Yesterday, Microsoft announced that, with the help of the FBI, they have disrupted over a thousand botnets responsible for the theft of personal online banking and identity information.
A botnet is a network of computers infected by malicious software – in this case the Citadel Trojan – which is controlled by a cybercriminal. Citadel uses key-logging software to record everything that a user of an infected computer is typing, namely sensitive data such as passwords, login information, banking information and other personal information which could be used for identity theft.
Last month we warned our users about a new variant of the Citadel Trojan which is capable of hacking into a user’s web browser. Instead of key-logging, this version of the malicious software acquires personal information from compromised computer by replacing the information on legitimate websites of banks and financial services with a phishing site When a Citadel infected computer lands on a certain page, a site designed to look like the legitimate website appears and the end-user is tricked into willingly entering their login information, which is then collected by the cybercriminals.
The shutdown of over 1000 botnets is part of the growing public concern about online security and the commitment of financial and technological companies like Payza to protect internet users and help them to protect themselves.
This is great news for online security, but you must remain vigilant. Simply focusing on the latest threat would be narrow-minded. Cybercriminals are always trying to develop new ways to access your personal information. Payza’s proprietary FraudMatrix is designed to mitigate potential threats before they become real. It’s no accident that there has not been a single confirmed case of Citadel being used to successfully compromise one of our members’ accounts.
It’s a common misconception that internet users are more secure in developed countries, but this is simply not true. People in Bangladesh and the Philippines are using the same internet as people in England and the US, and they’re exposed to the same threats. Don’t be careless with your internet habits or you may be a victim of the next big threat. Always keep an up-to-date virus scan program installed and trust your instincts. For example, Payza would never make you enter your password and Transaction PIN on the same page, if a site requires both on the same page, it’s a sign that something isn’t right.
If you suspect a problem or spot a phishing site or email targeting Payza members, you can File a Report on the Payza Security Center page.