Security Tips To Protect Your Money From Online Fraud

This is the era of internet and everything is available online. Books, outfits, things of daily need and even food is available online. To save their time people prefers online shopping. They are doing payments online using their credit cards. This is an advantage for all. On other hand, it has also invited to cyber crime. Hackers can steal user's credentials by using their highly programmed scripts and many other illegal activities. Online fraud is very easy for cyber criminals because they have no need to physically fit for it, only high level social skills and great programming skills are required to them. Lying on a bed, criminals can release malware, fake websites and phishing to steal the credit card details of any user. To use the credentials of credit card securely, is the responsibility of user.

1. Do not tell anybody about your internet banking login credentials . CVV code and PIN code of your credit card is very sensitive information. If you got any email and message which is demanding for your credit card information, it is a trap set by the criminals. Do not respond it. This technique is called phishing. Criminals may also call you on the behalf of bank manager and may ask about your PIN Code, here you need to understand that banks will never do these type of activities because they have metadata of all the users.

2. Never store your passwords on browsers because criminals can steal cookies by spreading malware. Always log out your financial accounts after using them. Do not use these type of financial services on public wifi or cafes etc. If you want to do then use private browsing option.

3. Make sure that, the website on which you are going to enter your credit card information is a real website? Always take services from trusted websites which are using “https” protocol. Criminals may use the fake websites which look likes the original websites. They can use repeating alphabets in their website. For eg: www.bankofamerica.com is a real website and its fake website will look like www.bankoffamerica.com.

4. Always use a complicated and unique password for your online accounts, which is not easily guessable for criminals. Set a different password for each account. Never use the same password for all accounts. Use 2-step Authentication security method.

5. Use high quality paid AV Tools. Never compormise with your security by using free AV Tools. Criminals may use keyloggers to steal your credentials. If you have installed an Anti Virus software of good quality in your system,it will not be easy for criminals.

6. Use seperate card for online transaction which has less balance. In case if your account has been compromised by the hacker, the ratio of loss will be less.

7. If you are using mobile banking on smartphone, update all the apps and softwares time-to-time. Because all the outdated softwares are malwares.

It is your responsibility to protect your money from online fraud. Awareness about this is must, because internet is a place of advantages for both common user and cyber criminal.

Stuxnet Is Only The Tip Of The Iceberg

Stuxnet, the world-famous computer worm that destroyed Iran’s centrifuges at the Natanz uranium enrichment plant, was only one part of a much larger operation. Nitro Zeus, as the plan was known internally, was to target Iran’s communications systems, key parts of the power grid, and air defences if talk between the Islamic Republic and the West failed to reach a peaceable resolution and the United States had to engage in a war between Israel and Iran.

Thousands of US intelligence and military personnel were involved in planning Nitro Zeus, and tens of millions of dollar were invested in successfully inserting surveillance and sabotage measures into Iran’s infrastructure. The Fordo nuclear enrichment site, long considered the most impenetrable of Iran’s nuclear facilities, was also targeted as part of the plan.

Nitro Zeus was brought to attention by the documentary Zero Days, which explores the atmosphere of the growing conflict between Iran and the West, as well as the tense collaborative efforts of Israel and the US to stop Iran’s programme. The movie, first shown at the Berlin Film Festival on Wednesday, was directed by Alex Gibney.

To uncover the covert operation, Gibney’s research team interviewed current and former members of the programme. They revealed details of the the efforts to sabotage Iran’s computer networks in preparation for a potential order to disable them.

This programme was a real trial by fire for the fledgling United States Cyber Command, which is still in the process of forming its cyber special forces and deploying them around the globe. “This was an enormous, and enormously complex, program,” one participant who requested anonymity told the New York Times. “Before it was developed, the US had never assembled a combined cyber and kinetic attack plan on this scale.”

“Ratopak" malware attacked on Russian Banks

Employees of six Russian banks had been targeted by a phishing campaign. Cybercriminals had targeted them by sending a harmful malware Ratopak, which is a spyware. This spyware is capable to take control of infected system. Security researchers at Symantec said that cybercriminals were running this campaign in December 2015.

Cybercriminals were very smart and they were sending emails to the employees of Russian Banks. They were using a domain to send the emails, which was looked like the domain of Central bank of Russia. Attackers were using “cbr.com.ru” domain to send emails and the original domain of bank is “cbr.ru”. Attackers were trying to trick the employees by sending them emails, which had a malicious link. When employees were clicking on this link, a spyware was automatically installing itself into computer system of user.

The security researchers of Symantec noticed many mistakes, which had been done by attackers. They were using a different type of “From to” field to enter the details of sender. The name of the sender in “from to” form and name in the signature were different. These were the mistakes from where researchers came to know that it was a phishing campaign.
 

How Ratopak was infecting systems of bank Employees?

Researchers said that Ratopak is very harmful Malware. It can work as a keylogger and can collect the key strokes typed by the employees. It can also take screenshots of the computer system. Besides of it, it can exchange the files between infected computer system and C&C server.

Ratopak was a hard coded Malware which was able to hide itself with the extension of “buh”. The meaning of “buh” in Russian language is “accountant”. Employees did not notice it because they think it could an accounting process, running on computer system. Before these Russian banks, many other financial firms were the target of this harmful Malware.

This malware had a quality of termination during code execution, when it recognize any other language expect Russian. Developers of this malware were well skilled and they were using a filter in its source code to do this. 

Also read: Gozi Banking Trojan is back, Targeting Window 10’s Edge Browser!

There are a number of cybercriminal groups in Russia and they are experts in hacking banks only to stealing money. Anunak and Carbanak are the two most famous groups of hackers. Both groups had steal more than $1 billion from banks of Russia and many other countries.

It is not clear yet, which group was running this hacking campaign. There could be another new group of hackers behind this.

Source: softpedia