Kaspersky Lab's new secure payment technology is designed to protect online banking and other important financial information

Computer Store News

Today, more and more people are starting to pay bills or make purchases through online stores and online banking systems. According to a survey conducted by Harris Interactive, 57% of surveyed users manage their bank accounts remotely for online shopping. Another 31% of users store bank data on their computer's hard drive. The electronic payment industry has a market value of billions of dollars, so online banking information has become the most targeted target of cybercriminals. The main goal of scammers is to take advantage of the user's online banking data to control their bank accounts. If the attack is successful, cybercriminals can freely control the victim's money and conduct various financial transactions. Usually, cybercriminals use various means to obtain the user's login name and password, and sometimes need to obtain a one-time verification code to confirm the online transaction. Using this information, scammers can easily transfer money from the victim's account and monetize it. At present, cybercriminals have mastered a variety of means of stealing online banking data, including some technical means, such as the use of Trojans and social engineering skills. How exactly does the user's money disappear? The easiest way to collect user financial information is to send a large amount of spam to users in the name of the bank's governing body. Internet scammers make up various excuses in these emails to allow users to provide personal data. More commonly, users are allowed to access the so-called “official website” to solve certain problems. According to Harris Interactive, 23% of users worldwide have received such emails. For example, a cybercriminal can create a duplicate version of a regular banking website and then place the copied website on the Internet using a domain name similar to the official domain name of the website. When the user clicks on this link, they usually think that they have entered the real bank website and input their own data, which is directly transmitted to the attacker. Another variant may redirect a user to a third-party resource that contains a malicious program. Information stolen from the infected system can also be obtained from a fake "official website" or intercepted and transmitted to the browser. information. Direct interception using a keylogger is also common to cybercriminals. A typical example is Trojan-Banker.MSIL.MultiPhishing.gen, which was detected by Kaspersky Lab experts in January 2012. The program is designed to steal account information from several major European bank users. After invading the infected computer, the Trojan does not reveal the true body until the user logs in to the online banking, and uses a window that mimics the online banking page to induce the user to input information. If the user enters information without suspicion, the information is immediately sent to the owner of the Trojan. Trojan-Banker.MSIL.MultiPhishing.gen has been found in countries all over the world, and the most infected people are British users. Among the technical tools available to cybercriminals, the most worth mentioning is a keylogger and screen capture program for stealing user account information. There is also a browser Trojan management program, which is currently a popular program for cybercriminals. Some malicious programs can also replace the bank's official web page with a fraudulent page (via DNS manipulation) in the user's actual operation, or add their own content and tamper with the page when the browser downloads the real page. This type of fraud was once used by the notorious Zeus Trojan (which steals all kinds of personal information), which used to infect 3.5 million computers in the United States alone. Another famous Trojan is Trojan-Spy.Win32.Carberp, which uses software vulnerabilities to invade the system and steal money from individual users and corporate users' bank accounts. In the early months of 2012, Kaspersky Lab detected more than 15,000 new Trojans dedicated to stealing bank accounts. They have a worldwide footprint and the most active countries include Russia, Brazil and China. Although 15,000 is not a huge number compared to the total number of cyber threats, it is worth noting that as long as you are infected once, your bank account may be cleared! In order to protect the safety of customers, banks have taken Effective measures. For example, for two-factor authentication, the user needs to use two passwords: the first to log in to the account and the second to confirm the transaction or payment. It is also possible to combine a one-time password system. When the user makes every payment or transaction, the bank will send a one-time password to the user's mobile phone to complete the transaction payment process. Alternatively, the user obtains an electronic password hardware device from the bank and generates the corresponding password when needed. Finally, for remote operations, the bank also provides services that use secure SSL connections, which reduces the risk of data being stolen during transmission. But no matter what, secure connections or two-factor authentication are not the best way to deal with data theft. Zeus-in-the-Mobile, a mobile version of the Zeus Trojan, is able to intercept short messages containing one-time passwords and send them to scammers. Therefore, it is not wise to rely solely on banks. Installing professional security software would be a better move, which would strengthen the protection provided by the bank itself. In order to ensure the user's bank information and the security of the entire computer system, a reliable anti-virus solution is essential. Kaspersky Lab has just released a personal security solution —— Kaspersky Security Force 2013, It protects users' computers from malware and cyber attacks, while blocking malware from traditional or advanced technologies. When a user surfs the Internet, a web anti-virus program is needed to protect the user. Use a secure keyboard against a keylogger that attempts to intercept data through a physical keyboard. Kaspersky Lab's new secure payment technology is designed to protect online banking and other important financial information, including the following advantages: Users can modify the address database of trusted banks and electronic payment systems; authentication server information; scanning impact Online banking security computer vulnerabilities; browser protection mode can create a special isolation environment for bank websites, payment systems or shopping websites; secure keyboard input function combined with special drivers and mouse-driven virtual keyboard to ensure the security of the data you enter. By combining these features, traditional anti-virus technology and Kaspersky Lab's cloud security system ensure that Kaspersky Security Forces 2013 provides users with a secure network environment and enjoys the convenience of online payment.