Friday, November 19, 2010

Online Banking Phishing Alert

This is true not just on online banking but all PHISHING ALERT.

Most reported phishing attempts are being carried out with malware (malicious software). Malware can infect a computer without the user even knowing it; for example, if the user opens an infected email or visits a website compromised by malware. Once the malware has infected a computer, it can generate web pages that look like legitimate bank websites. In this particular case, the malware modifies the Online Banking login process with an additional web page stating that the computer cannot be identified. The user is then asked to enter credit card information to continue.

The web page that requests the credit card information appears to originate from the legitimate Online Banking site with the correct web address (or URL) and security certificate information. However, this page is generated by the malware and has absolutely no connection the real Online Banking site. The web page’s only purpose is to collect the user’s data in order to commit fraud.

There are several steps you can take to protect yourself from this kind of phishing attempt:
Make sure the anti-virus/anti-malware software running on your computer is up-to-date. This software can help identify and prevent viruses and malware from being installed on your computer.
Follow the normal Online Banking login process and STOP if something seems unusual.
When you login to Online Banking, most login will first request your user ID.
You will then be directed to a page with a picture and a passphrase known only by you. If the picture and passphrase are incorrect, STOP.
If the picture and passphrase are correct, you will then be asked to enter your password, and potentially the answers to some challenge questions to register your computer.
Providing a credit card number to login to Online Banking would be unusual, since providing that information is not part of the normal Online Banking login process.
Be suspicious of unprompted pop-up windows that appear without clicking on a website link.
Always completely log out of Online Banking and other sensitive online applications before going to other websites. This helps ensure that Online Banking sessions do not remain active.
Let the establishment/bank know right away if you notice anything unusual about your Online Banking experience.