Symantec just released a report on how they've discovered how hackers can easily steal your bank user ID and password when you bank online. It's pretty ingenious, and because so many of us fail to protect ourselves against this type of attack, about half of us are at risk.
Here's how it works: The victim visits a Web page on the hacker's Web site (and it could be a Web site that the hacker has attacked, not just one he owns). Unbeknownst to the victim, the Web page contains JavaScript that changes the DNS (Domain Name Service) server setting for the victim's router, so that instead of requesting the IP address of the URL's typed into the browser from the ISP's DNS server (to go to the real Web site), the router requests the IP addresses from the hacker's DNS server. Unfortunately for the victim, the hacker has already set up his fake DNS server to point to his fake bank Web sites that look like the real McCoy. Next time the victim wants to do some online banking, he types in the URL or uses his bookmark, and the router sends the request for the IP address to the fake DNS, and the Web browser goes to the fake bank site. The unsuspecting victim types in his user ID and password, the fake Web site saves them both and now the hacker has all he needs to get into the real bank account and transfer the money elsewhere. Evil, huh?
You can prevent this from happening to your router by changing the default password, which according to reports, about half of us have failed to do. Yikes! If the hacker doesn't know the router's password, he can't change its DNS setting. If you haven't changed the password on your router, do it today before it's too late. The most common routers are D-Link, Linksys, and NETGEAR. If you have one of these, go to the manufacturer's Web site to find out how to change your router's password.
See the video explaining this all in more detail if what I've explained doesn't make much sense. You'll be glad you did.
SUBSCRIBE (RSS/Atom)
No comments:
Post a Comment