BBC Click: Hackers Outwit Bank Security

BBC Click has done a report on hackers’ latest successes in bypassing the latest bank security measures in order to extract money from online bank accounts, to be shown on February 4th and 5th on the News channel (or on iPlayer).

Online banking

According to the BBC, these new hacking methods even manage to bypass the much loved* two-factor authentication methods in use by some banks (such as HSBC’s SecureKey or Barclays PINSentry). The techniques do not affect just one bank, but potentially all online banking.

The new types of threat also bypass other security software, such as anti-virus and anti-malware programmes.

This financial malware sits on your PC and alters the way online banking web pages appear, adding extra fields to forms, for example getting you to enter your whole password rather than just 2 or 3 characters as many banks now request. The malware can also change account numbers when you’re making a payment (without you knowing), and can even hide the transaction to the fraudulent account when you look through your previous transaction history.

So what can you do about it?

Short of withdrawing all your cash and stashing it under the mattress to protect it yourself, you should make sure that all of your security software is kept up-to-date (the more up-to-date it is the quicker that any fix found for the hack will get to work). You should also be vigilant of suspect transactions, and wary if transactions are taking longer than usual, or if your PC is generally running slower than it normally would (suggesting that it has picked up some resource-hogging malware from somewhere).

If in doubt, give your bank a call and check what transactions are showing on your account, and the times of account access to see if it matches our access times. The banks themselves do a lot of analysis of unusual transactions and will block and/or question them with the customer if they think it could be fraudulent.

You can also listen to details about the report on the BBC website.

Leave a Comment

Your email address will not be published. Required fields are marked *