The National Hi-Tech Crime Unit (NHTCU) and the Association for Payment Clearance Services (APACS) have taken the unusual step this month of releasing a joint warning about new security threats to online banking users. The organisations have outlined a new scam which begins with people being emailed a notification that their credit card is to be billed for a fictitious transaction, complete with a link to a website where the customer can view the transaction in greater detail. Should the victim visit this website using a PC that is not properly secured the site will attempt to infect the machine with a Trojan horse type virus which both provides the criminal with remote access to the computer and installs a key logger. This allows the attacker to record all key strokes on the machine, making it easy to gain the login and password details for the userâs online banking systems.
Detective Chief Superintendent Len Hynds, head of the NHTCU said âThe NHTCU is continuing to work hard to bring the perpetrators of these elaborate scams to justice. The criminals behind these attacks are constantly evolving their techniques and changing tactics to target a wider range of victims. With this range of exploits being blended in one piece of code, it is not just about online banking. There is a second key logger and a program that allows the machine to act as a mail proxy that could be used by spammers. It is the Swiss Army knife of the cyber-criminal.â
Businesses should be particularly wary since this type of attack can supply hackers with the details they need to break into company networks, giving them access to a wide range of sensitive information. APACs issued a list of common sense guide-lines for users to protect themselves, citing the importance of installing up to date anti-virus and firewall software, downloading the latest operating system patches and treating all unsolicited emails with a high degree of caution. The full list of safety measures can be seen at: www.apacs.org.uk/staysafeonline