Think you know all the ways a scam artist can hack into your online account? Are you aware of all the phishing emails that go around? Reckon you can spot a dodgy website if you had to? Well be prepared to fight off a new threat as a different version of the SpyEye ‘trojan horse’ has been identified. This virus is not only capable of stealing your money, it then cons you into thinking that it is still there. When you log onto your online bank, you will not see any signs that there have been transactions that the fraudsters have been clearing out your bank account. And amazingly, your balance will look exactly the same as the last time you logged on, so you will think that everything is ok and have no idea that your account has been tampered with. The way this virus works is that it steals your bank passwords and memorable information that allows access to your account. Then when you log on, entering these very same password details, it manages to quickly adjust what you are viewing over the secure pages. It does this so effectively so that it has more time before you realise something is wrong and contact your bank to put a stop on your debit card and reset your password and memorable information. The only way you will find out that you have been a target for these fraudsters is that your bank will start refusing to pay out direct debits and standing orders and possibly start raising charges for going overdrawn.
If you get paper statements it will show up on these but not necessarily on email ones. The new virus has already been detected on Windows PC, targetting banks in the U.S. and the UK. UK.Trusteer, a security company which detected the attack, says, “The next time the victim visits their online banking site, the malware hides the fraudulent transactions, as well as artificially changing the total balance. As a result, the deceived customer has no idea that their account has been ‘taken over’, nor that any fraudulent transactions have taken place. The software, a variant on a commonly used cyber attack, has been ‘tweaked’ so that as well as its usual attack – grabbing passwords and login information from your web browser without you knowing, it also adjusts your balance when you next visit your bank’s web page.”
“SpyEye is a tweak of the Zeus crimeware kit that grabs web form data within browsers,” maintains the Naked Security blog at web security experts Sophos. “This year, right before the recent holiday season, Trusteer found a hopped-up version of SpyEye attacking banks in the U.S. and U.K. The new Trojan, instead of intercepting or diverting email messages, hides bogus transactions even after users have logged out and then logged back into their accounts. This version of SpyEye both hides the fraudulent transaction and masks the amount of the transaction, putting forward a fake balance and ensuring that victims are oblivious to anything being amiss.” The problem lies with the fact that SpyEye is such a hi-tech cyber virus and as such, there are few visible signs that anything is wrong. You can defend yourself, however from such attacks. Make sure your browser is up to date, even if you have to manually update it. Ensure that your ‘anti-phishing’ option is switched to ‘on’ in Firefox, Chrome or Internet Explorer. This will check for ‘blacklisted’ websites and prevent your browser being directed to the ‘fake’ version that delivers your bank statement.