How Infection Can Happen
- Criminals target victims by scams
- Victim unknowingly installs software by opening an email, clicking on a link or visiting an infected Internet site
- Criminals begin monitoring the accounts
- The next time the victim logs into their online banking, criminals collect login credentials
- Criminals then wait for the right time to strike – in one of two ways:
- Criminals log in after hours so you are not immediately alerted to suspicious activity.
- If you are utilizing a token, the criminals wait until you enter your code and then they hijack the session and send you a message such as “online banking is temporarily unavailable.”
Infection via Email
Some experts feel that email is the biggest security threat of all. Email is the fastest, most-effective method of spreading malicious code to the largest number of users. As a best practice, it is recommended that you do not click any links within the email, but instead directly open a new secure browsing window to access the online banking site. Attachments delivered through email can be particularly risky, so do not open or even preview any attachments from an unfamiliar source. If you receive an email from SDCCU, make sure it contains the safety card that displays the last four digits of your account number.
Common Types of Malware
- Rootkits are a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
- You may have heard of “rooting” in reference to the process of removing operating system restrictions on an Android device. This is not recommended, as it makes the device more vulnerable to malware threats.
- Scareware is a form of malware that misleads users into paying for the fake or simulated removal of malware and it has become a growing and serious security threat in desktop computing.
- Most Scareware scams include a Trojan horse component, which users are misled into installing.
- Common forms of Scareware:
- Browser plug-in (typically toolbar)
- Image, screensaver or ZIP file attached to an email
- Multimedia codec required to play a video clip
- Software shared on peer-to-peer networks
- A free online malware scanning service
- A Trojan horse is usually a non-self-replicating type of malware program containing malicious code that, when executed, carries out a predetermined function, typically causing loss or theft of data and possible system harm.
- When executed, a virus replicates by inserting copies of itself into other computer programs, data files or parts of the hard drive, thus corrupting or "infecting” the affected areas.
- While most antivirus software can detect and block this malware, criminals often rely on psychological manipulation to trick victims into installing it.
- A worm is malware designed to spread to other computers through the Internet or a shared network. It often relies on security failures on the target computer to infiltrate it.
- Keeping your antivirus software updated is the best defense to worms. Outdated antivirus software may allow your computer to become infected if you simply view an infected email. Use caution when opening unfamiliar or suspicious emails.