How safe is internet banking? Online banking fraud has doubled in the first half of 2009.<\/p>\n
<\/p>\n
\n
Some customers are still falling foul of ‘phishing’ schemes i.e emails that pretend to be from a bank and then direct\u00a0customers to bogus websites where their passwords are stolen.<\/p>\n
<\/p>\n
\n
But more careful online bank customers are also suffering at the hands of underground hacking technology – ‘Keylogging’<\/strong> – and\u00a0is largely held responsible for the rise in online fraud. \u00a0Unlike Phishing, this is not an attack that alert and\u00a0sophisticated users can avoid.<\/p>\n <\/p>\n <\/p>\n \n A keylogger is a software program or a device designed to secretly monitor and log all keystrokes.<\/p>\n <\/p>\n \n Many keyloggers hide themselves in the system (i.e. they have rootkit functionality), which makes them fully-fledged Trojan\u00a0programs.<\/p>\n <\/p>\n \n Unlike other types of malicious program, keyloggers present no threat to the system itself. Nevertheless, they can pose a\u00a0serious threat to users, as they can be used to intercept passwords and other confidential information entered via the\u00a0keyboard. \u00a0So any PC – which could even be your home PC – can be vulnerable to keylogging software.<\/p>\n <\/p>\n \n Here are some simple tips you can take to prevent being the next victim of a keylogging attack – after all prevention is\u00a0definitely better than losing the money in your bank!!<\/p>\n <\/p>\n \n Tip 1 – Have a robust and updated anti virus solution running<\/strong><\/p>\n <\/p>\n \n Most antivirus companies have already added known keyloggers to their databases, making protecting against keyloggers no\u00a0different from protecting against other types of malicious program: install an antivirus product and keep its database up to\u00a0date. However, since most antivirus products classify keyloggers as potentially malicious, or potentially undesirable\u00a0programs, users should ensure that their antivirus product will, with default settings, detect this type of malware. If not,\u00a0then the product should be configured accordingly, to ensure protection against most common keyloggers.<\/p>\n <\/p>\n \n Tip 2 – Use a firewall always<\/strong><\/p>\n <\/p>\n \n Most keylogger software transmit a “I am alive” message as well as the recorded keystrokes to the bot handler. \u00a0To detect\u00a0this, install a personal firewall on your PC and keep a track of the data that is being sent by your PC to the external\u00a0world.<\/p>\n <\/p>\n \n Configure an alert whenever any data is being transmitted to internet, review the alert and block the file or port if it is a\u00a0suspicious data packet.<\/p>\n <\/p>\n \n Tip 3 – Use a virtual keyboard<\/strong><\/p>\n <\/p>\n \n Another method which can be used to protect against both keylogging software and hardware is using a virtual keyboard. A\u00a0virtual keyboard is a program that shows a keyboard on the screen, and the keys can be ‘pressed’ by using a mouse.<\/p>\n <\/p>\n \n So if your net banking login screen has a virtual keyboard use it always.<\/p>\n <\/p>\n \n The idea of an on-screen keyboard is nothing new – the Windows operating system has a built-in on-screen keyboard that can be\u00a0launched as follows: Start > Programs > Accessories > Accessibility > On-Screen Keyboard. \u00a0Unfortunately this emulates\u00a0keystrokes and sends them to the application that has focus. Even the simplest keylogger will catch all of the entries from\u00a0the On screen keyboard as though they were typed.<\/p>\n <\/p>\n \n Thus only specially designed virtual keyboards will prevent keylogging attempts …. we hope that the banks that have\u00a0deployed virtual keyboards have specifically designed it that way.<\/p>\n <\/p>\n \n Tip 4 – Check the system processes running<\/strong><\/p>\n <\/p>\n \n At weekly intervals check the system processes running by typing “msconfig” in your Run Command. \u00a0Note down the processes\u00a0that are currently running as well as the processes that are configured to automatically Start when your system boots.<\/p>\n <\/p>\n \n Investigate suspicious processes – which is easier said than done !!<\/p>\n <\/p>\n \n Unfortunately, malware processes are rarely named “evil keylogger.exe” !! Often malware, like keyloggers, have names that are\u00a0similar to other normal processes like svchost.exe, making it difficult to distinguish between a safe process and a malicious\u00a0one.<\/p>\n <\/p>\n \n Further there are quite a few keyloggers that will not show up at all in the Task Manager process list.<\/p>\n <\/p>\n \n Nevertheless, precaution is better than cure.<\/p>\n <\/p>\n \n Tip 5 – Fool the keylogger – a simple way<\/strong><\/p>\n <\/p>\n \n Another tip – as suggested by a couple of researchers at Microsoft – is to type your password in random way.<\/p>\n <\/p>\n Like if your password is \u201cyourpassword\u201d: Type \u201cpassword\u201d first then bring cursor to beginning, type \u201cyour\u201d. \u00a0This way you can\u00a0fool keyloggers.<\/p>\n <\/p>\n \n Tip 6 – Fool the keylogger – a more methodical way<\/strong><\/p>\n <\/p>\n \n The string of keys sent to the browser will often contain domain names, followed by userid and passwords.<\/p>\n For example the segment www.netbanking.xyz.comiamsafeweak123<\/em> tells the logger that user id “iamsafe” has password\u00a0\u201cweak123\u201d at www.netbanking.xyz.com<\/p>\n <\/p>\n \n So one way of fooling the keylogger is by entering random keys so that they will be seen by the keylogger, but will not\u00a0affect normal login.<\/p>\n <\/p>\n \n The trick lies in the fact that keyloggers employ very low level OS calls. The keylogger sees everything, but it doesn\u2019t\u00a0understand what it sees. The browser also sees everything, but it doesn\u2019t use everything that it sees: it does not know what\u00a0to do with keys that are typed anywhere other than the text entry fields, and lets them fall on the floor. The keylogger has\u00a0no easy way to determine which keys are used by the browser and which fall on the floor.<\/p>\n <\/p>\n \n Between successive keys of the password enter random keys. The string that the keylogger receives will contain\u00a0the password, but embedded in so much random junk that discovering it is not feasible.<\/p>\n <\/p>\n \n Here is the method:<\/p>\n <\/p>\n \n Navigate to the login page desired;<\/p>\n Type in the userid;<\/p>\n <\/p>\n \n In the password field enter the first character of the password, then click somewhere outside the password field on a text\u00a0(not a hyperlink) and enter some random characters, then click again on the password text field enter a few password\u00a0characters and repeat this process.<\/p>\n <\/p>\n \n The browser will ignore the random characters entered outside the password field, but the text that the keylogger will record\u00a0will be something like<\/p>\n www.netbanking.xyz.comiamsafewrfeolsdfadjflkrefj1sdfsd2dfvjl3flsdlf<\/em><\/p>\n <\/p>\n \n It involves typing random characters between successive characters of the password, and changing focus to and from the\u00a0password field using the mouse.<\/p>\n <\/p>\n Follow these tips and have a safe online banking experience.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" How safe is internet banking? Online banking fraud has doubled in the first half of 2009. Some customers are still falling foul of ‘phishing’ schemes i.e emails that pretend to be from a bank and then direct\u00a0customers to bogus websites where their passwords are stolen. But more careful online bank customers are also … <\/p>\n