You read about it in the news all the time these days: “Zeus Banking Trojan steals $1 million from U.K bank accounts”or “SpyEye: New PC virus steals your money!”
More and more people are doing their banking online and criminals go where the money is. It is clear that malware designed to steal money from online banks has become a real and actual threat.
Creating banking trojans, unfortunately, is now pretty easy. There are ready made toolkits that criminals without the technical know-how can buy in order to create their own variant. A few clicks and the criminal has created his own personal piece of nastiness, designed to steal money from specific banks or accounts. Malware-as-a-service as our own Mikko Hyppönen put it.
So what exactly is a Banking Trojan? As with any other Trojan, it is a program that has been installed to your computer one way or another without you knowing its real purpose. Once there, it simply waits quietly in the background until you access your online bank. It will then start recording the information that you enter and send it back to criminals. It can now do automatic transactions in the background or alter the information that you see in order to buy time for the attacker to use your bank credentials for fraudulent transactions. Once the criminal has gotten your bank details there is no knowing what he or she can do.
So how to you protect yourself?
Here are 4 ways to make sure that when you bank on your PC, it’s as safe as it can possibly be.
1. Keep your operating system updated.
Think of your operating system as the walls around your house that keeps developing holes. Luckily, the maker of the wall will keep patching the holes. All you have to do is update your system software. You can do this on your Windows PC by going to windowsupdate.microsoft.com. On your Mac, you can go to the Apple menu and selecting “Software Update.”
2. Keep your software updated.
The programs on your PC also develop vulnerabilities that need to be patched or you may allow criminals a foothold into your life. You can update each application individually or you can use our free Health Check, which checks all of your major applications and your operating system to make sure they’re patched and protected.
3. Don’t click on links in emails from your bank.
It’s a good idea not to click on links in an email unless you specifically asked for it, such as a password refresh. A common practices is to spoof a bank’s look and send a scam email to thousands of recipients hoping to find a few that use the bank. You can avoid this by going to your bank’s site directly and calling them if you have a question.
4. Use Internet Security that has banking protection.
F-Secure’s Banking Protection automatically detects when you’re visiting an online bank. It notifies you that additional Banking Protection is enabled and adds an extra layer of security by only allowing access to banks or trusted sites that are necessary to do online banking. All other new connections will be prevented. In other words, there is no possibility for the attacker to get your bank details. Once you’re finished with your online banking, you simply end the Banking Protection mode and everything is back to normal. Sort of like unbuckling your safety belt when you’ve reached your destination. And no extra apps, plug-ins, or special browsers are required.
Banking Protection is a part of F-Secure Internet Security 2013 and works together with all the other security layers. All existing users of F-Secure Internet Security 2013 will receive Banking Protection as an automatic update in the first quarter of 2013, and those who do not want to wait can download the update now.
We hope you enjoy the protection!
Image credit: MoneyBlogNewz
#SLUSH15 is almost here, and F-Secure’s participating in this year’s event in a big way. There’s going to be a big #smartsecurity announcement about the Internet of Things, as well as a couple of presentations from F-Secure personnel. SLUSH, a well-known exposition for startups in the tech industry, has become a huge international event. Both SLUSH and F-Secure call Helsinki home, so it’s only natural for F-Secure to be an active participant at the annual conference. F-Secure made waves last year after the cybersecurity company hacked the venue’s bathrooms to get people talking about online privacy. Several of the company’s researchers and personnel also put in appearances at last year’s SLUSH, including cyber security expert Mikko Hypponen, and F-Secure’s Executive Vice President, Consumer Security, Samu Konttinen. [youtube https://www.youtube.com/watch?v=u93kdtAUn7g&w=560&h=315] [youtube https://www.youtube.com/watch?v=HB-qBhWV65s&w=560&h=315] And they’re both back this year! This year, Samu will be giving a keynote address on SLUSH’s Silver Stage. His talk is called “Your home, your rules – The internet of what ifs”, and runs from 11:45am to 12:00pm (Helsinki time) on November 11th. Samu’s enthusiasm for topics related to security and online privacy will give people valuable insights into how IoT devices are creating new security challenges, and what people can do to protect themselves. Mikko will be appearing on SLUSH’s Black Stage at 9:25am (Helsinki time) on November 12th, where he’ll deliver a talk called “The Online Arms Race”. Mikko recently did an interview about this same topic for V3.co.uk, so you can check that out if you want a quick preview about Mikko’s thoughts on this matter. You can follow all of F-Secure’s SLUSH news by following @FSecure_Sense, @FSecure_IoT, and @FSecure on Twitter.
Cyber Security Month is ending. We're sure you've already done the basics to avoid a digital catastrophe, as explained by F-Secure Security Advisor Sean Sullivan in a recent News from the Labs post on avoiding malware that can take your files hostage for ransom: Back up your stuff! Uninstall software and/or disable browser plugins that you don’t use. Keep the software that you do use up to date. But there's one last cyber security tip we want to pass on from our Janne who helps businesses avoid the kind of security errors that can cost them huge amounts of time and money. His advice: “Don’t even try to remember your passwords. That system you have so no one can possibly guess your password? The attackers know that one. Get a reputable password safe that you can sync to your phone and only ever use generated passwords.” This is the one cyber security tip you need to tell your boss -- if s/he hasn't told it to you already. You can use F-Secure KEY -- our password manager -- for free on one device. For more insight on how vulnerable your office is to online threats try our free Cyber Security Stress Test. We now return you to the other 11 months of the year when criminals hope you aren't thinking about cyber security. Cheers, Sandra
F-Secure Chief Research Officer Mikko Hyppönen sat down on Monday for a video chat with renowned tech journalist and broadcaster Leo Laporte on Triangulation. Laporte has admired Mikko and F-Secure from afar for more than twenty years, the host explained. So this first talk gave the two IT stalwarts a chance to talk over Mikko's nearly quarter century of work at F-Secure -- which he joined as a coder in 1991 when we were still known as Data Fellows. You can watch the whole interview below or download the audio here: [youtube https://www.youtube.com/watch?v=Cpg-5NO9oS8] The whole show is worth your time but to get ready to mark Mikko's silver anniversary at F-Secure, we thought we'd pull out some interesting lessons he's learned in more than two decades of tangling with digital threats. Driving a forklift -- Mikko's job before joining F-Secure -- has one big advantage over being an internationally known virus hunter. Once you're done with work for the day, you don't think about your job at all. Mikko told Leo that being Chief Research Officer at a company that protects hundreds of millions of computers doesn't give you that luxury. Some early malware creators went on to some very interesting things. Mikko told Leo about his trip to Pakistan to meet the two brothers who wrote the first PC virus more than 25 years ago, which you can watch below. Basit Farooq Alvi and Amjad Farooq Alvi wrote the program for what they saw as a legitimate purpose -- preventing copyright infringement. Today the brothers along with a third brother run a successful telecommunications business. Robert Tapan Morris -- the creator of Morrisworm the first computer worm -- is a member of the Computer Science faculty at MIT and a partner in Y Combinator, which helps launch tech startups.[youtube https://www.youtube.com/watch?v=lnedOWfPKT0] His number one security tip? Back up your stuff. "Back up your computer, your iPad, your phone. And back it up so you can access it even if your house burns down." The numbers when it comes to malware are huge. F-Secure Labs receives about 350,000 malware samples a day, seven days a week. "The amount of new detections we build on those samples every day is usually around 10,000... 20 [thousand] on a bad day." Mobile malware isn't a big problem -- except, perhaps, in China -- because Android and iOS are very restrictive. "If you are a programmer, you cannot program on your iPad," Mikko explained. All apps that end up in the Play or App Store have to be approved by Google or Apple respectively. This model, which Mikko compares to the PlayStation and Xbox ecosystems, may be good for security, but it does have some negative consequences. "It's also a little bit sad in the sense that when you have these closed environments, it's sort of like converting the users from producers to consumers." Mikko wrapped up the interview by explaining F-Secure's principles when it comes to protecting and respecting users' data: "We try to sell our products the old-fashioned way. You pay for it with your money, not your privacy." Cheers, Sandra P.S.: For some bonus Mikko, watch a public lecture he gave this week at Estonian Information Technology College. [youtube https://www.youtube.com/watch?v=UXSAaVx2EOo&w=560&h=315]