Criminals are in it for the money and there are many ways for them to make money online:
- Steal your passwords and bank details with viruses, fake emails and fake websites
- Ask you to provide security details
- Send spam with bogus offers and products
- Take over your computer and use it to attack other people's computers
- Use viruses to display unwanted adverts on your PC
Although keyboard logging is a real threat the software has evolved to the point where it can capture screen shots and mouse clicks as well as key strokes. So it can easily capture your pin even through the use of a scrambled pin pad.
Therefore the previous 5 digit pin which can be more easily brute-forced or guessed has been replaced with a stronger password much harder for an attacker to guess. With the use of a password, it would be cumbersome to enter it via an on-screen keyboard, hence the removal of the pin pad.
Fraud continuously evolves and adapts to the security that is implemented to combat it; as a result what was effective in the past may not be the solution for the future and as such we have removed the Passphrase from our online banking. The passphrase does not provide the same protection against phishing attacks as it used to.
The following steps mitigate the risk:
- Make sure you are visiting the real Investec site by looking the address bar and ensuring you are visiting https://login.secure.investec.com.
- In most modern browsers the address bar will be green if the website is legitimate so that is something to look out for as well:
- We have recently launched our iPad app that allows you full transactional capability. Since the iPad application does not rely on the client to enter the address, it is immune to phishing attacks and is by far the best solution to the phishing problem.
- We are in the process of developing a smart phone application that will allow you to authenticate your login to online banking without the use of an OTP. This is called “full out-of-band” authentication and will be released soon. So even if an attacker has managed to steal your credentials via a phishing site, you will still need to authenticate the transaction via the application, which will alert you when something suspicious is happening and prevent the transaction from going through.
“Spyware’ are programs or files that often arrive hidden as part of a bigger, ‘legitimate’ program or file.
A good up-to-date local anti-virus in most cases will catch and remove these programs, but there are always the unfortunate few who get caught before the antivirus is updated.
You can often tell when your machine has been compromised, if you see pop up advertising, your device settings have been changed and it won’t let you change them back, your web browsers suddenly have new ‘features’ you didn’t install yourself and lastly, your machine seems to be much slower than normal.
Social engineering is the act of manipulating people into divulging confidential information without them even aware of it at the very least, or mistakenly thinking they are talking to a legitimate representative. This information is then used in a bigger, more complex fraud in most cases.
If you ever receive a call from any authority, insist on calling them back. Never use the number provided unless you can independently verify it is correct.
Always be aware of how much personal information your provide strangers, however legitimate or nice they may seem and be wary of providing credit card details over the phone