Spend it safely: Norton looks to threats in consumer transactions

While special offers and visitors from the region play a key role in fuelling the local economy as visitors flood the UAE’s shopping malls and tourist attractions, more and more people moving to perform financial transactions online see Trojans create a huge and lucrative target for would-be criminals to exploit.

Trojans by nature are nothing new and have been around for many years with detections back to 2003 however the direct cash cost due to cybercrime in the UAE amounting to AED 770.3 million in the last twelve months according to the Norton Cybercrime Report with each attack taking on average 16 days to resolve, there is a renewed need for local users to become more vigilant when banking and carrying out everyday tasks online.

“As with any holiday we can see consumers spending and travelling more across the region and abroad, and whether to book a flight to somewhere exotic or buy a gift for a relative users can now choose to do this from the comfort of their home computer or from their smartphone or their tablet – essentially broadcasting sensitive financial information that could easily be put into the wrong hands. Cybercriminals are first and foremost financially motivated thus we must look as how we are protecting ourselves when sharing these details online to prevent attacks through Trojans or otherwise”says Tamim Taufiq, Head of Consumer Sales MENA for Symantec.

How do they work?

For a Trojan horse to spread, these must be invited onto computers which is easy for Consumer to do; for example, by opening an email attachment or downloading and running a file from the Internet. Trojan horses contain malicious code that when triggered cause loss, or even theft, of data.

Traditionally Trojans typically just captured data traffic exchanged between the user and the online banking website. The captured information included the authentication information, which is collected and sent to the attacker by the Trojan for their use or to sell on to other parties for a profit.

More sophisticated banking Trojans employ a man-in-the-browser (MITB) method that is designed to overcome defenses, such as SSL encryption and multi-factor authentication. MITB is achieved by monitoring and intercepting user activities in the browser in real time and modifying the HTML content inside the context of the browser, either to display false information to the user or to manipulate details of transactions sent from the user to the bank.

In addition to being able to just steal information, Trojans offers a back door, allowing a remote attacker to essentially control the infected computer. Commands range from listing and terminating processes running on the computer, clearing browser cookies, executing arbitrary programs, to completely rebooting the computer.

What can we do? 

Be skeptical and be wary: Generally speaking, you should treat anything you see online with some degree of skepticism. Do not believe everything you read, be it financial advice, breaking news, or tips on free giveaways—especially if it involves clicking a link or installing an application. If someone asks you for money in advance, it might be a scam. People on the Internet are not always who they claim to be. 

Privacy Policies: Most banking services have specific privacy guidelines and rules that are published on their websites. Make sure you understand them, even though they may be tedious to read, as they likely explain if your information is shared with other parties. Good, strong passwords are the key to keeping safe, containing letters and numbers, as well as special characters if possible. 

Stay Updated: Some of the newer attacks are very sophisticated and are sometimes hard to spot for an untrained eye. Use comprehensive security software to protect against these threats and always ensure that the software you use is up-to-date. Not only does this include the operating system and web browser, but also third-party plug-ins, such as PDF viewers.