When we use the internet most of us use some form of ‘protection’ against security threats and these can be free & simple or costly & very complex solutions. We can feel fairly certain that this protection keeps us safe…think again! Unfortunately there’s a new threat in town that is very difficult to detect even by the better security systems and its being referred to as ’The Man In The Browser”. This threat is directed at your “Financial” involvement on the internet like on-line banking, etc.
There is a new piece of software called Zeus that has been developed by hackers to replicate websites similar to your bank or financial institution. So when you think you’re logging into a website, (eg; your bank), you are actually talking to Zeus and then Zeus talks to your bank. This is a very clever way for the hackers to get you to reveal your username, password and other information.
One way of identifying this false website is that it will appear very slightly different to your normal bank’s website by asking you for extra information. Even the transaction you are performing appears normal but what is happening is something completely different. Zeus creates a different transaction behind the scenes and can move you money around to other criminal bank accounts. The Zeus software can be bought for as little as £800!
The reason Zeus is so difficult for you to protect yourself against it, is because it disguises itself as something your Security software recognises as ‘safe’. It also uses your browser software to whisk away your data and/or your funds. Hence the name ‘The man In The Browser’. Even the better Internet security software can take days or weeks to discover Zeus but this can be too late.
Zeus - The man in the Browser
What is being done, or what can you do?
Invest in highly acclaimed Internet Security software and keep it up to date. Read the reviews before you buy anything and each time you have to renew the software, normally annually, check each time to see if there’s anything better to supersede your current software.
The banks are constantly adjusting their websites to stop Zeus’ copying them. Zeus simple copies websites and adds extra fields to collect information about you. If you think that your normal login is asking for too much, or strange information, query it first with your bank BY PHONE. (Your email may have also be compromised).
Some banks use Chip & Pin security during login & Transactions. This is excellent protection as Zeus cannot interfere with this type of security. Some banks send security codes via text to your mobile for you to enter on your computer during the transaction. Banks also use Fraud Detection software to highlight any unusual activity on your account. They have a ‘trend’ record of your history and this can be used to identify any fraud related transactions. (But one of the latest additions to Zeus is to calculate how much can be removed from your account without raising suspicion! And another is that Zeus can send a link to your mobile and if you click on it it loads Zeus on your mobile!)
Some things you can watch out for;
- Are your transactions taking longer than usual? If so, it could be the ‘extra steps’ being performed behind the scenes.
- Are you being asked for more information than normal? Things like – Date of Birth, Whole passwords instead of the usual 2nd & 5th characters, etc.
If anything like this rouses your suspicion contact your bank direct by phone.
Don’t panic though, UK banks generally will refund any on-line transactions that are fraudulent as long as you have been as careful as possible.
Always be vigilant when you’re on-line!