We are naturally very interested in the security of our clients’ finances and their internet banking. This is why we have prepared a few recommendations on how to avoid any potential unpleasant situations.
Phishing refers to a method of obtaining sensitive data (passwords, credit card numbers, etc.) on the Internet. It consists in sending email messages, usually written in bad Czech or in English, which look like an official request from the bank or from a similar institution. The addressees are asked to enter their personal data on a linked website. Such a website may, for example, imitate the internet banking login window, where the user enters his or her login name and password. By doing this, the user divulges these details to the attackers, who are then able to use them and freely dispose of the account.
A more insidious form of Phishing, which helps the attackers to obtain sensitive data. The attacker redirects the client to a fake website (e.g. IBS) and thus tricks the user into divulging his or her login details. Such websites are usually unrecognisable from the real website of the bank. Not even experienced users can reliably spot the difference (in contrast to phishing, a similar method).
Most common tricks used in fraudulent e-mails:
How to protect yourself against Phishing and Pharming
Social engineering, in the context of information security, refers to psychological manipulation of people into believing the attacker is a different person with the goal of making them perform certain actions or divulge confidential information. These methods involve the attacker trying to persuade the victim to divulge an important information. For example, a password may be disclosed to somebody who calls the victim on the phone, posing as the system administrator.
Aside from standard mail, social engineering attacks are most commonly performed using telephone or the Internet (email, chat, Facebook). Experienced social engineers may carry out “face to face” attacks. If the attacker knows his victim personally, he may guess the victim’s password on the basis of the information he gathered about the person. Typically, he tries details such as place of birth, nickname, the name of a village where the victim has a summer house, name of the victim’s dog, etc.
Social engineers take advantage of people’s common traits, such as their trust in other people, occasional laziness, inability to spot minor differences, the willingness to help others, and fear of getting into trouble. If the attacker has a vested interest in the success of the attack, he may dedicate a longer period of time to building confidence.
How to defend yourself against Social Engineering
In case the attacker poses as a figure of authority, ask for further details.
Skimming refers to a way of obtaining data from the magnetic strip of a card using a reader device, without the user being aware of this. The data are subsequently used to produce a counterfeit card. The reader device, i.e. the scanner, is placed directly on the payment terminal. It consists of a part which reads data from the payment card and a part enabling it to obtain the PIN. Both have to be obtained for the attackers to be able to produce a counterfeit and freely use it. You can encounter skimming not only at ATMs, but also during payment in bars, restaurants, at petrol stations, etc.
How to protect yourself:
How does it work?
The fraudulent reader device is placed over the original device
The device scans the card data while the camera records your PIN number being entered
The device is then connected to a PC to which your card data are downloaded
The internet is full of hackers and fraudsters who want to obtain sensitive data, login details and payment card information by means of creating fake websites, by intercepting communications, or otherwise. You can defend yourself against them by using the SSL certificate, which makes sure the communications are encrypted. The certificate also serves to positively identify specific servers.
How to verify the website’s security
If the URL address of a website starts with https://, this means the communication between the browser and the server is secure (encrypted).
Symbol indicating an invalid certificate
The security and validity of a certificate may be verified in the browser by clicking on the lock symbol in the address bar, where you can find more details about the certificate.
The certificate details contain information on the owner, the certification authority, and technical information on the connection with the server and the name of the server ( www.equabanking.cz).
This is what the address bar in your browser should look like during login into the internet banking:
In addition to the guidelines for protection of your login details in the internet banking, please observe the following advice
while using the mobile banking: