citizenry and
some must-have precautions when you are transacting online.
Phishing
Most
financial (banking, credit/debit card) hack attacks start with
'phishing' - a term given to an online scam where fraudsters steal a
victim's personal information by sending out emails that appear to have
originated from legitimate financial institutions, mostly banks. These
emails usually state that the user needs to urgently update or validate
his/her account information after clicking on a link in the email. The
link, however, leads the victim to a fraudulent website.
The
information that is sought usually includes data such as usernames,
passwords , bank account and credit card numbers, card expiry date, etc.
Once the user enters his/her details there, the scammer comes in
possession of information that can then be used to carry out bank
transactions. Sometimes phishing emails also come with an attachment
that automatically downloads malware onto computers. This malware could
possibly record keystrokes , and steal critical data like logins and
passwords without the user knowing. This information is then
automatically sent to the scammer via the internet whenever the malware
finds an open internet connection.
Pharming
This tactic is a
bit more sophisticated . Here, a victim is sent to a fraudulent site by
employing the use of a computer virus, which could possibly have
originated from a phishing email.
Websites are identified on the
internet by way of their IP address. So whenever a user types in a URL,
such as www.mybank.com, that address is translated into an IP address
via a DNS server on the internet.
Now after a user visits a
website for the first time, the DNS entry for that site is usually
stored on his PC's local cache so that his machine does not have to keep
accessing the DNS server every time for the same website.
In
pharming, a virus attacks the DNS cache and then modifies the entries
there so the user is automatically led to a fraudulent site without him
even knowing it. After that, it's scamming as usual, where the user is
prompted for his login and password.
It should be noted that some
pharming scams also attack DNS servers, but these cases are rare
because these servers are usually well protected against such attacks.
Skimming
One
of the ways that credit and debit cards can be compromised at points of
purchase is by using a skimming device. This is a pocket sized scanner
that is usually attached over the card reader. After that, when a
customer swipes a credit or debit card, the skimming device secretly
records the card's information. That information is then transmitted to
the scammers or stored on the device. The crooks later retrieve the
device and use the information to create duplicate cards, or to make
online transactions.
No comments:
Post a Comment