Cyberthieves using an email virus have been raiding British bank accounts, so far stealing 20 million pounds, equivalent to about $31 million, the National Crime Agency disclosed. The virus, known as Dridex, Cridex or Bugat, invades users’ computers by appearing as a document attached to legitimate-looking emails. If users open the document, the virus installs malware that then records login and password details when the victim visits his or her bank’s website. The information gets passed back to the cyberthieves, who use the information to rob the victim’s bank account.
The announcement followed the indictment of one of the thieves in Pennsylvania, where U.S. authorities are cooperating with British and international agencies to disrupt the cybercrime ring, believed to be based in Eastern Europe. No matter where you live, cyberthieves are out there looking for your bank account information. Taking steps to safeguard your data can keep you from becoming their next victim.
Beware of Suspicious Messages & Software
Bank of America recommends several tips to protect yourself from malevolent phishing emails and social media messages such as those using the Dridex virus. Never respond to emails claiming to be urgent messages from financial institutions requesting account information. Forward suspicious emails to your financial provider’s security team. Don’t open attachments or install free software from unknown sources. Be cautious about clicking on links in social media messages that link to questionable sites, even if they seem to come from someone you know. When in doubt, don’t click.
Keep Your Software Security Updated
Keeping your software current provides another important line of security against attacks such as Dridex. Use the latest operating systems and browsers. Make sure you keep your operating system and browser updated with the latest security patches. Use a good antivirus program and set it to update and run scans frequently. Install a firewall for additional protection.
Guard Your Physical Security Environment
Protecting your physical environment is another part of keeping your online accounts safe. Don’t leave passwords lying around where others can see them. Watch out for “shoulder surfers” who try to look over your shoulder when you’re using an ATM machine or filling out a form. Some shoulder surfers use sophisticated methods such as binoculars, hidden cameras, and recording devices. You can read Lifelock’s blog to learn more about how to protect yourself from shoulder surfers.
Protect Your Devices
Your mobile devices represent another target for cyberthieves. The best protection is not storing your bank account information on your mobile device. Your bank may provide apps to help you use your mobile device safely without compromising your information. To protect other personal information that may be associated with your bank account, turn on your device’s screen lock option so that unauthorized users can’t access your data.
Don’t Connect to Insecure Wireless Networks
Connecting to an insecure wireless network is another way you can unknowingly expose information to cyberthieves. Don’t use public networks in high-traffic areas to access your bank account. Set your mobile device to ask your permission before connecting you to unfamiliar local networks. Make sure you’re using encryption.
Be Smart on Social Media
What you post on social media can expose you to cyberthieves. Avoid posting information such as birth dates, addresses, phone numbers, and email addresses.
Use Strong Passwords
Good password selection can help keep your accounts safe. Chose a password at least eight characters long that includes letters, numbers, and symbols. Don’t use your Social Security Number as part of your password. Don’t use the same password for your bank account that you use for social media or other sites. PC Magazine suggests using a password manager software program to help you generate strong passwords.
Monitor Your Accounts Regularly
Checking into your accounts frequently will help keep you alert to any suspicious activity. Signing up for automatic notifications from your financial provider will help you stay up-to-date on your account activity.
Log out When You’re Done
Whenever you end a session logging into your bank account, make sure to log out when you’re done. This will help stop session hijackers. Setting your browser to clear your cache when you close it will also help keep your data safe.