To ensure security for our Clients described below are several most common threats which may accompany the use of Internet Banking, along with the ways to protect against them:
1. Phishing - fraudulent process of acquiring personal information, such as passwords and credit card details, by masquerading as a trustworthy person or institution which purports to need such information urgently. It is a form of an attack based on a social engineering technique.
Kevin Mitnick, one of the best known computer hackers, in his book The Art of Deception wrote: "I broke people not passwords". He described how the use of various social engineering techniques allowed him to gain access to information systems without cracking complicated computer security. Below are a few methods to protect against attacks of that nature.
Trusted website forgery
".As part of introducing tighter security procedures our Bank is verifying the data of all its active clients. Please confirm your data by clicking on http://secure.dzbank.pl/. If you fail to do so within the next two weeks your online account access will be suspended ."
Information of that type may be received by email. Unaware of the threat you click on the provided link which takes you to the bank website .... but in fact this only looks like our Bank website whereas it has only been designed specifically to obtain your login and password. Entering confidential data on such a website amounts to granting access to your bank account to an unknown and unauthorized person. It is called phishing - or forging and gleaning information through specially designed websites pretending to be, for example, a bank website. Below are a few guidelines on how to protect yourself from becoming a victim of phishing.
Secure login
How to tell whether a site is a legitimate bank website?
Before logging into the DZ BANK Polska S.A. Internet system, make sure that the connection you are using is encrypted:
check if the website address in the browser's window looks like this:
Sites pretending to be trusted websites will have an address starting with http:// which means that the connection is not encrypted and, therefore, not secure. An address starting with https:// means that the website uses the SSL protocol providing a secure transmission channel.
check if there is a locked padlock icon on the screen.
The padlock indicates that the website is secured by a security certificate and the connection is encrypted. To verify correctness of the security certificate you just need to double click on the padlock icon. Certificate details will be displayed, which should look as follows:
You should carry out the following activities each time you log into DZ Internet!
Masquerading as bank employee
"Good morning, my name is Jerzy Nowak, I am calling from the bank's IT Department. Our electronic banking system is down and we are calling our Clients to notify them of that fact. We also need your password to the bank account to remove the fault and to verify system operation. We will let you know as soon as we remove the cause of the failure"
The caller will probably provide some more information to build our trust. Please remember never to provide your password by telephone even if the caller introduces himself as a bank employee.
3. Computer viruses
A computer virus is usually as simple computer program which multiplies purposefully without the user's consent. A computer virus, unlike the so-called computer bug needs for its operation a carrier in the form of a computer program, electronic mail, etc. Viruses use both weak security of computer systems and their specific attributes, as well as inexperience and carelessness of users. Viruses may cause many undesirable effects:
installation of "back door" in the system to allow remote acquisition of control over the system,
tracking confidential information, such as password,
spamming,
hacking or DDoS attacks,
hindering the operation of antivirus programs,
changing the browser's start page,
control over an infected system,
access to infected computer files.
Since the operation of Trojans relies on user's carelessness the basic method of defense is prevention. It consists of:
not receiving attachments from suspicious email messages,
not downloading unknown execution files *.exe, *.com, *.scr or scripts *.vbs and *.hta,
using an anti-virus software,
using a firewall,
regular updates of the operating system and internet browsers.
4. Electronic banking security in a nutshell
Presented below are a few basic principles which, if observed, will allow you to significantly limit the risk of becoming a computer crime victim.
Ensure security of your computer - use an antivirus program and personal firewall, and make sure they are updated.
Always verify whether the bank's internet address displayed in the browser's window is correct, in particular note if the webpage address starts with https:// which means that the transmission is effected via a secure encrypted channel.
Do not respond to email messages whose authors ask you to disclose or verify your personal data, passwords, PINs or account number or credit card number information.
Do not, under any circumstances, provide your password or PIN by telephone even if the caller identifies as a bank employee.
Do not send any personal or financial information by email, if you are to do so, make sure that the data are encrypted by an algorithm considered secure.
Do not use the same password which you use to log into the electronic banking system on other websites.
Do not start any programs downloaded from websites or an unknown sources.
Check regularly your account balance and transactions history.
Make sure you have correctly logged out after completing transactions on your bank account, using option "Log out".
