Your money: How to safeguard yourself against phishing or malware attacks

In view of the growing frequency of such attacks, individuals need to adopt stringent measures

Phishing attacks aimed at stealing your money are increasing in frequency. Kaspersky Lab has found that 47.8 per cent of all the phishing attacks carried out in 2016 globally, which were blocked by its detection technologies, were financial phishing attacks. They were aimed at obtaining valuable personal information from the victim: bank account numbers, credit card and online banking passwords, and so on. Another threat that has emerged is from ransomware. In 2014-15, the percentage of users encountering ransomware as a proportion of all malware attacks stood at 3.77 per cent in India. That figure rose to 9.60 per cent in 2015-16. From 1.44 lakh, the number of ransomware attacks rose to 3.26 lakh, an increase of 126 per cent. While many of these attacks are targeted at institutions, many are also directed against celebrities and high net worth individuals.
  

Phishing can be carried out over the phone or the Internet. In the former type of attack, the perpetrators first get hold of some basic information about you, such as your name, phone number, address, and date of birth. They then call you, pretending to be calling from, say, your bank. They supply the information they already have about you to establish their credibility. Once they have gained your confidence, they could tell you that your account has been compromised. In the next step, they could ask you to generate an OTP, or ask for your CVV. They then use this information to conduct a transaction and rob you of your money.
 

Internet-based phishing attacks can be carried out through fake websites. When you want to go to an established company's website, say, amazon.in, a fake website may load with a very similar URL, such as amazonn.in. "If you are not paying attention and the look and feel of the website are very similar to that of the original, you could enter critical information there, such as your login ID and password. This data gets captured and could be used to conduct fraudulent transactions from your account on the original website," says Reshmi Khurana, managing director and head of South Asia, Kroll, a global risk solutions provider. Besides phone and websites, your vital information can also be stolen via emails that have hyperlinks. Such emails typically promise you rich rewards. As soon as you click on the hyperlink, you are led to a site where any data that you enter gets stolen.
 

Ransomware is a type of malware that can disable your computer (or even entire systems of institutions). The attacker then demands a ransom to enable your system again.    
 

To protect yourself from phishing attacks, guard your vital financial data closely. "Don't share your ATM PIN, CVV code, or internet banking login credentials with anyone, even your close friend or someone pretending to be a bank employee. Don’t believe any emails from the bank asking you to enter such information," says Altaf Halde, managing director, Kaspersky Lab (South Asia). Before logging in and entering your banking credentials, make sure that you are not using a fake website. Always logout of all financial services before you close a browser tab or click on the back button. Avoid conducting financial transactions via public wi-fi, or even over someone else's computer or in internet cafes, which could be compromised. One suggestion that Halde offers to improve security is to have a separate credit card for carrying out online transactions. "This card should have a very low balance. You could even use virtual cards for this purpose, which are cheaper. Using such a card will limit the extent of your loss," says Halde.
 

Use strong and unique passwords and two-factor authentication method to protect your financial accounts. If you find it difficult to remember many passwords, use a good password manager.
 

If you are the victim of a ransomware attack, you should never pay up but should seek expert help. Disable script execution in browsers, since they are the cyber crook’s favourite tool. Make file extensions visible in Windows Explorer. Consider enabling features like System Watcher and Trusted Application Mode, which restrict the installation of unauthentic programmes. Finally, install a total security solution from a well-known brand not just on your laptop but also on your mobile devices.