Dubious e-mails trigger online scams

A few years ago, automated teller machines (ATMs) were targets of crime, either by physically accosting ATM card users while they were withdrawing money from the machines, or by stealing the card details of unsuspecting bank clients.

These days, with banks stepping up their campaign to protect ATM users by ensuring that their machine withdrawal premises are well lighted, equipped with surveillance cameras, and generally secure from knife-wielding or gun-toting hoodlums, the scene of the crime has shifted elsewhere – and in a more intense way.

These days, banking security is no longer simply concerned with emboldened armed robbery attacks. Cyber-based crime has become more sophisticated, many of them going after big corporations and individual account holders with hefty balances.

Zeus mastermind

Recently, cybercrime police caught up with one of the world’s most malevolent hackers for stealing millions of dollars from online bank accounts. He had been on the run after being tagged by security experts as a big operator of a botnet powered by the Zeus Trojan horse.

Just 24 years old, Algeria-born hacker Hamza Bendelladj is being tried for his crime after successfully launching the Zeus botnet in thousands of unsuspecting online bank users’ accounts through fake e-mails, more popular of which were [email protected] and [email protected].

Bendelladj, a computer sciences graduate from a university in Algeria in 2008, successfully siphoned off money from private accounts in 217 banks and financial companies worldwide through the Zeus botnet that he unleashed.

What this young man single-handedly did is what gives bank security experts sleepless nights.

According to Wikipedia, a botnet is a “collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an IRC channel, or it could be used to send spam e-mail or participate in DDoS attacks. The word botnet stems from the two words robot and network.”

Zeus definitely belongs to the bad botnet category, usually coming from fake e-mails that unsuspecting users respond to, which in turn leaves botnets that plumb their computers for online banking transactions details. 

Doing our bit

While bank security experts are frantically trying to clean up the mess that the Zeus bug is wreaking, you and I have also a role to fulfill to keep this cybercrime from spreading and doing more damage and losses.

Here are some handy tips that which.co.uk suggests:

“1) First of all, make sure your computer or laptop is protected with a good security software program and anti-virus software. Keep them all, along with your browser, up-to-date.

“2) Different banks have different security measures for online banking but if you have to set up a password, make sure it is a mixture of letters and numbers and is different from an email password. If you access your email from an insecure computer, scammers could steal your password details and use them to access your account. Also, don’t write your passwords down in full or share them with anyone.

“3) Never disclose personal details, such as your password, on email or over the phone unless, of course, it is one you have agreed with your bank for telephone banking.

“4) However, if you receive a call or email from your bank which you weren’t expecting, treat it with suspicion regardless of the apparent name of the organization contacting you. Never follow a link from an email purporting to be from your bank or open an email from an unknown source as it may contain a virus.

Look for the padlock symbol

“5) Before entering your account details into a website, make sure there is a padlock symbol in your browser and that the web address changes from starting with ‘http’ to ‘https’ – this means the connection is secure.

“6) If you have a wireless network at home, make sure you have activated the security settings on your wireless router to make it secure and prevent others accessing it.

“7) Avoid accessing your bank account from a public computer or unsecured wireless network. If you do use a public computer, never leave it unattended when logged in and always log out properly when you’ve finished your banking session.

“8) If you experience any problems logging on, telephone your bank, don’t send an email.

Postings at social network

“9) Avoid posting personal information like your email address, date of birth and phone number on social network websites like Facebook and Twitter. Only accept friend requests from people you know. Someone posing as an interesting person asking to become friends may actually be an ID thief. Check your privacy settings carefully and make sure only people you trust can view your profile.

“10) Regularly check your bank account and credit card statements for suspicious transactions. If you spot something unfamiliar, report it to your bank or card provider as soon as you can.”

Victimized bank account

What do you do if your bank account is a victim of fraud? From our web source again:

“If you think you’ve been a victim of online banking or ID fraud, notify your bank as soon as possible.

“Banking regulations say that a bank can only refuse a refund for an unauthorized transaction if it can prove you authorized the transaction or that you acted fraudulently or were grossly negligent in failing to protect your Pin and password.”

Cybercrime on banking transactions can be mitigated if we all do our part.

Facebook and Twitter

We are actively using two social networking websites to reach out more often and even interact with and engage our readers, friends and colleagues in the various areas of interest that I tackle in my column. Please like us at www.facebook.com and follow us at www.twitter.com/ReyGamboa.

Should you wish to share any insights, write me at Link Edge, 25th Floor, 139 Corporate Center, Valero Street, Salcedo Village, 1227 Makati City. Or e-mail me at [email protected]. For a compilation of previous articles, visit www.BizlinksPhilippines.net.