Internet Explorer: The biggest threat in online banking is the phishing, the spying out of the login data and the transaction numbers (TAN) over fake websites, which look like the online portals of the real banks deceptively similar. The best protection, however, is the domain control.
Tip 1: Domain Control
First, close all other browser windows, and then type the web address of your bank, if possible. If the page is loaded, parts of the web address will be displayed, the domain itself will be visually highlighted. Check this entry. If this is suspicious because it points to a foreign server, close the page immediately.
Tip 2: Only encrypted connections
Internet Explorer: Online access to your bank must be encrypted so that your data can not be intercepted on the Internet. You can recognize an encrypted connection at the HTTPS protocol at the beginning of the web address and the small lock symbol at the end.
Tip 3: Safe surfing
In addition, Internet Explorer colors the browser bar green. In addition, the page accessed must have a valid security certificate. To retrieve it, in Internet Explorer, drag the mouse pointer over the lock icon so that Internet Explorer displays the details.
Tip 4: Use anti-phishing features
Make sure the security certificate identifies the same domain as the browser's address line. Only when these criteria are met, you should log in.
Firefox: Firefox users also benefit from comparable protection. Again, the domain is highlighted and encrypted connections are indicated by a green color in the browser line. If you click on the green area with the mouse, the Firefox will show details for the respective security certificate.
Lesetipp: The best Firefox extensions for YouTube videos
Both Firefox and Internet Explorer have built in rudimentary anti-phishing features. In Internet Explorer 9, the "SmartScreen Filter" function is activated and activated: Click on "Tools" and then point to "SmartScreen Filter"
Click "Enable SmartScreen Filter" if it is not already active. If you encounter a suspicious page that is not automatically blocked by Internet Explorer while browsing, click "Report Unsafe Web Site" to check the page for experts.
In Firefox, click on "Tools / Settings" and then on the "Security" tab. Make sure that the "Block web page when it is reported as an attack" and "Block web page when it was reported as an attempted fraud" check box is selected.
Phishing protection is now active. However, this does not provide 100% protection, as the browser functionality does not start with brand new phishing pages that have not yet been registered.
Firefox: One of the advantages of Firefox against Internet Explorer is the large number of add-ons that enhance the browser and extend the functionality. This is a blessing in daily surfing, but a curse in online banking, since you never know how trustworthy the add-on programs are.
Firefox offers an elegant way out. You can create a second profile for online banking only - without dubious add-ons. When Firefox starts, you will be prompted each time which profile you want to load.
Tip 5: Set up the online banking profile
To do this: First, close the Firefox browser window (s). Then click on the Windows icon and enter the command "firefox.exe -ProfileManager" in the "Search for programs / files" field. Then, click the entry at the top of the Start menu. The profile manager opens. Click "Create Profile", then click "Next."
In the following dialog box, enter a name for this profile, for example "Online Banking", and then click "Finish". The profile manager appears again, but this time with the entry of your new profile. Check this entry and click "Start Firefox."
Tip 6: iTAN or mTAN?
The selection between "Default" and "Online Banking" now appears every time Firefox starts. However, before you make the first referrals with your new online banking profile, you should definitely disable all elements that you do not absolutely need by using the "Extras" and "Add-ons"
This includes the plugins. In addition, you should protect the profile against phishing as described in the previous tips for Firefox. Only then is the profile banking-ready.
How secure your online referral is via the Internet also depends on the respective TAN procedure. The unsafe, traditional PIN / TAN process, where you can use any TAN of your printed list to authorize a transaction, is a discontinued model and is no longer offered by an increasing number of banks. Too many cases of fraud have shown the method as inappropriate.
Tip 7: Protect TAN Generators
Tip 8: Fake e-mails from the bank
Tip 9: Online banking at a foreign PC
Tip 10: Back up your PC
The successor, the so-called iTAN procedure (indexed transaction numbers), where you are asked for a specific, numbered TAN during an online transfer, is certainly better because an attacker would need this number. However, the fact that iTAN can not provide adequate protection has been proved by banking trojans such as ZeuS or SpyEye.
For this reason, most American credit institutions now rely on the so-called mTan method (mobile TAN), where you can get the necessary numbers and numbers as SMS for your mobile phone for each transaction. This procedure is much safer because you completely do not use printed TAN templates, and the code you just transferred is related to the current online referral and is only valid for a few minutes.
Check with your bank whether this mTAN supports. Also ask for possible SMS rates. Not all banks send the required short messages free of charge.
However, the procedure is not suitable for smartphone owners if they already use their devices for online banking at this bank. Due to the technical proximity to small computers, smartphones are vulnerable to spyware and viruses. For this reason, these users must either use the PC for online banking or, for the mTAN login, name a second mobile phone with a different number.
One of the safest methods is the transmission via TAN generator. These include, for example, so-called ChipTAN or sm @ rtTAN reading devices. They usually get or buy from your bank. In this reader you insert your bank card during online access. In the case of an online transfer, you will receive a code that you type into the small device. Then a TAN is calculated, which you confirm online.
In everyday life, this approach may be impractical, since you must enter the same information both online and on the device. In fact, you are not only protected against phishing, but also so-called "attack" attacks over the Web (man-in-the-middle attack).
In addition, Sparkassen and Postbank are increasingly using an optical ChipTAN method, in which you have to hold the reader on the screen in order to transmit a pattern shown on the bank side via an optical sensor. Savings banks call this "ChipTAN Comfort".
The only drawback, however, is that you can make transfers only if you have the card reader and your EC card.
The classic of all phishing e-mails is the supposed e-mail notification of your bank to server work, which requires a check on your login data and your TANs. It is often enough to fly over the text to expose the fraud attempt.
Errors in spelling and grammar, missing salutation and incorrect placement of company logos are clear signs of a phishing e-mail. But this is not always the case.
Lesetipp: How to detect phishing mails
In October, a phishing-mail in the name of the eBay-Bank PayPal prompted PayPal to request their own credit card data via HTML form. Perfide: The e-mail contained a correct salutation and also the correct address deposited at PayPal. This is where experienced users have come to a hint.
If a similar case happens to you, you should not rashly reply to the e-mail and not follow the prompts. Instead, go to the official website about the web address you are familiar with, and log in online. Banks and savings banks inform immediately about possible maintenance work or on-line faults on their sides.
If you do not find a text that is largely identical to the e-mail, it is phishing. Last but not least, the rule is that no bank would ever ask you to send passwords, PIN or TAN by e-mail.
One of the most important security tips at all: Never run online banking matters from public or foreign PCs. Even with notebook access to public WLAN hotspots, you should do without the fact that you can not rule out the fact that your data entry is cut or tapped.
A data wire could thus find out your PIN and your account numbers. This may be sufficient to change the configuration of account settings. In any case, this information provides a perfect foundation for spear-phishing attacks, ie attacks that are not aimed at a large and anonymous number of victims, but for specific people.
Lesetipp: The best antivirus programs 2017 in the comparison test
Such attacks often result because the messages are authentic because of the real information such as name and account number.
Once a Trojans have cleared, the safest online connection to the bank is of no avail. Then your input is nevertheless recorded and secretly transferred to a hacker server. For this reason, you should keep your anti-virus tool up to date and never disable the firewall in Windows 7.
No comments:
Post a Comment