Ever wondered how personal information and banking data might be exposed online? While the two types of data may seem unrelated – in the sense that one is strictly related to e-banking and the other can cover full name, address, IDs, or anything else considered personal – they’re both usually submitted over the internet to various websites. The question is: how secure is this information being sent from the user to the website, and can it be intercepted and misused by threat actors?
We previously addressed how to keep your passwords private and what to look for when logging into various websites. E-banking information and personal information should follow the same security path, meaning that, whenever they’re submitted to online retailers or e-banking websites, they should be encrypted to prevent eavesdropping.
Otherwise, threat actors can use that data to log into your bank accounts or, worse, use your personal information for identity theft. The latter normally has broader implications, as threat actors can sign you up to online services, apply for loans and credit cards, obtain goods that the criminal might be denied if using his real name, or even impersonate you to obtain more personal information by interacting with government agencies or any other service provider.
The more personal information threat actors can collect about an individual, the more valuable it becomes.
One of the abilities of a new technology that’s part of Bitdefender 2019, called Network Threat Prevention, is to make sure that any banking data or personal information sent online is delivered securely. It makes sure the connection between the user and the website requesting the information is encrypted or secured, so criminals sharing the same network can’t eavesdrop on any of that information.
Banking data and personal information
In a broad sense, personal information relates to any data that can be used to identify an individual. This type of data usually involves name and surname, home address, personal email address, an identification card number, phone number, or even information relating to medical records.
Banking data usually revolves around credit card information, such as card number, expiry date, full name, social security numbers, and pretty much anything that attackers can use for financial fraud.
Both banking data and personal data is fraudulently collected via seemingly legitimate websites that impersonate online retailers or banking websites, or via online surveys and forms that promise exceptional prizes in exchange for some data. Depending on the sophistication of the scam or the phishing website, threat actors normally exploit a sense of urgency, or resort to enticing deals and offers with a short expiry date.
How Do You Lose Personal Information and Banking Data?
Personal information can be “retrieved” from users in several ways. Imagine receiving an email that seems to come from your bank, for example. These emails usually tell you to click on a link to reset your e-banking password or to update your personal information by following an embedded URL. Because most of these emails seem legitimate, users are tricked into opening fraudulent webpages containing forms that request personal data. More often than not, these forms and webpages have no encrypted connection between the user and the website — everything you send is unencrypted, a dead giveaway that you are not on a legitimate website. So, you could end up sending the information to a scammer and to any other hacker “listening” on your connection. This is pretty much the worst case scenario. On top of that, no bank will ever ask its clients to update their information by filling out a form. They usually inform users that they need to head in person to the nearest subsidiary to do that.
Another popular method for collecting personal information is through online questionnaires and surveys that may actually be legitimate. Those webpages, though, don’t often enforce encrypted communication between the user and the website, meaning that information is sent in plain text and prone to eavesdropping by attackers.
Even online shopping on websites that don’t enforce encrypted communication between clients and their website can put personal information at risk. For example, even if you don’t give credit card details for your purchases, submitting delivery details, full name, and phone number over an unencrypted communication channel monitored by an attacker could expose that information.
What Can Bad Guys Do With Your Private Information?
Depending on how much banking data or personal information they have from you, they can committ several types of fraud. The most common is bank fraud, where attackers gain access to your e-banking accounts and transfer funds to accounts they control. Stolen payment card details are also used in fraudulent activities ranging from purchasing goods to physically cloning the credit card and cleaning out bank accounts from ATMs.
If attackers have sufficient personal information from you, they can sometimes even apply for loans on your behalf. While the amounts may not be very large, some banks do offer loans based on online forms and even phone call confirmations. This form of identity theft usually requires a great deal of information collected from the victim, ranging from date of birth, family members, IDs, as well as any other information that might be requested by banks to validate “your” identity.
Private information and banking data is also considered valuable currency on the dark web, where it’s sometimes sold as a commodity either to the highest bidder or per individual. Considering that a great number of activities can now be performed online, the loss of personal information can lead to all-out impersonation and significant financial losses if it falls into the wrong hands.
Where Does Bitdefender Step In?
The new Network Threat Prevention technology introduced in Bitdefender 2019 is capable of identifying whenever personal information or banking data is broadcasted in an unencrypted manner to any website, and it notifies users before sending it. Banking information and personal information is vital, and should never be broadcast over unsecure channels, especially since it can be misused by cyber criminals.
Whenever you’re banking credentials are about to be sent unencrypted, besides the “Privacy threat blocked” notification, you’ll see additional information, such as “An attempt to send your private banking data unencrypted was about to occur on <URL>. We blocked the connection to stop your sensitive data from being exposed and used for illicit purposes”. The same goes for personal information; Bitdefender Network Threat prevention will let you know that a privacy threat has been blocked and that “An attempt to send your private data unencrypted was about to occur on <URL>”, followed by a block on access to that website.
While this is not the only capability of Bitdefender’s Network Threat Prevention technology, it is one of the major features that helps users keep their information private, secure, and away from prying eyes.
tags
November 14, 2024
September 06, 2024