PORTLAND -- Just in time for the shopping season, there’s a new online scam targeting people who do their banking from a computer or a mobile device.
It’s convenient, it’s easy and about 300 million people do their banking online every year. Most mobile devices and banks offer apps to help make the banking experience more convenient. But the online banking experience is now facing a new threat. And the bad guys are getting creative.
“We're starting to see an increased correlation between malware, traditional viruses, Trojan horses and things like that, being much more targeted to financial theft,” said Scott Waddell, the Chief Technology Officer for Portland’s iovation, one of the largest online fraud protection companies in the world.
Here’s how the latest scam works: You visit a website, read an email or even click on an unknown attachment or picture, and the malware is automatically loaded onto your device.
Then when you visit your online banking website, the virus starts stealing your money. And Waddell said, because the virus is on your device before you log on to the bank's site, your secure password is basically useless.
“A lot of the newer malware is waiting until you've authenticated, hanging out in stealth mode of your device, and then exploiting the already encrypted, secured session that you've established with your bank to execute transactions you don't know about,” he said.
But the scam then takes it a step further. Waddell said the virus will clone your bank statement, and make it appear that your balances have not changed. When you look at your statement, it’s been cloned and it looks like you still have money in the accounts.
“The balance on the ATM says this, my receipt says this,” said Daniel Koza, who does his banking online nearly every day.
He said what makes this threat worse is the virus is wiping you out, without you even knowing it.
“It's kind of terrifying that it could be fraudulent, and it might not be accurate," Waddell agreed. “I somehow feel protected, but yeah, it’s a sense of false security if you see a balance that's just not true.”
“Everything you see on the screen is getting intercepted coming back from the bank, and making it look like what you wanted to happen is actually what happened,” he said.
So how can you protect yourself?
First, Waddell said don’t access your banking information using Microsoft Windows. And that’s only because it’s the most widely used.
“Most of the malware that's out there, the vast majority of it is still targeting Windows. That doesn't mean every other operating system is inherently secure, it’s just a function of population and that's what the bad guys target first.”
Waddell also said it’s important to try to use a device for banking that’s not being used for browsing or opening unknown emails or attachments. That’s where the virus can get to your device. And, if you want to be really safe, he said it’s a good idea to visit your bank, or call their toll-free number.
And with more and more people using online banking, especially on their mobile devices, Waddell said stealing your money is becoming big business.
“It’s a business. There are gangs in Russia, China, Africa that do this for a living. They have sweatshops that look like call centers that, you know, are diversified in the kinds of attacks that they're executing.”