Web Injection Scams Target Online Banking Users
Online banking users are being targeted by web injection scams, which overlay fake pop-ups to steal login credentials. These scams mimic legitimate bank pages, making them difficult to detect. The article details how to recognize and prevent such attacks, offering practical advice on securing financial accounts.
Kent, a recent victim of such a scam, reported that he fell for the attack twice before realizing it was a scam. He describes the fake pop-ups as looking exactly like his bank’s page, complete with logo and branding, and asked for details he had already provided. His quick reaction to close his computer and contact his bank prevented further damage.
Web injection scams work by hijacking a user’s browser session and overlaying a fake login or verification screen. The fake pages feel authentic because they appear while the user is already logged in. Scammers use these deceptive tactics to capture login credentials or trick users into providing two-factor authentication codes.
Users are advised to take several steps to protect their accounts, including checking recent transactions daily, turning on alerts for logins, withdrawals, or transfers, and using strong, unique passwords generated by a password manager. Additionally, updating passwords and checking for past breaches is recommended to ensure account security.
The article also recommends using multifactor authentication with app-based codes instead of SMS codes, as these are harder for scammers to intercept. Running a trusted antivirus is also suggested to detect and remove malicious scripts that may be used to facilitate such scams.
Placing a free credit freeze with major credit bureaus can prevent scammers from opening new accounts in a victim’s name. Identity theft monitoring services can help users stay informed about their personal information being used illegally.
Finally, the article urges users to remain vigilant and report any suspicious activity. By adopting the right habits and tools, users can significantly reduce the risk of falling victim to web injection scams and other forms of cybercrime.