by July 1, 2005 0 comments



If you’re scared of accessing your bank account over the Internet by now, you should be. But that doesn’t mean you can’t do anything about it. There are ways of figuring out fake bank sites. The first thing for you to remember is that you can’t afford to
carelessly punch in your account details without checking the authenticity of the website. You need to take a few precautions before logging in. Provided here are some best practices you should follow.

Handling e-mail requests
You should be alerted if you receive a mail that’s supposedly from your bank, and requests you to submit your personal account information online. You may want to call up and cross check with your bank on whether such an e-mail was sent. If the email has given a telephone number, be sure you don’t use that. If you want to send an e-mail to your bank for cross-checking, and get a reply back, check whether the
reply has been digitally signed or not. We’re not saying that a bank can’t send e-mail without digitally signing them, but it’s just an added precaution. The reason is that ordinary mail can be intercepted in the middle and manipulated.
Ignore those lengthy mails from the ‘Nigerian General’s widow’ or some other source, which want to transfer a huge sum to your bank account. Any such mail from an unknown source wanting to do that is purely a hoax, so simply delete it.

Lastly never click on any link given in an e-mail, as this can do more than launch your Web browser. It’s better to type the address manually in the Web browser.

Check your hosts file
This has suddenly come up as a critical element in a phishing or pharming attack. One attempt that a scamster can make is to modify your hosts file or try to replace it with his own version. The hosts file usually
resides in c:\windows\system32\drivers\. The scamster can infect your machine with a Trojan to do this. To solve this issue you can do a very small trick. First of all, remember that you don’t really need the hosts file to be there at all. You can delete it, because
Windows uses your ISP’s DNS server to resolve all IP addresses. But deleting it once and forgetting about it may not be the
answer. One thing you can do is to create an autoexec.bat file using Notepad and put it in your boot drive (usually c:\). Add the
following line to it:

del c:\windows\system32\drivers\etc\ hosts

Online
anti-phishing/pharming resources
While there’s tons of information available online to combat online scams, here are a few prominent ones that you should check out to find out the latest threats and how to protect yourself against them.
www.scambusters.org: Protect yourself from the Internet scams
www.banksafeonline.org.uk: How to stay safe when banking online
www.antiphishing.org: Anti-Phishing Working Group
www.ifccfbi.gov: Internet Fraud Complaint Center (US)
www.scamwatch.com: File scam complaints
www.cyota.com: Anti-fraud solutions for financial institutions
www.readnotify.com: Find out information about your mail recipients

This will ensure that everytime you boot your machine, this file will be deleted.
Alternately, if you don’t want to delete the file, you can create a shortcut to it on your desktop and keep opening it periodically and deleting any suspicious entries. Last point to note here is that the Trojans have
become very smart in modifying this file. What they will do is that they will place the entries at the bottom of the file, so that they’re not visible if you open it in Notepad. So when you open the file, go all the way to the bottom to check for suspicious entries.

Look for the security lock
Whenever accessing your bank’s website, ensure that it says ‘https’ in the login URL and not ‘http’. Next notice whether there’s a lock symbol on the browser somewhere. This is your bank’s digital certificate issued by a certificate authority. It’s at the
bottom right in Internet Explorer (see article on ‘Real or Fake’).
Double click on this icon to see whether the certificate is authentic. Another key thing that you should note is the kind of Web pages that your bank uses. So if your bank uses *.jsp pages, while the one on your URL says *.HTML, then you have a problem.

Accessing from a cyber café
It is very risky to do online banking or other financial transactions from a shared network like a cyber café, or even over your local cable guy’s broadband link. But if you must do it from there, then check whether the bank has some special provision for logging in from cyber cafés.

Tools you can use
While most of the protections against such security threats are cross checks and precautions, there are also tools available that can also help. For instance, there are
e-mail tracking tools available that can actually track where your e-mail is going. So if you suspect that the email you’ve received is not from your bank, and you’ve accidentally responded to it, then you can use these tools to find out whether your reply was read, and in which city was it read. So if your bank is in Mumbai, but the e-mail response came from Timbucktoo, then you should be concerned. One thing is to immediately stop the e-mail dialog with the scamster. In addition to this, there are tools that can help you determine phony sites.

Lastly, of course, keep your systems updated with the latest, be it for anti-virus, the OS, or any other software you use. Keep the firewall turned on to track suspicious traffic moving in and out of your system. All these will help make your online banking experience as safe as possible.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.