ok, so bear with me on this thread - i'm a computer idiot - i know nothing...
i've finally decided that i should try and set up some internet banking. a friend of mine has this though, and has twice suffered from fraud (once to the tune of £500...).
we believe that there may be some key logging stuff on his computer, as its about the only logical place where the details of the bank could have been found out from.
how do i know whether i have any of this stuff on my laptop?
as a young male student i [i]may[/i] have accessed the odd naughty site, and i'm getting paranoid....
currently running avast on the laptop. it keeps popping up and suggesting i download the new version (it IS downloading the latest virus info etc, but not running the newest version of the software afaik). however, whenever i click on the message firefox crashes, and i can't download it (for some unknown reason).
any tips/checks i can run?
thanks 🙂 (will be back later today to check this thread)
A lot of sites seem to use drop downs instead of keyed fields, which presumably are more difficult for key loggers to track. Do a thorough scan for nasties, make sure you're fully patched with updates (OS) and maybe use a non-IE browser (Firefox etc). I'd have thought the responsibility for any losses incurred through internet banking services would lie with the banks anyway?
figured things like entering passwords etc would be the issue. afaik things are up to date, but in reality i'd have no idea 🙁
is chrome more safe than firefox? my IE doesn't seem to work anyway... not used it in years.
there are plenty of free desktop firewall software tools that can monitor and block outbound traffic (and this is how any malware will be able to send out secrets). You could install one of these and set it to block everything unless specifically permitted by you (in this state for the first days it will be constantly popping up asking if it can allow this and that), you can only allow what you understand is valid traffic but this may be difficult since a) you don't understand computers and b) some of the more advanced malware might be fairly smsart and only send stuff out when it sees your using a browser or something.
Your best bet is to get hold of a decent anti-malware product and do a scan....
[url] http://www.malwarebytes.org/mbam.php [/url]
or you could try windows defender which is not bad.
ok. so i clicked on the yellow shield things on the bottom right of my screen, and its now installing IE8, and at the same time 'checking your computer for malicious software'
i presume this is good... (and its taking a while!)
TBH - if there was any doubt, I'd format & re-install
One nasty one that a virus checker may miss is to overwrite your hosts file - if that contains a lot of banking URLs all pointing to the same IP address then DO NOT go to any banking site until you clear that out (as you'll actually go to a spoof site that will ask for your login info, possibly more than once claiming there was a problem, then pass you to the real site when they've harvested the info they need.
how do i clear that out porterclough (on FF)?
one bank i use has free anti key logging software you can download on their website i've always assumed this is so they can claim you were given the opportunity and if you've turned it down enables some attempt to push liability back to the customer
Most decent banks only ask for particular letters/numbers of your password so that a keylogger only gets part of it and also has to analyse the web page to figure out which part.
NatWest is good for this, it asks for 3 random characters from your password and three digits from your pin.
how do i clear that out porterclough (on FF)?
http://en.wikipedia.org/wiki/Hosts_file
Most decent banks only ask for particular letters/numbers of your password so that a keylogger only gets part of it and also has to analyse the web page to figure out which part.
A spoof site only has to ask for 2 digits of your 4 digit security code twice... two other bits of information as well and they're away. I can't understand why all banks aren't providing card readers, it can only be because paying out after fraud is cheaper for them.
I can't understand why all banks aren't providing card readers
NatWest also use card readers. PIN and password only get you into the account. Card Reader is required for any transfers.
any experience of HBOS and santander?
thanks fir the help guys, will try to sort through it tonight...
Both RBS and Barclays that we use online provide card readers. You cant login or move any cash without the card and PIN as well as banking login id.
When one of my account was compomised it was via telephone banking and they werent able to move money out of my account portfolio because they had only blagged their way through logon using maiden name etc and not the telephone banking pin (which you need if you wanted to pay out)
All seems more secure than using a card in a dodgy petrol station IMO.