How to avoid having your bank account drained

The malware epidemic has matured into a sophisticated criminal tool for sucking cash out of bank accounts.  Here are some basic tips to stay clean of the threat of malware.

–          Never open attachments or click on URLs in emails from anyone you did not specifically request them from.  Even email appearing to come from acquaintances can be infected or have links that lead to malicious websites.

–          Keep virus and malware scanners up to date and set them to scan regulary.  AVG Free, Malwarebytes Anti-Malwar and Spybot is good free Virus, Mal-Spyware combo.   AVG has a good integrated “Internet Security” product that includes a personal firewall, spyware, file transfer and social network protection for $50.

–          Be paranoid.  There are viruses and malwares created and supported by criminal software vendors whose goal is 100% FUD(fully undetectable) virus and malware products with tech support for the end user(thief/ criminal).  They are supplying frequent updates and patches to their products in the same way a legitimate software company does.  The updates keep their product one step ahead of the AV/AM/AS vendors.  Even fully-patched systems are vulnerable.

–          Email isn’t the only way these threats present themselves.  URLs in web search results, banner ads, images, audio and video files are other ways systems are getting infected.

–          The only true defense is behavior: not clicking, not opening, etc.

Here is an example of the IRS email I have rec’d many times.  Looks real enough.  If you are busy and a user of the IRS EFTPS system, you might actually click the link.

4 giveaways of a phony email that wants to steal something from you:

1)  Unexpected communication.

2)  Bad English or grammar.  How many GS mistakes can you find below?

3)  A different link than the one written.  I have changed the link in this post.  It’s harmless.  But hover over it in your browser to see the actual address.  You can check a link before clicking in the same way in outlook.

4)  IRS using a gmail account? Probably not.

And what happens when you click the link?  I don’t want to scare you, but the link scanner I ran this through recommend highly that I avoid clicking the link.

From: Vance Example [mailto:example@gmail.com]
Sent: Tuesday, October 19, 2010 12:16 PM
To: Eric M. McQuaid
Subject: SPAM: (HIGH) Report. Your Tax Payment ID: 010339115 has been failed.


Your Federal Tax Payment ID: 01037596079 has been rejected.
Please, check the information and refer to Code R21 to get details about your company payment in transaction contacts section:
https://eftps.gov/R21

 

Return Reason Code R21 – The identification number used in the Company Identification Field is not valid.
In other way forward information to your accountant adviser.

on the site. James was appointed guardian of his two younger brothers, William Wright and Joseph Tarpelin,
EFTPS:
The Electronic Federal Tax Payment System


WARNING!
You are using an Official United States Government System, which may be used only for authorized purposes. Unauthorized modification of any information stored on this system may result in criminal prosecution. The Government may monitor and audit the usage of this system, and all persons are hereby notified that the use of this system constitutes consent to such monitoring and auditing. Unauthorized attempts to upload information and/or change information on this web site are strictly prohibited and are subject to prosecution under the Computer Fraud and Abuse Act of 1986 and Title 18 U.S.C. Sec. 1001 and 1030.

 

Tags: , , , , ,

If you enjoyed this article, get new ones by email (it's free).

Email:

You can unsubscribe anytime and we will never share or sell your email address.



2 Responses to “How to avoid having your bank account drained”

  1. Barry M. on 06. May, 2011

    The more I read about and come across this sort of malware infection the more I am convinced that using Windows for anything serious on-line is just asking for trouble eventually.

    Might be that using a Linux distro in a virtual environment within Windows would be a more secure option for those unable or unwilling to fully disassociate themselves from Windows ?

    Still doesn’t get around the social engineering aspect but would at least keep the malware out !

  2. emcquaid on 12. May, 2011

    Funny you mention this.

    I just ran into a company last week called Invincea selling a virtualized browser. When it detects an attack, it crumples the instance and starts a new one. It is a fundamentally secure way to browse in a very dangerous world wide web.

Leave a Reply