Scary new banking scams

Scammers have developed a new way to control your computer remotely. And that can only be bad news for your bank balance.

It sounds like something from a James Bond movie.

Eastern European criminals ‘harvesting’ thousands of computers across the UK, infected with a special virus allowing them to control the computer and access all sorts of personal information.

But don’t expect Daniel Craig to come to the rescue – this banking scam is very, very real.

Zeus 2

The scam all revolves around the Zeus 2 botnet – again, sounding like something straight out of a Hollywood script –a Trojan which sits in your computer system.

However, while previous forms of Trojan simply stole your usernames and passwords for certain sites, this botnet goes much further, tracking login information to banks, credit and debit card numbers, account types plus balances, bank statements, browser cookies, client side certificates, login information for email accounts and social networks and even FTP passwords.

This means the scammers have even more information about victims of the botnet, making them even more vulnerable. In fact it even allows the scammers to control your computer system remotely!

Targeting us

The UK has borne the brunt of this particular botnet, accounting for 98% of the affected computers, most likely because we have a particularly developed online banking culture.

However, with various forms of Zeus in operation worldwide, the number of infected machines worldwide runs into the millions.

What makes it all the more incredible is that there is nothing actually illegal about developing a Trojan like Zeus 2, nor is there anything wrong with selling a Trojan. And yet it is illegal to use a Trojan.

Protecting yourself

According to Trusteer, a provider of secure browsing services who discovered Zeus 2, the best thing we can do to protect ourselves is to follow the security advice of our individual banks, particularly if they offer secure online banking software, which is specifically designed to defend against malware like Zeus 2.

However, it’s not just Zeus 2 you need to be wary of – there are plenty of other banking scams which will see severely you out of pocket.

Tab napping

If you’re anything like me then you’ll tend to have a whole bunch of tabs open when you’re browsing the internet. I just function better in a state of organised chaos.

Follow these top tips to protect yourself against ID fraud

However, it’s people like me that are most at risk from tab napping (I know it should really be called tab nabbing, but sadly I didn’t get to name this particular scam).

It works by replacing a tab which has been inactive for a while with a fake page, designed to fool you into filling out some personal data. It seems extraordinary to think that the scammers can actually tell whether you have left a page inactive for a while, but they can.

So if you’ve logged onto your bank’s site, but then left the page for a while to look at a different site, when you return to the bank’s page everything may look as you left it. However, malicious code may have transformed it into a fake version which looks near enough identical.

Thankfully there are some simple things you can do to protect yourself. Always check the URL of any webpage before you fill in your details. You should also make sure the address starts with https://, which signals that it is a secure page, while keeping your tab opening to a minimum will also help.

Chip & PIN

Researchers at Cambridge University have uncovered a fundamental flaw in the Chip & PIN system, which would allow scammers to use your credit or debit card in shops, irrespective of whether they know the correct PIN.

Related blog post

The ‘man in the middle’ trick would involve two scammers – one paying for the goods at the till, and another within the store, with a separate card reader in a backpack or bag. The scammer with the stolen or cloned card would proceed as normal, but the second scammer would use the separate card reader to send a ‘pin ok’ signal to the shop’s own system.

Incredibly, the researchers reckon they have tried the trick out many times and succeeded, though the banks remain sceptical that it is either practical or possible.

Either way, the one way to be sure that you are not losing out in this way is to keep on top of what’s happening with your bank accounts so that you aren’t met with any unpleasant surprises. Should a suspicious transaction appear on your statement you will then be able to raise it with your bank and get to the bottom of it, hopefully cutting off the scammers before they run riot with your bank account.

Fake loans

It’s rare for a day to pass without an email appearing in my inbox offering me a loan. No doubt some of them are genuine marketing attempts, but there is a growing problem of fake loans in the UK.

With a fake loan, you’ll be contacted, whether by phone or email, and offered a very competitive loan. However, in order to get the loan you’ll need to pay a set-up or administration fee. Of course, there is no loan, there’s no actual loan company either, and you end up out of pocket.

However, these fake loans don’t always ask for a fee – sometimes they are merely a front for a phishing scam, where they just want your bank account details. This form of fake loan can lead to far greater financial loss.

To protect yourself, remember to never shell out on an upfront fee – conventional firms don’t operate like this. And avoid handing over any details to firms that have contacted you, rather than you going to them.

Use lovemoney.com's free online banking service to access all your accounts and credit cards with a single secure log-in

This is a classic article which has been updated.

More: Avoid these sneaky charges on holiday! | Live longer with these budget tips!

Comments


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.