magazine
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
A SCAM-SPOTTER’S GUIDE:<br />
THINGS YOUR BANK<br />
WILL NEVER DO – BUT<br />
CYBERCRIMINALS WILL<br />
By Rob Waugh, We Live Security contributor<br />
Technologies change, but cybercriminals<br />
will always dream up new ways to fool<br />
you into handing over your bank details,<br />
whether via phishing emails, SMS or phone.<br />
These days cybercriminals will use phone calls<br />
and even couriers in an effort to get your money.<br />
Many of these attacks can seem very convincing.<br />
The key to staying safe is to recognize behavior<br />
that isn’t quite “right”. Here are some things a<br />
bank will never do – but a phisher, or thief, will.<br />
Text asking for details to “confirm” it’s you<br />
Your bank may well text you, for instance to<br />
confirm an online transaction, but bank texts<br />
will not, ever, ask you to confirm details such as<br />
passwords. Banks also won’t update their apps<br />
via text message. If you’re suspicious, don’t click<br />
links, don’t call any numbers in the text. Instead,<br />
call your bank on its “normal” number – Google it<br />
if you don’t know – and check whether the text is<br />
from them.<br />
Give you a deadline of 24 hours before your<br />
bank account erases itself<br />
Many legitimate messages from your bank will<br />
be marked “urgent”, particularly those related<br />
to suspected fraud, but any message with a<br />
deadline is suspicious. Cybercriminals have<br />
to work fast – their websites may be blocked<br />
rapidly – and need you to click without thinking.<br />
Banks just want you to get in touch.<br />
Send you a link with a “new app”<br />
Your bank will not distribute apps in this way –<br />
instead, download from official app stores, and<br />
ensure yours is up to date. Advanced malware<br />
can compromise both PCs and smartphones,<br />
bypassing bank security systems.<br />
Use shortened URLs in an email<br />
Cybercriminals use a variety of tricks to make<br />
a malicious Web page appear more “real” in an<br />
email that’s supposedly from your bank – one<br />
of the most basic is URL-shortening services.<br />
Don’t ever click a shortened link. Go to the bank’s<br />
Website instead (the usual URL you use), or call<br />
them.<br />
Send a courier to pick up a “faulty” card<br />
The courier scam is a new one – your phone<br />
rings, it’s your bank, and they need to replace a<br />
faulty bank card. The bank tells you that a courier<br />
will arrive shortly. A courier turns up, asks for<br />
your PIN as “confirmation”, and your money<br />
vanishes. If your card is faulty, a real bank will<br />
instruct you to destroy it.<br />
Call your landline and “prove” it’s the bank<br />
by asking you to call back<br />
A common new scam is a phone call from either<br />
“the police” or “your bank”, saying that fraudulent<br />
transactions have been detected on your card.<br />
The criminals will then “prove” their identity by<br />
“hanging up” and asking you to dial the real bank<br />
number – but they’ve actually just played a dial<br />
tone, and when you dial in, you’re talking to the<br />
same gang member, who has remained on the<br />
phone, waiting, and who will then ask for credit<br />
card details and passwords.<br />
36 welivesecurity.com