Financial identity theft is what all and sundry needs to be aware of. “Oh my God! How could this happen to me? All my life savings is gone in a twinkle of an eye, am dead…..” was the faint yelling I heard coming out of the office of the manager of a local here in Nigeria. It happened that a woman in Port-Harcourt the Capital City of Rivers State of Nigeria lost a whooping N96 Million to fraudsters that have stolen her online banking identity.  Through the help of non-repudiation, the bank was able to exempt themselves from the whole blame as the woman ignorantly gave out her online information to hackers (men in the middle).                                                                                                                                      It is not my portion; I reject it, back to sender, Holy Ghost fire. I guess are some of the phrases that are probably coming out of your mouth. Well, this Article is written in an attempt to help you identify some of the new tricks and advanced Trojans that hackers have employed and possible ways of countering them.

The first and nastiest of the financial Trojans is “SINOWAL TROJAN”. This is the most active in the financial/banking malwares out there. SINOWAL belongs to a category of Trojan that changes continuously and are updated to steal credentials from financial institutions and High Net-Worth individuals. A variant of this malware is capable of modifying data on the fly. For instance, if the user is making a transfer on a bank Web page, the malware can alter the data of the intended recipient of the transfer. This is possible by the underlying malicious code running between the Web page, i.e. he user will be seeing the right input the/she is making while the actual data of the recipient will be different. This smoothly brings us to the next member of the Trojan family to discuss.

“TROJAN.SILENTBANKER”. This was named by a security company Symantec. This variant of Trojan can capture online banking transactions considered to be well protected by “two-factor” or “multiple-factor” authentication controls, i.e, combination of different authentication methods (it can be Biometric plus password). During the banking or other financial transaction, Trojan.Silent will change the user’s bank account details over to the hacker’s account, all while mimicking what the user would expect to see from a real banking transaction.

“MAN IN THE MIDDLE” or “MAN IN THE BROWSERS”. This Trojan is responsible for illegally transferring money from its victims’ bank account, steal a copy of the bank Web page that displays its victim’s account balances that exists prior to the cash transfer. The victim will always be fooled as far as he/she  checks his/her account balance online. Imagine what will eventually happen when the victim finally hit the bank. Am sure we both agree it will be horrible.

“PHISHING, PHARMING, SPOOFING AND SPAM MESSAGE ” These are social engineering tools employed by hackers to fool their victims into initiating an action that eventually allows them (trojans) to infect/ infiltrate a computer. Though, there are other ways of infiltrating a computer, the above social engineering tools are non-technical way of fooling individuals to unwittingly supplying their confidential information- often leading them to a fake Website or web page. The simple countermeasure against this is to add official e-mail addresses of your financial institutions. Also, try not to click on any link in the body of message. Always copy the link and paste it on the browser. Hope that rule is simple enough to obey.

“PHONY PHONE CALL” is another weapon that these NEGATIVELY SMART GUYS employ. Before now, they use to call their victims, but now, they place their phone number on fake site with official banner of your bank, demanding that you should call for important information. When you eventually call, you will be told that the security of your personal information has been compromised. They will immediately quote one non-existing personal data asking you to confirm it. PLEASE DO NOT FALL PRAY AT THIS POINT. At this point, many people have no choice but to defenselessly give out their personal online banking details. OH! TOO BAD. Please do not be in a hurry. Go the physical office of your bank to confirm. On the advanced side, if you are tech-savvy, use WHOIS and other web tools to find out the true owner of the website claiming to be the official website of your bank. Though, some fraudsters engage the service of privacy Security Company.

One question to ask at this point is: IS THERE NO HOPE FOR THE VICTIMISED AND POTENTIAL VICTIMS? On first look at the prevalence rate of identity theft and other cyber crime, one will think that there is no amount of education capable of protecting online resource users from the activities of these scamsters. However, the best we can all do at this point is to install a STRONG ANTI-MALWARE/ ANTI-VIRUS product on your computer. HEY, D’ONT FORGET TO ALWAYS UPDATE IT. Very important. At the time of this writing, some Nigerian banks have taken the bold step of sending confirmation data to user’s mobile phone, along with a code that must be entered to validate the transaction. Though, this is not without its drawback- Telecom companies.

Oh, less I forget, for those that have already contacted VIRUS/MALWARE, here is a tip for you (though advanced)

  • Disable the system restore before getting rid of the Virus to ensure that the system doesn’t inadvertently back up a copy of the Trojan software.
  • Make sure all virus definition are updated on the antivirus software.
  • Delete the value from the registry
  • Remove and discharge the RAM module

To combat the negative effect of KEYLOGGER software, here is a tip for entering your password. Never enter your personal information serially- especially PASSWORD. What I mean is to enter them alternately. Trust me, this helps a lot in fighting key-loggers software. For instance, if your password is COMPUTER (hey, don’t even try to hack me with – just kidding), type TER, use the left directional arrow on your keyboard to move to the left and type PU, do same and type COM. That way, the key logger would log TERPUCOM. Though, this is in its simplest form. 

WOW! I have no doubt in me that for you to have come this far means that you enjoyed the invaluable tips provided in this article. The only price you have to pay for this is; TAKE ACTION. Find the necessary motivation to implement all you have learnt thus far and keep learning.