Keeping Your Finances More Secure Online

10103998674?profile=RESIZE_400xOnline banking and online shopping are useful and convenient, but using them insecurely can put you at risk from hackers. Here are some suggestions to keep your money and cryptocurrency more secure against online threats.  In the 21st Century, we are all much more reliant on the internet and online services than ever before.  The Internet age has brought benefits, it is easy and convenient to buy from a website compared with having to visit a store and there are also additional risks that need to be considered.  The bad news is that while the rise of online shopping and banking has made life easier for us, it has also made conducting fraud much simpler and in the worst case scenario, a cyber actor could gain access to your personal finances simply by stealing your username and password.[1]

One of the most common methods cyber criminals use to steal usernames and passwords for bank accounts is phishing attacks, where they will send an email or an SMS message claiming to be from a bank or retailer.  The aim of the attack is to trick the victim into clicking on a phishing link, and one of the ways to drive victims towards this is by using fear or doubt.  The message could claim that a transaction or purchase has been made with a request to click the link to investigate further.

Sophisticated attackers will design a fake version of the bank's website. If the unlucky recipient of the fake message is tricked into entering their username and password, it is then in the hands of the attackers. Banks are not the only entities that can be impersonated in this way it can also be retailers, government agencies or any other organization that stores personal, private or financial data. The aim is to get access to your details by any means.

"Throughout the coronavirus pandemic, we've seen a range of topical scam campaigns from bogus missed delivery texts to offers of fake vaccine appointments. In addition to using these hooks, cyber criminals can take information from social media to target individuals with tailored, convincing-looking scams," says Sarah Lyons, deputy director for economy and society at the UK's National Cyber Security Centre (NCSC).

Beyond this threat, there are the hackers who aim to infect victims' devices with banking trojan malware, which monitors the user's computer or smartphone for activity to do with financial transactions and sends all the relevant information back to the attackers. Attackers will often trick victims into downloading malware, once again with either phishing links or fake and infected versions of popular software, and even malicious apps hidden in popular mobile app stores. 

To avoid falling victim to cyberattacks that are targeting financial information, cyber experts recommend maintaining good cyber hygiene across online accounts in order to keep them as secure as possible.    This approach includes using a strong, separate password for each online account and turning on multi-factor authentication, both will make it much more difficult for attackers to breach accounts.  Users should also take care with what they click on and limit the personal information they post on public social media accounts, as that information could be exploited to help identify accounts they have or conduct social-engineering attacks. 

"We can reduce the likelihood of being targeted with convincing phishing emails by taking extra care when using social media.  Minimizing the amount of our personal information shared on social media and enabling privacy settings keeps us secure," says Lyons.   Banks and other services will often send alerts about suspicious activity on accounts paying attention to these alerts can help keep accounts secure, but users should also be wary as cyber criminals build their own versions of these alerts to trick people into providing information.  If you have suspicions about alerts like this, it is a good idea to contact the bank directly by using the contact details on their official website to report them.

If you are a victim to a phishing email, you should change your passwords immediately, as well as changing the passwords on any accounts that might use the same password. If you have lost money as a result of cybercrime, you should report the loss to your bank and also to the local police. 

As for malicious apps, these can use clever tricks to bypass the security screening designed to keep them out of app stores, often posing as commonly used or high-profile applications. They can remain in app stores for months at a time before being uncovered and removed, although not before being downloaded, in some cases by hundreds of thousands of victims.  Users should be wary when downloading apps. Checking reviews can give an indication if something is wrong. Often, people who've lost out to cyber criminals after downloading the app will mention that this has been the case, while reviews could also suggest that the application is fake if it does not work as advertised.  While these basic security recommendations can apply to many online services, a new area of interest for criminals is cryptocurrency.

The rise of cryptocurrency, especially high-value cryptocurrencies like Bitcoin, means that cyber criminals are increasingly focusing their attention on this new area.   Cryptocurrency is harder to trace than traditional finances and the decentralized nature of the ecosystem means that if your cryptocurrency is stolen, it is unlikely to be returned in the way 'traditional' finances can be returned by your bank in the event of your falling victim to fraud.  That reality means storing cryptocurrency securely is vital, especially as the growth in popularity means it is becoming an increasingly popular target for cyber criminals.  It has been reported that $7.7 billion worth of cryptocurrency was stolen in 2021 alone.

As cryptocurrency is reported in the news more and more people become investors, it becomes more valuable, the attackers want to steal it.  Much of the advice for keeping your online bank accounts secure also applies to cryptocurrency.  You should use strong passwords, use multi-factor authentication and be wary of phishing emails and other scams. There are additional measures that need to be considered too.

Many users will opt to keep their cryptocurrency in a crypto exchange, allowing them to easily buy, sell and trade different cryptocurrencies. The rise of cryptocurrency means that many different exchanges have emerged. While relying on a professional service to help store and secure your cryptocurrency might seem like the best option at first, there are also potential risks.   In the same way criminals will target banks and retailers to steal money and credit card information, crypto exchanges are a high-profile target for cyber criminals who want a big pay day and there have been instances of hackers walking away with hundreds of millions of dollars of cryptocurrency in successful attacks targeting the exchanges themselves. 

Much like banking and retail, it is almost impossible that any organization can guarantee assets are 100% secure, but there is a greater chance that an established exchange will have better protocols in place than a newcomer with little background information online.  Take it from Willie Sutton, the famous bank robber who stole an estimated $2 million in his 40 year career, “I rob banks because that’s where the money is”

Cryptocurrency users should also be mindful that one of the best ways to ensure cryptocurrency is securely stored is if they have put the appropriate protections in place themselves. An exchange may claim to have special security features to keep users secure, but if the user is not able to examine or operate these features themselves, then it might be worth considering a different option.   Having a good, old-fashioned deadbolt lock that you know how to use on your house is more effective than a $100,000 security system that you do not know how to use.

At the very least, cryptocurrency users who want to store their assets in a crypto exchange should look for one that allows multi-factor authentication and they should also apply multi-factor authentication to the email address tied to the account as an additional barrier.   For those who feel that storing their cryptocurrency in an exchange that could be targeted by attackers is too much of a risk, there's the option of storing cryptocurrency on their own devices. 

It could be tempting to keep complex crypto-authentication keys in a document in order that they can be easily accessed, copied and pasted when the need arises. However, this carries risks because if your username and password for your cloud documents are compromised, the key is waiting for the cyber actor who has accessed your account. 

Even if the document is stored offline, there is the chance it could be accessed if an attacker manages to infect your PC with malware. In this case, using traditional methods could be the best way to keep assets safe such as writing the key down and storing it safely in your home.

What is important here is ensuring that your device is as secure against attacks as possible.   Multi-factor authentication should be applied to accounts, passwords should be complex enough to not be breached in brute-force attacks and the same password should not be shared among different accounts, because if attackers can steal it from one service, they could attempt to use the same password against other accounts linked to your email address.

If you buy cryptocurrency, it needs to be stored in a crypto wallet and there are two key forms of wallet.  Users can choose to use one or both of them to store their cryptocurrency.  Both have advantages and disadvantages. 

  • A hot wallet is a cryptocurrency wallet that's always connected to the internet, and linked to public and private keys, which an individual can use to easily and conveniently send and receive cryptocurrency. However, the always-on connection to the internet could potentially leave these wallets vulnerable to being hacked.
  • Cold storage is when cryptocurrency is kept offline, with hardware, physical keys and PINs or passwords used to keep the crypto secure. These hardware wallets are designed to prevent hacking and are only accessible when plugged into your computer.

This second form of wallet is the more secure way to store cryptocurrency, although it is much less convenient, requiring the user to store a separate physical device.    

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization who has long collected and analyzed cyber indicators.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

[1] https://www.zdnet.com/article/how-to-keep-your-bank-details-and-finances-more-secure-online/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!