Here in Vanuatu, online fraud victims are rare due to the small number of targets and low levels of technology. Nonetheless, localised attempts have been seen circulating, and online international transfers are possible through ANZ and Westpac. Fraudsters are using increasingly sophisticated ways of learning about you and your financial arrangements, so be wary.
In days of old, an email would blindly be sent out to several million people telling them to “click here” to verify their online bank access,. Major banks were chosen so that a significant number of the email recipients were likely to be members of that bank, and a small number of those would actually do as the email requested – which gave the fraudsters a login name and password, and so full access to an online bank account. This practice was called 'phishing'. Throw out enough lines and you are bound to catch something.
But now things are getting smarter. Fraudsters can collect personal information from a wide range of sources, and in particular from hidden software on your own computer. This software gets installed through a number of ways, mostly spyware, without your knowledge or involvement. Visit a certain webpage, download an attachment, even just open an email, and if your computer is unprotected by up-to-date anti-spyware and anti-virus, your computer joins thousands of others that are similarly infected. Your computer joins a 'botnet', or network of remotely controllable computers. These botnets are sold off on the internet to the highest bidder, a lucrative business apparently (in the millions of dollars).
The spyware collects information and sends it back to the botnet owner. The botnet owner can then use automated software to build an email specifically addressed to you containing personal information. You open an email that says it is from your bank, using your name, and displaying your address and bank account number (all of which is correct). The email displays a website address for you to click on which is the right one for your bank. But click on it, and you are redirected to a fake website, which looks exactly like your bank's. You login, but get an error webpage saying “Try again, login failed” or similar. Try again, and this time you are redirected to the real bank website, where you login successfully. Meanwhile, the fraudsters have your login name and password, and full access to your bank account. That day, it will be emptied.
Specifically targetting you is known as 'spear phising', as it is much more accurately aimed. Getting your web browser to redirect to a fake website is known as 'pharming'. The advice to combat phishing, spear phishing and pharming remains the same – be very untrusting of email, never give out your passwords, and never click on email links for sensitive tasks (type them in by hand or even better use a bookmark). And as always, you absolutely must have up-to-date anti-spyware and anti-virus software, and keep your computer itself up-to-date.
Alternatively, make sure you spend all your money as soon as you get it!
Any IT questions & comments? Email
- Tony Phelps is part of the Merlin Pacific IT team, dedicated to effective & efficient business IT.
