We are naturally very interested in the security of our clients’ finances and their internet banking. This is why we have prepared a few recommendations on how to avoid any potential unpleasant situations.
Phishing is a fraudulent technique that hackers use to install harmful programs (malware) on your computer or mobile phone or to extract sensitive data (passwords, credit card numbers, bank account numbers, birth numbers, etc.) from you. Most often, fraudulent e-mails ask you to click on a link or open an attachment. These messages may be written in English or Czech. These days many of the Czech messages are very well written, i.e. the text is of a high standard. Taking advantage of the vulnerability of computers, hackers can launch a web camera or microphone remotely or become the administrator of your PC, just by having you click on a link that has a virus.
Who sent you the message?
Content of message
Social engineering, in the context of information security, refers to psychological manipulation of people into believing the attacker is a different person with the goal of making them perform certain actions or divulge confidential information. These methods involve the attacker trying to persuade the victim to divulge an important information. For example, a password may be disclosed to somebody who calls the victim on the phone, posing as the system administrator.
Aside from standard mail, social engineering attacks are most commonly performed using telephone or the Internet (email, chat, Facebook). Experienced social engineers may carry out “face to face” attacks. If the attacker knows his victim personally, he may guess the victim’s password on the basis of the information he gathered about the person. Typically, he tries details such as place of birth, nickname, the name of a village where the victim has a summer house, name of the victim’s dog, etc.
Social engineers take advantage of people’s common traits, such as their trust in other people, occasional laziness, inability to spot minor differences, the willingness to help others, and fear of getting into trouble. If the attacker has a vested interest in the success of the attack, he may dedicate a longer period of time to building confidence.
How to defend yourself against Social Engineering
In case the attacker poses as a figure of authority, ask for further details.
Skimming refers to a way of obtaining data from the magnetic strip of a card using a reader device, without the user being aware of this. The data are subsequently used to produce a counterfeit card. The reader device, i.e. the scanner, is placed directly on the payment terminal. It consists of a part which reads data from the payment card and a part enabling it to obtain the PIN. Both have to be obtained for the attackers to be able to produce a counterfeit and freely use it. You can encounter skimming not only at ATMs, but also during payment in bars, restaurants, at petrol stations, etc.
How to protect yourself:
How does it work?
The fraudulent reader device is placed over the original device
The device scans the card data while the camera records your PIN number being entered
The device is then connected to a PC to which your card data are downloaded
The internet is full of hackers and fraudsters who want to obtain sensitive data, login details and payment card information by means of creating fake websites, by intercepting communications, or otherwise. You can defend yourself against them by using the SSL certificate, which makes sure the communications are encrypted. The certificate also serves to positively identify specific servers.
How to verify the website’s security
If the URL address of a website starts with https://, this means the communication between the browser and the server is secure (encrypted).
Symbol indicating an invalid certificate
The security and validity of a certificate may be verified in the browser by clicking on the lock symbol in the address bar, where you can find more details about the certificate.
The certificate details contain information on the owner, the certification authority, and technical information on the connection with the server and the name of the server ( www.equabanking.cz).
This is what the address bar in your browser should look like during login into the internet banking:
In addition to the guidelines for protection of your login details in the internet banking, please observe the following advice while using the mobile application: