21.04.2015 Views

magazine

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

A SCAM-SPOTTER’S GUIDE:<br />

THINGS YOUR BANK<br />

WILL NEVER DO – BUT<br />

CYBERCRIMINALS WILL<br />

By Rob Waugh, We Live Security contributor<br />

Technologies change, but cybercriminals<br />

will always dream up new ways to fool<br />

you into handing over your bank details,<br />

whether via phishing emails, SMS or phone.<br />

These days cybercriminals will use phone calls<br />

and even couriers in an effort to get your money.<br />

Many of these attacks can seem very convincing.<br />

The key to staying safe is to recognize behavior<br />

that isn’t quite “right”. Here are some things a<br />

bank will never do – but a phisher, or thief, will.<br />

Text asking for details to “confirm” it’s you<br />

Your bank may well text you, for instance to<br />

confirm an online transaction, but bank texts<br />

will not, ever, ask you to confirm details such as<br />

passwords. Banks also won’t update their apps<br />

via text message. If you’re suspicious, don’t click<br />

links, don’t call any numbers in the text. Instead,<br />

call your bank on its “normal” number – Google it<br />

if you don’t know – and check whether the text is<br />

from them.<br />

Give you a deadline of 24 hours before your<br />

bank account erases itself<br />

Many legitimate messages from your bank will<br />

be marked “urgent”, particularly those related<br />

to suspected fraud, but any message with a<br />

deadline is suspicious. Cybercriminals have<br />

to work fast – their websites may be blocked<br />

rapidly – and need you to click without thinking.<br />

Banks just want you to get in touch.<br />

Send you a link with a “new app”<br />

Your bank will not distribute apps in this way –<br />

instead, download from official app stores, and<br />

ensure yours is up to date. Advanced malware<br />

can compromise both PCs and smartphones,<br />

bypassing bank security systems.<br />

Use shortened URLs in an email<br />

Cybercriminals use a variety of tricks to make<br />

a malicious Web page appear more “real” in an<br />

email that’s supposedly from your bank – one<br />

of the most basic is URL-shortening services.<br />

Don’t ever click a shortened link. Go to the bank’s<br />

Website instead (the usual URL you use), or call<br />

them.<br />

Send a courier to pick up a “faulty” card<br />

The courier scam is a new one – your phone<br />

rings, it’s your bank, and they need to replace a<br />

faulty bank card. The bank tells you that a courier<br />

will arrive shortly. A courier turns up, asks for<br />

your PIN as “confirmation”, and your money<br />

vanishes. If your card is faulty, a real bank will<br />

instruct you to destroy it.<br />

Call your landline and “prove” it’s the bank<br />

by asking you to call back<br />

A common new scam is a phone call from either<br />

“the police” or “your bank”, saying that fraudulent<br />

transactions have been detected on your card.<br />

The criminals will then “prove” their identity by<br />

“hanging up” and asking you to dial the real bank<br />

number – but they’ve actually just played a dial<br />

tone, and when you dial in, you’re talking to the<br />

same gang member, who has remained on the<br />

phone, waiting, and who will then ask for credit<br />

card details and passwords.<br />

36 welivesecurity.com

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!