5 Methods Hackers Use to Break Into Your Bank Account
Whatsapp Pinterest
Advertisement

With so many users making the jump to internet banking, it’s no wonder that hackers are on the hunt for login details. What may be surprising, however, are the lengths that hackers go to in order to access your finances.

Secure your inbox with our free Email Security Course!

This will sign you up to our newsletter

Enter your Email

Here’s a look at how hackers target your bank account and how to stay safe.

1. Mobile Banking Trojans

These days, you can manage all of your finances from your smartphone. Usually, a bank will supply an official app from which you can log in and check your account. While convenient, this has become a key attack vector for malware authors.

Fake Apps

The simpler means of attack is by spoofing an existing banking app. A malware author creates a perfect replica of a bank’s app and uploads it to shady third-party sites. Once you’ve downloaded the bad app, you enter your username and password into it, which is then sent to the hacker.

App Hijacking

The sneakier version of this is the mobile banking Trojan. These aren’t disguised as a bank’s official app; they’re usually a completely unrelated app with a Trojan installed within. When you install this app, the Trojan begins to scan your phone for banking apps.

When it detects a banking app being launched, the malware quickly puts up a window that looks identical to the app you just booted up. If this is done smoothly enough, the user won’t notice the swap and will enter their details into the fake login page. These details are then uploaded to the malware author.

Typically, these Trojans also need an SMS verification code to complete the hack. To do this, they’ll often ask for SMS read privileges during install, so they can steal the codes as they come in.

How to Defend Yourself

When downloading apps from the app store, keep an eye on the amount of downloads it has. If it has a very low amount of downloads and little to no reviews, it’s too early to call if it has malware or not.

This goes double if you see an “official app” for a very popular bank with a small download count—it’s likely an imposter! If you’re interested in learning more, be sure to read our guide on how to avoid Trojans How to Avoid Downloading Trojans to Your Android Device How to Avoid Downloading Trojans to Your Android Device Trojan attacks are sneaky because they can steal your personal details and sensitive data without you even realizing it. Here's how to avoid Trojan infections on Android devices. Read More .

Likewise, be careful with what permissions you give apps. If a mobile game asks you for SMS read permissions with no explanation as to why it wants them, stay safe and don’t allow the app to install. Never install apps from third-party sites, as they’re more likely to contain malware.

2. Phishing

As the public becomes savvy toward phishing tactics, hackers have escalated their efforts to trick people into clicking their links. One of their nastiest tricks is hacking the email accounts of solicitors and sending phishing emails from a previously-trusted address.

What makes this hack so devastating is how hard it would be to spot the scam. The email address would be legitimate, and the hacker could even to talk to you on a first-name basis. This is exactly how an unfortunate home buyer lost £67,000, despite replying to an email address that was previously legitimate.

How to Defend Yourself

Obviously, if an email address looks suspicious, treat its contents with a healthy dose of skepticism. If the address looks legitimate but something “seems off,” see if you can validate the email with the person sending it—preferably not over email, in case the hackers have compromised the account!

3. Keyloggers

This method of attack is one of the quieter ways a hacker can gain access to your bank account. Keyloggers are a type of malware that records what you’re typing and sends the information back to the hacker.

That might sound inconspicuous at first, but imagine what would happen if you typed in your bank’s web address, followed by your username and password. The hacker would have all the information they need to break into your account!

How to Defend Yourself

Install a stellar antivirus and make sure it checks your system every so often. A good antivirus will sniff out a keylogger and erase it before it can do damage.

If your bank supports two-factor authentication, be sure to enable this. This makes a keylogger far less effective, as the hacker won’t be able to replicate the authentication code even if they get your login details.

4. Man-in-the-Middle Attacks

Sometimes, a hacker will target the communications between you and your bank’s website in order to get your details. These attacks are called Man-in-the-Middle What Is a Man-in-the-Middle Attack? Security Jargon Explained What Is a Man-in-the-Middle Attack? Security Jargon Explained If you've heard of "man-in-the-middle" attacks but aren't quite sure what that means, this is the article for you. Read More (MITM) attacks, and the name says it all; it’s when a hacker intercepts communications between you and a legitimate service.

Usually, an MITM attack involves monitoring an insecure server and analyzing the data that passes through. When you send your login details over this network, the hackers “sniff out” your details and steal them.

Sometimes, however, a hacker will use DNS cache poisoning to change what site you visit when you enter a URL. A poisoned DNS cache means that www.yourbankswebsite.com will instead go to a clone site owned by the hacker. This cloned site will look identical to the real thing; if you’re not careful, you’ll end up giving the fake site your login details.

How to Defend Yourself

Never perform any sensitive activities on a public or unsecured network. Err on the side of caution and use something more secure, such as your home Wi-Fi. Also, when you log into a sensitive site, always check for HTTPS in the address bar. If it’s not there, there’s a good chance you’re looking at a fake site!

If you want to perform sensitive activities over a public Wi-Fi network, why not take control of your own privacy? A VPN  service encrypts your data before your computer sends it over the network. If anyone is monitoring your connection, they’ll only see unreadable encrypted packets. Picking a VPN can be difficult, so be sure to read our guide on the best VPN services available. The Best VPN Services The Best VPN Services We've compiled a list of what we consider to be the best Virtual Private Network (VPN) service providers, grouped by premium, free, and torrent-friendly. Read More

5. SIM Swapping

SMS authentication codes are some of the biggest problems for hackers. Unfortunately, they have a way to dodge these checks, and they don’t even need your phone to do it!

To perform a SIM swap, a hacker contacts your network provider, claiming to be you. They state that they lost their phone, and that they’d like a transfer of their old number (which is your current number) to their SIM card.

If they’re successful, the network providers strips your phone number from your SIM and installs on the hacker’s instead. This is achievable with a social security number, as we covered in why 2FA and SMS verification isn’t 100% secure. It's Time to Stop Using SMS and 2FA Apps for Two-Factor Authentication It's Time to Stop Using SMS and 2FA Apps for Two-Factor Authentication While two-factor authentication is generally a good thing, you may be shocked to know that SMS and 2FA apps are both insecure. Here's what you should use instead. Read More

Once they have your number on their SIM card, they can circumvent SMS codes easily. When they log into your bank account, the bank sends an SMS verification code to their phone rather than yours. They can then log in to your account unimpeded and drain your account.

How to Defend Yourself

Of course, mobile networks typically ask questions to check if the person requesting the transfer is who they say they are. As such, to perform a SIM swap, scammers typically harvest your personal information in order to pass the checks. Even then, some network providers have lax checks for SIM transfers, which allowed hackers to easily perform this trick.

Always keep your personal details private to avoid someone stealing your identity. Also, it’s worth checking if your mobile provider is doing their part to defend you from SIM swapping. If you keep your details safe and your network provider is diligent, a hacker will fail the identification check when they try to SIM swap.

Keeping Your Finances Safe Online

internet banking is very convenient for both customer and hacker alike. Thankfully, you can do your part to ensure you’re not a target of these attacks. By keeping your details safe, you’ll give hackers very little to work with when they take aim at your savings.

If you’d like to know more on keeping your finances safe on the internet 10 Tips to Keep Your Online Bank Account Secure 10 Tips to Keep Your Online Bank Account Secure Switching to online banking comes with some security risks. These tips explain how to keep your online bank account safe. Read More , try our guide on buying goods safely online How to Safely Buy Online with Privacy & Security How to Safely Buy Online with Privacy & Security Competing with established online stores are smaller, lesser known businesses trying to compete. But can you trust them with your Visa details? And how can you better protect yourself when shopping online? Read More .

Image Credit: stokkete/Depositphotos

Explore more about: Hacking, Keylogger, Phishing, Smartphone Security, Trojan Horse.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. dragonmouth
    February 26, 2019 at 1:04 pm

    The price of convenience is security and privacy. To protect your bank account, do your banking in person. It may be oh so convenient to bank using your smartphone from the comfort of your couch but how convenient is it to have your account(s) compromised and/or all your money stolen?

    Just because you can conduct all your business online, does not mean you should.

    • Simon Batt
      February 27, 2019 at 3:19 pm

      Very true! Everyone's keen to embrace the convenience of technology, but not as many people think about how much this opens up more avenues for hackers to use. Perhaps everything going digital isn't as great as it first seems!