Online banking at risk from hackers

7 February 2012

Criminals have successfully outwitted online security devices given out by banks and are tricking customers into handing over personal details.

This means customers using calculator-style keypads to protect their bank accounts are potentially at risk from hackers gaining access to their accounts, a BBC investigation has found.

These devices, such as PINSentry from Barclays and SecureKey from HSBC, were created to protect customers against such attacks. They ask customers to insert a card or pin number and create a unique key for each login, which can't be used again.

Keep up to date with all the latest scams in our Scam Watch update

Man in the Browser

But now criminal hackers have found a way around these devices. The new bug is called a 'Man in the Browser' (MitB) attack by the technology industry and tricks banking customers by asking them to take part in training for a new 'upgraded security system'.

Once a customer agrees to this, the malicious software works by altering what is seen and allows a hacker to change the details of what is being entered, giving them the potential to raid someone's bank account. This malware lives in a web browser and is only activated when visiting certain sites.

Experts are advising customers to follow the advice provided by your bank and to use up-to-date security software.

"To prevent this happening customers should make sure they are in the correct company website and ignore pop-ups that ask for additional security," advises Lucy Davies, spokesperson for Experian.

Have you been a victim of online banking crime? Read our guide on how to get your money back

Add new comment