Would You Give Away Your Front-Door Key Just Like That?

On the Internet, danger is lurking everywhere. Everybody knows. However, when danger appears in front of our very noses, we scarcely recognize it. Nevertheless, it’s often a matter of common sense.

If a complete stranger calls you with the request, “Could you just pass me your front-door key, because we are updating the locks,” everyone would name him a perfect fool. Why, then, do we act so carelessly when it comes to our Internet businesses?

Recently, the media reported about the substantial amounts of money snatched from people because of so-called cyberfraud. Swindle on the Internet is on the up and up. Bank accounts are often a popular target.

Fake e-mails

Cybercriminals try to get control of bank accounts in different ways. Phishing is one of the favorite methods to acquire precious data regarding an online banking account. Fraudsters send a falsified e-mail or derive users to a bogus website that looks almost exactly like the original site. They are urged to fill out their username and password, often under the pretext of checking login credentials.

They are thus able to intercept the data and reuse them to log in.

Strong authentication provides an answer to this problem. Two-factor authentication, as this method is also called, assumes that two elements are needed to log in securely: something you have (such as a DIGIPASS device that generates one-time passwords) and something you know (such as a PIN code or a static password). Both elements have to be filled in during the login process. One-time passwords – as the name makes clear - cannot be reused and they only last for a limited number of seconds. That makes it meaningless to intercept them.

But technology alone is not enough.

Contact over the Telephone

The largest danger lies with the Internet user him/herself. If a user passes on his/her bank account’s confidential information to a shady party, even the most complicated technology becomes worthless.

Cyber criminals are aware of these human failings and have become more and more cunning. They used to try to convince Internet users to release confidential information with phishing techniques, but nowadays, they directly get into conversation with their victims. This method is called vishing (a contraction of voice and phishing), and it is the most recent way in which swindlers diddle information from their credulous victims. They pretend to be a bank clerk and tell their victims that there is a data update going on for which they need the victims’ passwords. Sometimes they even go further and dare to ask the challenge and response generated by DIGIPASS, the authentication device needed to logon to a bank account.

Naive Internet users are thus robbed by fraudsters without batting an eyelid.

Common sense

If we think twice, we know we have to be watchful. Imagine what you would do if a complete stranger called you and asked over the telephone to pass on your front-door keys. Would you do it?

But this is what happened in a couple of situations.

Strong authentication is the lock on your door with a unique, matching key. Only that particular key can open the door. If, however, the key is handed over to anyone pretending to be a bank clerk, you give full access to all your possessions.

The message that has to be driven into the Internet users’ mind is that suspicious practices have to be handled commonsensically. Banks, governments and security companies have to team up to make the vulnerable Internet user aware of possible dangers.

A few hints

To limit the risk of Internet fraud, it is advisable to heed these hints:

• Adequate protection on your computer remains indispensible. Make sure that your firewall, anti-virus program, anti-spyware software and phishing filter are installed correctly. Update them regularly. Always make your online payments from your own, protected pc. Never ever fulfill your payments from a shared computer in a cybercafe.
• Make sure that the website from which you conduct your banking business is sufficiently protected. This can be verified by the padlock that appears next to the Web address. This lock guarantees that the website is certified and thus safe. Always check whether the Web address is correct, since bogus websites all too often use a Web address that resembles the real website’s URL, but it is yet a little different.
• If the method deviates from the standard procedure, immediately end the payment procedure.
• Do not conduct any telephone conversations in which an unknown person pretends to be an employee at your bank. Do not, under any circumstances, share confidential login or bank account data with someone you do not know. For that matter, a bank never asks for confidential information over the telephone.
• Check your bank statements on a regular basis, so that you will detect a case of fraud very quickly. Inform your bank when there is something fishy.

In closing, common sense remains of the utmost importance. Remember: you do not give your front-door key to every Tom, Dick and Harry. So why should you then do it with your confidential bank data?