Introduction
This report is based on the current crimes on the internet that are connected to online banking and how the crimes can be tackled, reduced and/or removed. There are many different types of crimes that have been committed by people around the world that involves accessing customer's bank accounts online. This can be done by Phishing, Pharming, Trojan Horses and other different malware; these will be written about in this report and how the IT managers at the bank can go about improving and help make the customers experience online a secured one.
Online banking is a major step for all customers as it is popular for customers to just go onto their computers at home or work and log onto the online banking site, the customers will then be able to transfer money from one account to another and pay bills with a click of a button. As more technology for online banking is increasing and the security seems to be getting tighter there are still possibilities that the accounts that you are going on can get hacked. There are always chances to reduce the risk of fraud but there is no opportunity of getting rid of fraud indefinitely. As Apacs published a page on the BBC site that “Online banking Fraud jumped to £52.5m last year, up from £22.6m in 2007” (BBC, 2009). Fraud is becoming a more popular crime when it comes to the Internet as if the customers do not have the correct and updated security software they will always be vulnerable to these attacks. In 2008 “Total Fraud losses on UK debit and credit cards rose by 14% to £609m”, (BBC, 2009).
Main Content
As stated in the introduction there are different ways to how fraudulent users can get hold of customer's private and personal information and they consist of Phishing, Pharming and Keyloggers and there are many more ways on how they can access your data. Some methods that fraudulent users use include “malware scams where the customers' computers get infected with a Trojan virus and personal information like account details and passwords are extracted from their keystrokes (SkyNews, 2009) and get exposed and used by the attacker person. Banks should state in their terms and conditions for users online to have up-to-date anti-virus software application as this will help them tackle any sort of virus that may be trying to get access to their system.
There are certain procedures that the banks can tell their customers by stating not only in the terms of conditions that they agree to when they join but the employee can advise to the customers to have anti-virus software on their computer and also can give them a leaflet with the do's and don't about logging online. The following part of this report will indicate how the bank should go about internet security and how the employees can suggest to the customers on how not to be a victim of fraud.
Previous Crimes
There have been many online banking crimes committed and a few of them will be discussed below and the output and the amount of money that has been taken by the attacker. However some banks have been able to recover some of the funds.
Trojan Scam Netted Up To $37m
In 2007 a man from Brazil who is now claimed to be the most cybercrime criminal ever had been the centre of attention after scamming online bankers of about $37m (£30m). This attacker has sent over 3 million emails to victims everyday who were claimed to be Brazilian. Once the user had clicked on the link on the email this had activated Trojan horses called Troj/Banker-AR and Troj/Banker-K. The customers that used online banking have been targeted by these Trojan horses that were specificity implemented for them. Majority of the attacker's ploy was through keystroke logging where the data entered by the user into the computer was logged and from that the attacker had worked out the letters and numbers typed by the user and used them into the online banking site. “They moved between 50 and 100 million reais ($18m and $37m) over the last two years… [and] sent over three million emails with Trojan horses per day” (Leyden, 2005). Therefore for the attackers to steal the money the phishing devices had created these Trojan horses.
Trojan Programmed To Run Off With Your Money
In Germany online fraudsters that enables Trojan horses to run off with online bankers money and whilst that is happening it is also displaying a fake balance that you don't even realise. Back in August 2009 around 90,000 computers that had visited websites that contained malware 6,400 were infected. The computers that were infected with this malware had money stolen from their bank accounts without any notice. If the user clicked on a link that took them to another site this could have triggered the malware. LuckySpoilt created the malware which “exploits a security hole in the browser, affecting major browsers, and installs the Trojan onto the computer” (Mills, 2009) once the browser hits an online banking website that the Trojan has been programmed for it will trigger the Trojan. Once the Trojan is enabled on that online banking website it will look at the balance that is available and calculates how much money to steal. The Trojan has been programmed with a minimum and a maximum range that below the amount available to steal and then it will take the calculated amount leaving a certain percentage in the account. User will not know that they have been hit with this scam as they will see a fake balance that the Trojan has configured. In the background the Trojan will connect to the bank and sends requests and receive replies that the browser doesn't display. Furthermore the “Trojan hides the theft by erasing it from the report of account activity displayed to the computer user” (Mills, 2009). Data like the victims bank details that are stored in the credentials will be stored in the log along with other websites that the user has been on and screenshots of certain websites that user has been on.
Malware
With Malware there are various different types of threats that can affect the user's computer and the information on it. There are many definitions for malware but a definition from Skoudis and Zeltser seems appropriate:
“Malware is a set of instructions that run on your computer and make yours system do something that an attacker wants it to do.” (Skoudis & Zeltser, 2004)
Computers are always at risks with being infected with viruses, Trojans, worms, rootkits and malware. These are constantly growing and are becoming difficult to detect and remove. In this part of the report the different types of threats will be outlined. If the customer goes onto a phoney website and installs an add-on this will install malicious code and therefore this will be doing the attackers job for them. As Skoudis and Zeltser say “your very own computer systems act as the attacker's minions, doing the attacker's bidding”. (Skoudis & Zeltser, 2004). The malware will delete sensitive configuration files from the hard drive therefore not being able to execute any applications. The attacker will have vision of everything that is typed into the computer therefore monitoring your keystrokes. The attacker will be able to steal files from the customer's computer such as personal and sensitive data. With all of this information that the attacker has taken from the customer's computer there will always be a risk of the customer getting in the frame for crime as all the evidence of the computer use will be located to the customer and therefore the attacker getting away with the crime.
Viruses
A Virus is a program that can copy itself and pass on malicious code to other programs that are non-malicious by modifying them. Viruses have a range from small minor harmless messages to erasing the data on your computer and they can spread swiftly. As previously stated for a virus to come about it would require the customer to interact with a pop up, link or an add-on. A user can play their part by opening the infected file. For example if the user receives a email and opens the attachment and if that file is infected the user has done their job and that will allow the virus to spread infected all of the files stored on the computer and the attacker will have vision to all of the users personal information. With any files that are downloaded through the internet there will always be a risk of opening a virus, many people download music, videos and documents from different websites and never think about which of these files may contain a virus. Therefore it is crucial that each customer has anti-virus software on their computers.
Trojan Horses
A Trojan horse is where they disguise themselves in certain software that is available to download of the internet, as stated in the above section these can be incorporated into music files, video files and any files that are available to download from the internet and the user will not realise that they have downloaded a Trojan horse and therefore allow their computer to be infected. A definition of a Trojan horse used by Skoudis and Zeltser is:
“Trojan horse is a program that appears to have some useful or benign purpose, but really masks some hidden malicious functionality” (Skoudis & Zeltser, 2004)
Trojan horses act like normal programs that are ran on a computer, therefore the user will not detect that there is a Trojan horse on their computer. Trojan horses are separated into two parts, one being the client and the other being the server. As mentioned above the Trojan horse camouflages itself within another program from an unauthorised download website and this is the client. Once the file has been executed on the computer the attacker who is running the server will have access and high-level control of your computer, this can lead to data loss and personal and confidential data in the hands of the attacker.
There are many different types of Trojan horses all that are different from each other in their own way and can be effective individually or a combination of them. Some of the different types of Trojan horses will be described in the following:
Password Sending Trojans - this is where the Trojan horse will collect all of the cached passwords that are saved onto your computer and will look for more passwords that are available on your computer. This will then send all of the passwords to a specific email address to the attacker and will put all of the websites that require access login under risk.
Key Loggers - key loggers is where the attacker will get a log to keep note of the keystrokes that the customer will make and will receive the log to an email address of the attacker. This will allow the attacker to search for certain personal information that is typed such as passwords and account details. More of Keyloggers will be written about in the next section.
Destructive Trojans - Destructive Trojan is used for one thing and that is to destroy and delete files from the user's computer. This type of Trojan can be controlled by the attacker or programmed and will “delete all the core system files of the computer” (Trojan Horse Virus).
There are other types of Trojan horses such as Remote Access Trojans, FTP Trojans, Denial of Service (DoS) Attack Trojans, Software Detection Killers and Proxy/Wingate Trojan. Customers and users should be advised not to open emails, attachments or any other files that they have received from unknown senders.
Keyloggers
As previously mentioned about Keyloggers, there is a malicious program called keystroke loggers and this will keep note of all of the keys that have been typed. The program will help the attacker gain access to what the user/customer has typed in a website, email or even a document. From this the attacker will look for any certain patterns that they may find such as passwords or personal information. With this information they may be able log on to the websites that the user has gone on to with the password and usernames. This way they can get access to confidential information and information that you wouldn't share. The keystroke logger can be implemented into another program and can maintain data when a particular program is ran such as a banking application or it can be used independently.
Rootkits
There are two types of rootkits and there will be a brief outline of what each one is. The first one is User-Mode Rootkits. User-Mode Rootkits is a very powerful source and can be an advantage to the attacker to gain access to the customer's computer. The User-Mode Rootkits are harder to locate on the computer as they hide on the system. The definition that Skoudis and Zeltser state is:
“Rootkits are Trojan horse backdoor tools that modify existing operating system software so that an attacker can keep access to and hide on a machine” (Skoudis & Zeltser, 2004)
User-Mode Rootkits are just like Trojan horses as they both hide within a program and will replace the file with malicious code. This will offer the attacker a backdoor entrance to your files. Therefore the User-Mode rootkits will allow the attacker to gain access into the system with a backdoor password.
The second rootkits is Kernel-Mode Rootkits. Kernel-Mode Rootkits are where the outcomes are much worse compared to User-Mode Rootkits. The Kernel-Mode Rootkits will target the kernel on the operating system. The kernel controls certain important elements of the machine. This will demoralize the victim's machine completely and efficiently then the User-Mode Rootkits could do. The two Rootkits are similar to each other as “User-mode Rootkits replace binary executable or libraries, whereas kernel-level Rootkits manipulate the kernel itself”. (Skoudis & Zeltser, 2004)
Worms
Unlike computer viruses, a worm is where a software programs gets created to copy the worm from one computer to another without any help from a user. A worm can copy itself automatically and spread. Worms can send out copies to every contact in your address book and then will send copies of itself to contacts in their address book and so on.
Malware has a massive risk and affect on customers using the online banking. IT management at the banks must advise to the customers through either leaflets or any sort of communications to help them improve their knowledge and their system security when they go online. Details of what they could be advised will be in the latter part of the report. Anti-virus software can be given to the customers or sold at a reduced price so they can be secure when going online. Extra information such as this can help a long way with both the bank and the customer as if the customer becomes a victim of identity theft or fraud the bank may have to pay the money back to the customer therefore giving out anti-virus software will prevent from this happening.
Authentication
There are many different ways of keeping your account secure such as the username and password. Certain banks have the opportunity to have a password/memorable word and a 4 or 5 digit personal identification number (pin), having more than 1 security access to the online bank account will be a much stronger secured account and will take some effort from the fraudulent user to access. However the most common security feature to logging into the system and server of the bank is the password. Passwords are targeted the most by hackers and by fraudsters. Banks should state what a strong password must contain as most customers may use friends or relatives names or even locations where they have been born or live in and common phrases as their passwords. Passwords containing the above are the easiest to break down as if the fraudulent person knew the customer they would be able to guess the password. Not only should the terms and conditions that the banks have for customers to sign up on must indicate what a password should involve their system must only allow users to have a password of a certain string, such as between 6-15 characters which should include letters or numbers. As “adding special symbols or numbers can add further complexity” (Information for Online Banking Users, 2007). Longer passwords and those that that have a variety of different characters in are harder to break and it would take the fraudulent person quite sometime to break into the password right away, if they were adamant to break the password then they would need to spend more time on breaking it.
To make life difficult for the fraudulent users, the IT manager should advise that there should be a limit on the number of attempts that users have on entering their password. This will reduce the number of hackers trying to access an account that is not theirs. So if the fraudulent user entered the password incorrect a numerous of times the account of the customer would be blocked and would require contacting the bank and the administrator to unblock the account. The administrators at the bank should therefore re-generate a new password and a new pin so that the customer can access their account and then will be promoted to change their password and pin once they have logged in.
Encryption
Many online banks if not all banks have secured sessions established by a protocol called Secure Sockets Layer encryption which is also known as SSL. SSL is where the user's browser will establish with the server a secure session. The protocol used will require the exchange of both public (asymmetric) and private (symmetric) keys.
Symmetric encryption is where the decryption key and the encryption key are symmetrical; however Asymmetric encryption is if they are different from each and come as a pair. The numbers are randomly chosen for each individual session but will only get acknowledged among both the browser and the server at the bank. The numbers will encrypt the messages by the browser when the keys get exchanged when they are sent between the two sides. However the keys are required by both sides so the messages that they receive can be decrypted. This will then enable the SSL protocol to provide assurance of the privacy and also it will make sure the financial institutions websites cannot pretend to be another website or change the data that has been sent. (Privacy, 2005). The banks will have to ensure that each user has the latest version of their browser as the servers will need to connect to a 128-bit SSL encryption by the browser. However, anything below a 128-bit SSL encryption the user will not be able to connect to the banks server. The online banks should inform the customers to confirm that the internet address they are visiting shows “https://” instead of just “http://”. (Information for Online Banking Users, 2007)
PKI
PKI stands for Public key infrastructure is “the entre set of hardware, software, and cryptosystems necessary to implement public key encryption”, (Whitman & Mattord, 2004). PKI offers users a set of services that relate to identification and access controls. The services that the Public key infrastructure offers are:
(Whitman & Mattord, 2004)
Authentication, Integrity, Confidentiality, Authorization and Nonrepudiation are all used to help to protect organisations information assets. This is where PKI enhanced with the use of cryptographic tools as it makes it more manageable.
Certificate
Customers that are accessing the online banking site must check that the website that they are on is the banks website and that it's not a fake website that a fraudulent user has created. This is where a certificate is involved and where the customer can check any website they go on to sees if the website is legit and that it has not been modified with. The certificate must “contain the unique name of the ‘holder', his or her public key, the period of validity and a digital signature”, (Schafer, 2003). The banks must re-iterate that the customers must check the certificates when accessing the website in order to be safe and not be a victim of fraud.
Customers can set their computers and their browsers to check if the certificates are valid. This is called Certificate Authority (CA). “Certificate Authority is an authority in a network that will issue and manages security credentials and public keys for message encryption”. (Certificate Authority, 2007) As part of the PKI the registration authority gets checked by the certificate authority to verify the information. This information is provided by the client of the digital certificate, however once the registration authority confirms the clients information a certificate is then issued by the certificate authority and also this is depending on PKI implementation,” the certificate will include the owner's public key, the expiration date of the certificate, the owner's name, and other information about the public key owner” (Certificate Authority, 2007)
Phishing
Another major threat is Phishing, which is a high-tech scam, email or pop-up message that you receive. Information such as your bank account information, passwords, social security number and other confidential information are asked for by the phishers. They will try and deceive you into giving this information. The main reason for Phishing attacks is to acquire personal information from an individual. Hackers have imitated legal companies with email messages to induce people to share their private information such as passwords and credit/debit card numbers, for example websites such as eBay, Amazon and Bank of America etc have been the centre of these threats as people have created identical webpage's with a link to re-log in to access your webpage, this is then linked to hackers where they can access all you information that you have entered. (Identity Theft Info, 2005).
Phishing scams will always be around and according to a survey taken by ZDNet UK a low 4.75 out of 10 of occurrence in 2009 which shows that phishing scams are still out there, they may not happen everyday but they do happen. (Newman, 2009). Back in 2004 “five men were arrested on the suspicion of stealing around €30,000 through phishing fraud and Trojan horse attacks”. (Ilet, 2004) They were caught trying to steal the customers of Postbank in Germany login information and passwords. However on the ZDNet UK website “Russian antivirus company Kaspersky Labs recently said that 90% of malware is created and sent by criminals looking to steal money” (Ilet, 2004), this shows that banks must advise customers to get anti-virus software on their computers and also the bank must ensure that their website is fully secure and reduces the chances of getting hacked into.
Spam
Spam is similar to Phishing and “is the electronic equivalent of junk mail” (Tyson) and can be dangerous at times. Emails get sent to your computer but don't get placed in the inbox it gets placed in Junk. However the junk mail like Phishing may contain emails from someone claiming to be from a bank getting the customer to confirm, update, and verify their account details by visiting a certain link. This is a link to a fake website where your data will be captured. Some of the emails may contain a link that will allow cookies therefore allowing the hacker to gain information. Banks should state to the customers to confirm to the bank by either going on to the real website and emailing an employee there or by contacting the bank to confirm weather they have sent the email or not. However banks would not email customers to confirm their personal and account details. The amount of scams that there are that involve banks are huge. According to Gudkova from source Kaspersky “in the third quarter of 2009, the percentage of spam in mail traffic averaged 85.7%” (Gudkova, 2009). Also in the 3rd quarter of 2009 just under 50% of phishing scams were related to banks.
Pharming
Pharming is similar to Phishing and is another way for attackers to gain information from customers. With Phishing attackers send an email to the customer advising them that they need to click on the link which will take them to another website that is a replica of an official website and confirm their personal information, whereas Pharming will re-direct the customer to another fake website when they type in the website in the URL even though the correct website address is entered this will re-direct them to a fake website. There are certain ways on how pharmers re-direct the customers and they are: DNS cache poisoning, DNS cache poisoning is when there is an attack on the internet name system which will allow the user to enter the meaningful names for websites instead of a series of numbers. The naming systems will rely on the DNS server to convert the letter-based website names which are easily recalled by people and this will then take the user to their destination website. This is when the pharmer places a successful DNS poisoning attack and will change the rules on how the traffic will flow for a whole section of the internet. The “Phishers drop a couple of lines in the water and wait to see water and wait to see who will take the bait. Pharmers are more like cybercriminals harvesting the internet at a scale larger thank anything seen before” (Online Fraud: Pharming)
Identity Fraud
Identity Fraud is another security issue let alone a world wide issue and is one of the world's fastest increasing crimes. Important information such as name, address, drivers licence, national insurance number, bank details etc are being duplicated and are being misused by fraudulent users. Vital information such as the above is used nowadays by fraudulent users to purchase or rent properties or even disguise their own details by using other people's information. There are a high percentage of individuals who are victims to identity fraud with millions of money and millions of information stolen from these individuals. There are many ways that information can be taken about an individual and that can be bribing employees at the bank and gaining information that way or sending a Trojan horse virus to a customer's computer and gaining the information that way by key logging what they do.
Identity theft is increasing at least 500% a year and therefore there will always be a chance for identity theft to happen unless specific procedures are in place. Banks must iterate that customers should get anti-virus software and as previously stated the IT manager may help by giving customers anti-virus software.
Network Security
Network security is introduced to help transactions on the system be processed without any problems and it is down to the bank to have the sufficient security on their server in order for the customers to use the system. The transactions that are started through the internet are then received by the online banking servers which route the transactions. These are routed through the firewall servers as it acts like a traffic cop between the sectors of the network of online banking, these are then used to store pubic internet and information. The configuration then segregates the publicly accessible web servers from data that is already stored on the servers on the online banking website. It then ensures that authorised requests are processed. Anti-virus monitor and intrusion detection are different access control methods that protect our systems from potential malicious activity. Online banking servers are fault tolerant and will then provide uninterruptible access n the event of any failures that may occur.
Online banking servers also have a timeout period, this is when there is no activity for a while and this will not allow any passer bys or anyone from accessing your account details and transacting any fund from one account to another. Banks should make customers aware that this as happened in the past and if you do not log off from the website there can be major consequences as the customer will be victim to fraud therefore banks should recommend to the customer to sign off immediately when you have finished or when you walking away from the computer. (Network Security, 2005)
User Awareness
When customers go onto online banking websites they should consider certain steps to ensure they are not victims of any possible threats. Customers should always ask the one question “Do I trust online banking? Yes - without a doubt. In our business, it is the only banking method we use.” (User Awareness is the Key, 2009)
Customers will always have doubts on whether to use online banking however millions of people around the world use online banking and have no trouble doing so. There will always be the odd risk of an attacker sending a virus to your computer and the user can only accidently click on the link and bingo the attacker will have access to the data. Customers will always rely on the internet as it is a thing of the future and it is easier to use to go on a search engine and type a few key words in and you have what you are looking for. It would only take a few minutes to check what can be done to make your data secured and it would make a difference to the amount of attacks that could happen. However it is known that the less time customers/users spend online the less they will know about threats compared to those who spend more time online they will understand the different types of threats.
The banks can have a leaflet or some sort of booklet that they could give to the customers when they join up to the online banking. This can contain important information and guidelines that the customer can adapt to their online browsing. These may include:
Ignoring emails banks that ask you for personal information as banks do not do this - if you get any of these emails, contact the bank and confirm if they sent the email or not and if they have go through it over the phone
With the steps above and other steps the chances of being a victim to viruses and theft can be reduced.
Firewall
Every computer now has or should have firewall enabled on their computer. This application will shield the computer from the internet and unauthorised access. Firewall is created to monitor both incoming and outgoing internet traffic. Majority of the operating systems such as Windows XP and Mac OS X already have firewalls build in them but new and upcoming software applications now have a special feature mode that you can use when going online to check your account or make transactions. These application mode that is called ‘banking mode' allows you to access and connect to legitimate banking sites and any protected or trusted websites. With the banking mode this will ensure that customers are not redirected into any fake websites and other websites that are not protected or trusted will be blocked. The banks should advise the customers to look at firewall options such as this to protect them from any threats possible.
There are 3 different methods that firewall may use to control traffic coming in and out of the network and they are: Packet filtering, Proxy service and Stateful inspection. Packet filtering is the small chunks of data that are called packets which are evaluate against a set of filters. The filter is a sort of guard against the packets and will only allow certain packets through to the requesting system and the remaining packets that have not got through will be discarded. Information from the internet gets retrieved by the firewall and then gets sent back to the requesting system this makes up the proxy service. Finally the last method of controlling flowing traffic is Stateful inspection, which is a new method this will compare specific key parts of the packet to the databases of trusted information instead of examining the contents in each packet. However the information that travels from inside to the outside of the firewall will get observed for certain defining characteristics and then the information that is coming in will get compared to these characteristics whereby if the data is compared to a reasonable match then the information will be allowed through however the remaining information will be unused. There are many reasons to why to have firewall and one of the reasons is Remote Login; this will allow users connect to your computer and have access to all your files and folders and control the events on your computer.
Conclusion
In this report, the threats that could possibly affect customers has been written about how the IT manager and the bank can go about implementing terms and conditions with the dos and don'ts for when customers go online to access their accounts. There have been various different types of crimes that have been committed like phishing. Phishing is one of the most online banking crimes with thousands of fake emails sent to customers asking them to enter and confirm their personal details. There is also Pharming that occurs quite a bit and is similar to phishing. All of these are connected to Trojans. Trojans is the main malware that drives all of the others as there are different Trojans created and programmed to do different thing such as the password sending Trojans. However with all this in mind customers should be advised to secure their account as much as possible. Certain banks use more than one login requirement such as the password and a pin and some just use passwords to log in. however banks should make the password contain certain values and characters, such as a password as to contain at least 5 characters and 1 number and has to contain a capital letter. With this structure in place it would be difficult for the attacker to break the password or pin easily. Therefore banks should advise on information on how to protect their computer and can provide anti-virus software as this will not only help the customer secure their computers but will help the bank technically and financially.
References
BBC. (2009, March 19). Big Jump in Online Banking Fraud. Retrieved February 16, 2010, from BBC: http://news.bbc.co.uk/1/hi/business/7952598.stm
Certificate Authority. (2007, June 4). Retrieved February 23, 2010, from SearchSecurity.com: http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213831,00.html
Gudkova, D. (2009, Novemeber 23). Spam evolution: July-September 2009. Retrieved February 19, 2010, from Viruslist.com: http://www.viruslist.com/en/analysis?pubid=204792091
Identity Theft Info. (2005, July). Retrieved February 12, 2010, from Johns Hopkins Federal Credit Union: https://www.jhfcu.org/onlineserv/HB/security_site/idtheft-phish.html
Ilet, D. (2004, December 20). Five arrested over phishing fraud. Retrieved February 7, 2010, from ZDNet UK: http://news.zdnet.co.uk/security/0,1000000189,39181670,00.htm
Information for Online Banking Users. (2007). Online Banking Security , 1-22.
Leyden, J. (2005, March 21). Brazilian cops net 'phishing kingpin'. Retrieved February 24, 2010, from The Register: http://www.theregister.co.uk/2005/03/21/brazil_phishing_arrest/
Mills, B. (2009, September 30). Online Fraudsters enlist Trojans to run off with your money. Retrieved February 24, 2010, from Silicon.com: http://www.silicon.com/technology/security/2009/09/30/online-fraudsters-enlist-trojans-to-run-off-with-your-money-39550643/
Network Security. (2005, July). Retrieved February 12, 2010, from Johns Hopkins Federal Credit Union: https://www.jhfcu.org/onlineserv/HB/security_site/network.html
Newman, C. (2009, October 13). Businesses unaware of dangers of online crime. Retrieved February 17, 2010, from ZDNet UK: http://community.zdnet.co.uk/blog/0,1000000567,10014167o-2000675946b,00.htm
Online Fraud: Pharming. (n.d.). Retrieved February 23, 2010, from Norton:from symantec: http://www.symantec.com/norton/cybercrime/pharming.jsp
Privacy. (2005, July). Retrieved February 12, 2010, from Johns Hopkins Federal Credit Union: https://www.jhfcu.org/onlineserv/HB/security_site/privacy.html
Schafer, G. (2003). Security in fixed and wireless networks. Germany: Wiley.
Skoudis, E., & Zeltser, L. (2004). Malware: Fighting Malicious Code. USA: Prentice Hall.
SkyNews. (2009, October 7). PC Users Targeted As Online Fraud Soars. Retrieved February 16, 2010, from SkyNews: http://news.sky.com/skynews/Home/Business/Internet-Fraud-Massive-Rise-In-Online-Banking-Crime-Including-Malware-And-Phishing/Article/200910115400910
Trojan Horse Virus. (n.d.). Retrieved February 22, 2010, from Topbits.com: http://www.topbits.com/trojan-horse-virus.html
Tyson, J. (n.d.). How Firewall Work. Retrieved February 19, 2010, from howstuffworks: http://computer.howstuffworks.com/firewall1.htm
User Awareness is the Key. (2009, June). Retrieved February 24, 2010, from Web Brainstorm: http://www.brainstormmag.co.za/index.php?option=com_content&view=article&id=3129:user-awareness-is-key
Whitman, M. E., & Mattord, H. J. (2004). Management of Information Security. Canada: Course Technology.
Bibliography
Banking Mode. (n.d.). Retrieved February 25, 2010, from Online-Armor: http://www.tallemu.com/webhelp3/Banking.html
Claessens, J., Dem, V., De Cock, D., Preneel, B., & Vandewalle, J. (2002). On the Security of Today's Online Electronic Banking Systems. Computer & Security , 21 (3), 257-269.
Erickson, J. (2008). Hacking: The art of exploitation.
Jin, N. I., & Fei-Cheng, M. A. (2005). Network Security Risks in Online Banking. 1183-1188.
M, V. (n.d.). Cyber Spoofing Prevention. Retrieved February 13, 2010, from eHow: http://www.ehow.com/way_5928093_cyber-spoofing-prevention.html
McGlasson, L. (2009, October 5). Online Crime up Nearly 600% in '09. Retrieved February 12, 2010, from Bank Info Security: http://www.bankinfosecurity.com/articles.php?art_id=1835
Online banking fraud 'up 8,000%. (2006, December 13). Retrieved February 13, 2010, from BBC: http://news.bbc.co.uk/1/hi/6177555.stm
Online Banking Information. (n.d.). Retrieved February 11, 2010, from Halifax: http://www.halifax.ie/node/37
Penycate, J. (2001, June 18). Identity theft: stealing your name. Retrieved February 12, 2010, from BBC: http://news.bbc.co.uk/1/hi/business/1395109.stm
Pfleeger, C. P., & Pfleeger, S. L. (2007). Security in Computing. Boston: Pearson Education Inc.
Protect Yourself and Your Identity. (n.d.). Retrieved February 12, 2010, from Byron Bank: http://www.bankatbyron.com/online_banking/Identity_Theft.asp
Pullar-Strecker, T. (2005, June 13). Computer crime: internet banking perspective. Retrieved February 16, 2010, from Computer Crime Research Center: http://www.crime-research.org/news/13.06.2005/1297/
Ramakrishnan, G. (2001). Risk Management for Internet Banking. Information Systems Control Journal , 6.
Shinder, D. (2006, May 12). Don't be a victim of identity theft. Retrieved February 17, 2010, from ZDNet UK: http://news.zdnet.co.uk/security/0,1000000189,39268493,00.htm
The battle for your online bank account . (2006, August 10). Retrieved February 11, 2010, from BBC: http://news.bbc.co.uk/1/hi/business/4778977.stm
What is a computer worm? (2009, February 6). Retrieved February 22, 2010, from Microsoft: http://lb1.www.ms.akadns.net/australia/protect/computer/basics/worms.mspx
What is identity theft? (n.d.). Retrieved February 15, 2010, from Metropolitan Police: http://www.met.police.uk/fraudalert/section/identity_fraud.htm
