Saturday, 14 July 2012

How To Bank Online Securely

The internet has brought us many convenience in life like free communication and the ability to express ourselves freely. It automates our tasks and doesn't necessarily transact physically especially in the financial world. We can do most or all of the time consuming process online saving us time, effort and money!

But like any other useful tools, it can be a source of frustration as well, like loss of money online.  The good news is, there is a way to avoid this problem, as this requires at least a user input, like phishing, where the author redirects your click to a similar looking bogus site.  Phishing writers are innovative, they are many steps ahead of the ordinary users.

How can we outsmart them?

The coders can change a legitimate URL link to a rogue site that has been infected. Try clicking the examples below(don't worry, they are not redirected to infected or phishing sites). The same legitimate URL address   www.yahoo.com   but of different landing pages.


So which one gives you the real yahoo page?

If fact, it is so easy to fool ordinary users and one weapon we must have to defend us from this is a little knowledge of URL's, we must know the landing page before we click it. How?

1. Hover your mouse over the link in querry or any suspicious link and you can see at the bottom of your browser, the destination URL. If the destination URL does not make sense, then do not proceed to click. Or take step two.

Clicking the first address link above will redirect you to gmail.


Example1

A phishing attempt email from "Natwest". The email sender has a user name "Natwest". The email address doesn't make sense as the domain name is clara.co.uk, instead of natwest.co.uk or natwest.com. The content is way out from the legitimate email formats from natwest, and the url destination is very obvious it is not going to the bank's website.


Example 2

The second email (Abbey National, part of Santander Group) I received seems like coming from a legitimate email address and the author also provided a secured https address, hoping I will fall into his trap. But by hovering the mouse over the address reveals the destination page.


2. Scan site's URL.

There are also URL's that can hide their destination page, and URL's with long codes and short links as well. These can be legitimate or a dodgy site and you will not know until you have clicked the link, and your computer became infected or you have just provided the hackers your banking details before you've realised. Before you are tempted to click, you can check this with an online tool  at www.virustotal.com . Just click scan URL (to enable URL search, the default is file scan) to start with before you copy and paste the URL into the search window. Scanned below is the URL of the second email from "Santander's Abbey National".






The tool uses many anti-virus popular engines to do the scans like AVG, Bitdefender, Comodo , Sophos, Websense, and many more.

From the email link that has been scanned above, here's the result.


The scanning tool can be added to browsers like internet explorer, firefox and chrome. How ? Go to the site www.virustotal.com and click documentation, at the Browser Extension click Virus Total browser extension, choose your browser and add the virustotal tool extension.

Below is VTextension for Chrome.



Once installed, an icon appears at the top right portion of the browser.


To use it, right click a questionable or suspicious link and scan with virustotal.








1 comment:

  1. I am really excited to know how to do banking online securely. I think that having the right information on doing banking online would be a such a great opportunity. I think that it would be less hassle than going to the bank directly.

    ReplyDelete

ShareThis

Popular Posts