Attacks taking advantage of your habits
Nowadays the attacks that take place with the (unknown) help of users (so-called client side attack) are the most dangerous and widespread. For example you are sent an e‑mail to which a file with the extension .pdf, .doc, .jpg, .xlsx or another extension has been attached, which you are used to open and for the opening of which you have the required software.
As the contents of the e‑mail received seem to be believable (e.g., you are invited to a seminar and the agenda is supposed to be in the .pdf document), you open the attached file using the Adobe Acrobat Reader, you examine its contents, you close the file, and you forget it in a few minutes. But when the document was opened, the program launched a crafty code contained in it which installed a keystrokes logger and a hidden back-door in your machine through which the author of the attack takes control of your computer. Your antivirus software does not see any problem here as the software is unable to consider the method used for the attack as evil – this information reaches the antivirus software only in a few hours or in a worse case even in a few months.
Files containing evil code need not come by e‑mail only. Attacks through MSN, Facebook, and other muchused communication channels are also widespread. In such cases your friend (seemingly) sends you a file and recommends opening it, or suggests that you visit a certain website using your browser. When you open the file the same happens that was described above, and when you open the website, a security hole in your browser is used for the attack.
As a rule, you as the user are unable to know about a well performed attack before money starts to disappear from your credit card or bank account.
How to protect yourself?
- Before opening any file you received by e‑mail, please think whether its sender is credible and whether he or she has notified you in advance of sending this file.
- When you surf on the Internet, please think whether the page you are recommended to visit is reliable.
- If you find an apparently cool program, a screensaver or a new toolbar for your browser, please think whether you actually need it and whether it outweighs the possibility of losing the money in your bank account.
- If you have several computers at home, use only one of them for visiting your Internet Bank, making credit card payments and other such important things. With regard to that computer observe particularly carefully what you do with it – which websites you visit, which files you open, which software you install on it.
Your ID card, Mobile ID and PIN calculator
The ID card is relatively secure because even if the attacker monitors each of your keystrokes (and gets to know your PIN1 and PIN2), the attacker is still unable to get an access to your bank account because for authorisation a physical thing is needed – your ID card. But the attacker is unable to steal your ID card using the electronic channels.
The same applies to Mobile ID and PIN calculator but unlike in case of the ID card, the PIN calculator and the Mobile ID do not have to be connected to the computer.