Security vendors and banks introduce new services and solutions to protect users when carrying out financial transactions online. We still have the ever-present risk of phishing emails attempting to trick us into disclosing sensitive data or security credentials by sending emails purporting to originate from our bank. Additionally, we have recently seen more sophisticated attacks such as cold-calls from “banks” informing the customer their card has been compromised and offering to collect it from them by courier.
However, there are steps we can take to protect ourselves from the scammers. Most of these attacks rely on the user disclosing sensitive credentials such as their password or PIN number. Remember, no-one should ever have reason to ask for your banking PIN number.
As well as checking the legitimacy of the other party, always consider how much information you are providing.
“Social engineering” attacks tend to be more successful when the attacker has access to large amounts of your personal data, even if it’s not directly related to your account. A quick check of your details on social networks could be an easy way of finding the answer to your security questions; they typically ask for things like your mother’s maiden name, your place of birth, your pet’s name or which school you attended.
Remember, the personal details check is simply to ensure you know the answers. There is no harm in you changing your mother’s maiden name from “Smith” to “Jones”, for example. The website won’t check if it is true. Also, consider how much information you are supplying online. Provide the minimum needed to “do the job”.
l Tony Kelly is senior security consultant, within Logica’s Cyber Security Practice