With so many people moving to internet banking, it’s no wonder that cybercriminals seek to hack bank accounts. What may be surprising, however, are the lengths these individuals will go to in order to access your finances. Here’s a look at how someone can hack your bank account and how you can stay safe.
1. Mobile Banking Trojans
Fake banking apps have become a simple route for facilitating a bank account hack. This attack involves the hacker creating a replica of a legitimate banking app and uploading it to third-party websites. When you download this app, it prompts you for a username and password. If you enter your details, they’re sent to the hacker.
The sneakier version of this attack is the mobile banking Trojan. These aren’t disguised as a bank’s official app; instead, they’re usually completely unrelated apps with a Trojan installed within. When you install one, the Trojan scans your phone for banking apps.
This malware variety plays an integral role in the entire process of bank account hacking. When it detects the user launching a banking app, the malware quickly creates a window that looks identical to the app you just booted up.
If this is done smoothly enough, the victim won’t notice the swap and will enter their details into the fake login page. These details are then uploaded to the malware author.
Banking Trojans typically need an SMS verification code to access your account. To do this, they’ll often ask for SMS reading privileges during the installation to steal the codes as they come in.
2. Phishing
Hackers have escalated their efforts to trick people into clicking phony links as the public becomes more savvy toward phishing tactics. One of their nastiest tricks is hacking solicitors’ email accounts and sending phishing emails from a previously trusted address.
This hack is so devastating because of how hard it is to spot the scam. The email address would be legitimate, and the hacker could even talk to you on a first-name basis. This is exactly how an unfortunate home buyer lost £67,000, as reported by The Guardian, despite replying to a previously legitimate email address.
3. Keyloggers
Have you ever seen someone’s password by looking at what they type into their keyboard? Keyloggers are the digital version of that. These usually come bundled in with malicious software and silently work in the background.
Whenever you type something on your keyboard, a keylogger sends the data back to a hacker. It doesn’t sound dangerous at first, but if the cybercriminal notices you typing in a banking website’s URL, followed by something that looks like a username and password, they can use that data to get into your account.
4. Man-in-the-Middle Attacks
Sometimes, a hacker will target the communications between you and your bank’s website to get your details. These are called Man-in-the-Middle (MitM) attacks, and the name says it all: it’s when a hacker intercepts communications between you and a legitimate service.
Usually, a MitM attack involves monitoring an insecure server and analyzing the data that passes through. When you send your login details over this network, the hackers “sniff out” your details and steal them.
Sometimes, however, a hacker will use DNS cache poisoning to change what site you visit when you enter a URL. A poisoned DNS cache means that “www.yourbankswebsite[dot]com” will instead go to a clone site owned by the hacker. This cloned site will look identical to the real thing; if you’re not careful, you’ll end up giving the fake site your login details.
5. SIM Swapping
SMS authentication codes are a huge problem for hackers. Unfortunately, they have a way to dodge these checks—and they don’t even need your phone to do it!
To perform a SIM swap, a hacker contacts your network provider, claiming to be you. They state that they’ve lost their phone and would like a transfer of their old number (which is your current number) to their SIM card. This is one of the most widely used methods to hack a bank account through a phone number.
If they’re successful, the network provider strips your phone number from your SIM and installs it on the hacker’s SIM instead. This is often achievable with a Social Security number, which someone could obtain through a data breach or the owner carelessly handing it over.
Once they have your number on their SIM card, they can circumvent SMS code protection easily. When they log into your bank account, the bank sends an SMS verification code to their phone rather than yours. They can then log in to your account unimpeded and take the money.
How to Stay Safe From Bank Account Hackers
Now you know the methods hackers use to crack your bank account open, here are some tips on staying safe:
- Stay safe when downloading apps by checking for fake or malicious entries.
- Learn about the different kinds of phishing and how to stay safe.
- Enable two-factor authentication on your account to stop keyloggers.
- Use a secure VPN when connected to a public Wi-Fi connection.
- Learn about SIM swapping and how you can protect yourself.
Internet banking is convenient for both customers and hackers alike. Thankfully, you can do your part to ensure you’re not a victim of these attacks. By keeping your details safe, you’ll give hackers very little to work with when they take aim at your savings.
