How Attack Starts:
Online Banking frauds rely on a sophisticated scheme but starts with a mundane activity: an employee checking his/her e-mail. The employee unwittingly clicks on a link or attachment that contains malware, such as a keylogging virus.
Next: Modus Operandi
The hacker then hacks into online Banking account with stolen login credentials. The hackers usually hack into systems using IP Spoofing so that Bank doesn't recognize them. The money stolen from the hacked accounts are transferred to Bank account of 'money mules'.
People become 'money mules' by answering vaguely worded classified ads offering opportunity to work flexible hours from home as, say, a bookkeeper or funds-transfer agent. They are instructed to open a bank account to handle transactions for the supposed employer, into which the stolen money is deposited, and then to wire it to an overseas account from a commercial wire service such as Western Union.
The hackers generally keep transactions under some amount because a withdrawal of that amount or higher requires the bank to file a currency transaction report to RBI.
- If you don't know what it is, no matter what it is, never click on it. Never, never, never. If there's something you come across that looks like something you would be interested in, such as- 'Invest in XYZ fund and get 30% return or your money will double in three years!' As a thumb rule don't click it and make it your habit.
- Company should disable e-mail access from its Banking computer, create clear policies for handling unsolicited e-mails, and consider requiring multiple officers using different computers to approve bank transaction.