Protection from cyber attacks
Recently, both globally and locally, frequent cyber attacks of companies have turned into common events, which might produce serious consequences, from financial and brand image point of view.
Therefore, as a continuation of the happenings taking place in October, which has been named cyber security awareness month, HALKBANK AD Skopje stays committed to dedicating part of its time to provide basic cyber-related education to its clients.
Reading this message will not take up more than 5 minutes of your time, but in turn, it can save you from wasting your precious time and finances.
Of course, all recommendations of technical natures, such as the use and the regular updating of your antivirus software, the rules applying to the protective network (the firewall), the upgrading of the OS and apps you are using remain in place, being essential pillars of the protective system against cyber attacks. Nevertheless, the weakest link in the overall chain of defense and protection is undoubtedly the human factor. This is also well known to malicious users and their intent is clearly to take advantage of this fact.
That is why we have decided to look at some of the most common attacks which are being employed currently, so you can be well informed of the recent developments, and thus, help protect yourself better.
1. Man-in-the-middle attack
One of the most common cyber attacks entailing rather large financial consequences is the attack conducted through intrusion into computer systems, interception and altering electronic messages, supplying new and altering existing invoices, introducing new and different bank instructions for payments etc.
An intrusion into communications via email is an event in which clients are being sent new invoices from an existing supplier in which payment instructions have been altered. Such alteration usually include changes to the bank account/IBAN to other banks in the same country, in banks abroad, or even alteration of the name of payment beneficiary abroad.
Therefore, we recommend that you pay great deal of attention to payment instructions received in your invoices or separately and always verify the validity and authenticity of instructions through a communication medium other than email communication, such as phone call, text or through social networks.
The same applies to the instructions that you are sending to your clients via email, and we recommend that you verify the validity and authenticity of instructions through a medium other than your email.
2. Spoofing attack or identity fraud
Lately, there have been many events in which clients are sent an email which, at first glance, looks like a completely valid notification email from their bank or other institution which they know well and trust. However, once checked in details, such email clearly contains some unusual parameters, based on which it can be concluded that it is invalid.
The most common examples of that kind are as follows (we will start from the simplest ones and we will go up to some of the most complicated ones):
- A client does not expect an email with such contents, simply because if you do not have an account with a given bank, that bank would not have sent you an email.
- In addition, if you have not made any transactions recently, then it is unlikely that you will be sent a confirmation for a transaction that has taken place.
In these two examples above, email are usually sent with an attachment (excel, word, pdf, zip, 7z…) containing the malicious software (virus, Trojan…). In such cases, it is possible that a regular message that has previously been sent by the bank to any of its clients is used as a vector to propagate malicious software. DO NOT OPEN THE DOCUMENT!!!
3. Phishing attacks
Phishing is well-thought scam whose final objective is to collect sensitive data, most often digital marks for personal identification, such as user names and passwords, card PIN codes or PIN codes used to access digital certificates. In such events, the scammer masks itself to look like a trustworthy entity in the electronic communication with whom the user has already communicated.
- Email asking you to enter your personal data, such as: user's password, PIN code to your card, single-use codes and other personal data.
If any of the above occurs, irrespectively whether such person is contacting you by phone, email or is trying to assist you in solving any type of technical issue, please terminate the communication with that person immediately and inform the Customer Support of the Bank.
We truly hope that the information we have shared here will prove to be useful.
It’s all about the people.
HALKBANK AD Skopje