As the popularity of online transactions is on the rise, so are the attempts by unscrupulous entities to defraud you and make good with your money. Here are some common ways of cybercheats/defrauding the online citizenry and some must-have precautions when you are transacting online.
Most financial (banking, credit/debit card) hack attacks start with ‘phishing’ – a term given to an online scam where fraudsters steal a victim’s personal information by sending out emails that appear to have originated from legitimate financial institutions, mostly banks. These emails usually state that the user needs to urgently update or validate his/her account information after clicking on a link in the email. The link, however, leads the victim to a fraudulent website.
The information that is sought usually includes data such as usernames, passwords , bank account and credit card numbers, card expiry date, etc. Once the user enters his/her details there, the scammer comes in possession of information that can then be used to carry out bank transactions. Sometimes phishing emails also come with an attachment that automatically downloads malware onto computers. This malware could possibly record keystrokes , and steal critical data like logins and passwords without the user knowing. This information is then automatically sent to the scammer via the internet whenever the malware finds an open internet connection.
This tactic is a bit more sophisticated . Here, a victim is sent to a fraudulent site by employing the use of a computer virus, which could possibly have originated from a phishing email.
Websites are identified on the internet by way of their IP address. So whenever a user types in a URL, such as www.mybank.com, that address is translated into an IP address via a DNS server on the internet.
Now after a user visits a website for the first time, the DNS entry for that site is usually stored on his PC’s local cache so that his machine does not have to keep accessing the DNS server every time for the same website.
In pharming, a virus attacks the DNS cache and then modifies the entries there so the user is automatically led to a fraudulent site without him even knowing it. After that, it’s scamming as usual, where the user is prompted for his login and password.
It should be noted that some pharming scams also attack DNS servers, but these cases are rare because these servers are usually well protected against such attacks.
One of the ways that credit and debit cards can be compromised at points of purchase is by using a skimming device. This is a pocket sized scanner that is usually attached over the card reader. After that, when a customer swipes a credit or debit card, the skimming device secretly records the card’s information. That information is then transmitted to the scammers or stored on the device. The crooks later retrieve the device and use the information to create duplicate cards, or to make online transactions.
Source:– The Times Of India