Online Banking

Online Banking can also be referjan16red as Internet Banking. It is the practice of making bank transactions or paying bills through the internet. We can do all financial transactions by sitting at home or office. Online banking can be used for making deposits, withdrawals or  we can even  use it for paying bills online. The benefit of it is the convenience for customers to do banking transactions .  The customers need not wait for bank statements, which arrive by e-mail to check their account balance. They can check their balance each and every day by just logging into their account.  They can catch the discrepancies in the account and can act on it immediately.

Risks

Link Manipulation

Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of sub domains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the Attacker Database of the your bank website; actually this URL points to the "yourbank" (i.e. phishing) section of the Attacker Database website.

Filter Evasion

Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails.

phishing imagePhishing Attacks

An e-mail message from a large online retailer or Internet Bank website announces that  your accountg has been compromised and need to be updated and givbes the link to update the same. So you follow a link in the message, if you click on the link it leads  to the website that is as similar as original website, it is spoofed login page. If you give the account details that will be redirected to the attacker and it might be misused.

Malware attacks

Attackers try to send the malware through attachments , try to trap you by sending false emails with attachments saying to update your account information.

Example:

Clampi Virus Targets Users at Banks and Credit Card Sites

Keeping up with the latest Web security threats is a daunting task, because viruses and Trojans emerge, evolve, and spread at an alarming rate. While some infections like Nine Ball, Conficker, and Gumblar have hit the scene and immediately become the scourge of the cyber security world, others take their time -- quietly infiltrating more and more computers before revealing the true depth of the danger they pose.

One such slow grower is Clampi, a Trojan that made its debut as early as 2007 (depending on who you ask) but is only now raising hairs outside professional security circles. Clampi primarily spreads via malicious sites designed to dispense malware, but it's also been spotted on legitimate sites that have been hacked to host malicious links and ads. Using these methods, Clampi has infected as many as half a million computers, Joe Stewart, of Secure Works, told a crowd at the Black Hat Security Conference in July, USA Today reports.
Once installed on a PC, the Trojan quietly waits for you to visit a credit card or banking Web site. When it detects you're on one of the roughly 4,600 financial Web sites it's trained to watch, it records your username and password, and feeds that information back to the criminals. Clampi can even watch for network login information, allowing it to spread quickly through networked PCs (e.g., those in an office). In fact, it seems that businesses have been the primary target of Clampi so far. According to the Times Online, in July, an auto parts shop in Georgia was robbed of $75,000 when criminals stole online banking information using Clampi. The Trojan was also used to infiltrate computers for a public school district in Oklahoma and submit $150,000 in fake payroll payments. 

Tips

  • Never click web links in your e-mail and no bank will ask you to update the accounts through online.
  • Never provide personal information including your passwords, credit card information, account numbers to unknown persons.
  • Never keep username, account name and passwords at one place. Always try to remember passwords.
  • Always use phishing filters at your Internet browser.
  • Do not click any images in the web sites if you are unsure.
  • Confirm whether email is received from bank or not.
  • Be cautious while providing bank details via online, before proceed further confirm with bank about the email you received. Think that if something is important or urgent why don’t bank calling me instead of sending email?
  • Delete all cookies and history file before you perform online trasactions.
  • Always use virtual keyboard while accessing online banking.
  • Delete all the history and cookies once you are done with online transactions.
  • Avoid accessing online banking in cybercafes.

Address

Centre for Development of Advanced Computing, (C-DAC)
Plot No. 6 & 7, Hardware Park, Sy No. 1/1, Srisailam Highway, Pahadi Shareef Via Keshavagiri (Post) Hyderabad - 500005

Phone

Phone: 040-23737124/25
Mobile: 040-23737124/25

TollFree

1800 425 6235

Email Address

isea[at]cdac[dot]in