News last week that criminals have drained at least £20m from UK bank accounts is sure to have raised concern among those people who manage their money online.
In one of the worst cyber attacks ever seen, hackers used a piece of malware known as Dridex to gain access to passwords and usernames and siphon off money from accounts.
While this attack was mainly aimed at businesses, individuals are also at risk from cyber attacks. More than 7m cyber crime offences are being committed each year, according to the Office for National Statistics, which included these figures in official crime reports for the first time on Thursday.
Matt Bradford, head of the National Fraud Intelligence Bureau at the City of London Police, says: “Fraudsters are cashing-in online, and are using the internet to commit crimes which they would never have been able to execute in previous decades.”
Get Safe Online Week kicks off tomorrow, and ahead of the campaign – a partnership between the government, the National Crime Agency, the telecoms regulator Ofcom, law enforcement bodies and various companies including PayPal and Barclays – here are tips to prevent yourself becoming a victim.
Beware of suspicious links
Computer users should be careful of opening attachments sent from non-recognised email addresses. “We are naturally curious and it can be tempting to click on a link or open an interesting attachment, but by doing so you could be putting yourself at risk, as this is often how malware or viruses are installed,” warns Tony Neate, chief executive of Get Safe Online.
Always type the URL of your bank into your browser. Don’t use a link provided in an unsolicited email, as these could direct you to harmful sites that may infect your computer.
Protect your devices
Ensure you have an up-to-date antivirus program running on your computer or mobile device. There are plenty of options to clean up infected machines, eliminate viruses and which automatically update to meet the latest threats. Go to CyberstreetWise.com and GetSafeOnline.org to find a list of those available, along with further guidance on protecting yourself.
“Check that software is set to scan the device on a regular basis,” Neate says. “Android mobile phone users can check in the app store for security products – but make sure you do your research on these before installing.”
When you receive an alert saying an update is available on your computer or mobile phone, install it immediately. In addition, check that you are using a firewall to control the programs that can be installed on your machine.
Keep personal details off social media
Be very careful of giving out too much personal information, such as your date or birth, on Facebook, Twitter or other social media sites. Set the privacy settings on all social networking to maximum. Check your friends and contacts, and consider deleting those you don’t know well. You might have accepted a request without thinking.
Use strong passwords
These should be changed regularly and include a mixture of lower and capital letters, numbers and symbols. Avoid using words such as your favourite rubgy team, your pet’s name or your partner’s name. A trick is to create a mnemonic device to trigger part of a password. To do this, start with a memorable phrase made up of several words – for example, “It’s Raining Cats and Dogs”, which can become “IRCAD”. This makes it easier to remember but difficult to guess. The same method could be used for pins, by converting the letters to numbers.
If you think you’ve lost money through cyber fraud, report it to Action Fraud by calling 0300 123 20 40. If you receive online abuse or harassment, report it to your local police force.
WHAT IS DRIDEX?
Dridex is the name of a strain of malware designed to eavesdrop on victim’s computers in order to steal personal information such as usernames and passwords, with the ultimate aim of breaking into bank accounts and siphoning off cash, writes Alex Hern.
How does it spread?
The virus is spread through infected emails sent by its developers to targets. The emails typically contain an infected Microsoft Office file and attempt to trick the user into opening the attachment. Unlike malware known as “worms”, Dridex doesn’t spread on its own. Rather, the victim must be specifically targeted for infection.
How is it used to steal money?
Once installed, Dridex has a significant amount of control over the user’s computer. It can upload, download and run programs, as well as snoop on internet browsing by directly looking at network traffic and by taking screenshots of the browser window. The malware also adds the computer to the wider Dridex “botnet”, which allows its controllers to communicate with the infected computer through other systems, protecting them from law enforcement efforts.
Then, it sits on the infected computer, waiting to steal logins to high-value services. As well as banking details, which are the main target of the attack, it also keeps an eye out for other login credentials such as social media.
Who is it targeting?
Dridex seemed to particularly focus on small- and medium-sized organisations, rather than individuals.