Online banking scam alert
The e-mail contains details on a new type of phishing used by hackers who go after digital certificates by implanting malware on Internet banking users’ computers.
The institute said its action was aimed at avoiding a mass security breach in which hackers could clear out people bank accounts.
It asked people to report to police when they discover any suspicious Web sites.
The institute, which manages interbank payment systems, sent the e-mail as a precautionary measure Sunday after it found that digital certificates of 700 customers had been stolen by hackers. Out of the 700, 461 had to be cancelled to protect the customers. The remaining 239 digital certificates had expired.
“The institute has received no reports of losses because of the leaked information,” said an official at the institute. “But this e-mail is a kind of a shock therapy for Internet banking users to prevent people from falling victims of hacking.”
Digital certificates issued by the nation’s major banks - Shinhan, Kookmin, Woori, Hana, Korea Exchange Bank, Standard Chartered, Citi and Nonghyup - were stolen.
Officials at the Financial Supervisory Service said the hackers’ methods of stealing digital certificates have become more sophisticated.
They said the newest method is different from the traditional phishing, which tried to steal numbers on a safety card a customer receives from banks for online banking.
A safety card is a piece of plastic the size of a business card with a series of numbers. To do a banking transaction, a customer is prompted to input one of the numbers on the card as a safety measure.
In the past, the hackers’ top priority was finding out the numbers on the safety cards. They used false Web sites to get customers to fill in that information. Once they had the safety card numbers, they could get reissuances of the digital certificates belonging to an Internet banking user, the final step in an online transaction. With safety card numbers and digital certificates, hackers can transfer money from a person’s account into their own.
FSS officials said hackers used to work late at night because banks send text messages to customers when their digital certificates are reissued. Hacker’s did their work when most customers were asleep.
Now the hackers have malware that can steal digital certificates saved on Internet banking users’ computers. They don’t need the safety card numbers anymore: They have a database of them.
The malware infects a customer’s computer through an attachment in an e-mail or from sites on which you illegally download movies, the FSS said.
“In this case, an Internet banking user will find out his money has evaporated only when he checks the balance of the account,” said Kim Yoon-jin, an official at the FSS’s IT supervision division.
“To prevent data leaks of critical personal information, Internet users should regularly run an antivirus program and refrain from visiting certain Web sites, such as those where they can download movies as these sites are particularly vulnerable to hacking.”
By Kim Mi-ju [firstname.lastname@example.org]