Cyber fraud in banking: Key threats and how to overcome them

Another method, Kaushik said, involves hackers first purchasing real account information in bulk amounts from the dark web and then re-targeting those accounts using phishing emails.

“In such phishing emails, the disguised hackers request the victim to follow some simple procedures on a web page, which has been set up by the hackers to deliberately steal login information and other important credentials,” he explained.

Another common is fraud is using banking trojans.

"At times, hackers embed the fake applications with banking Trojans, such as the bank bots Cabaret Pink Slip, which intend to attack banks and stock brokerage firms to facilitate hacking operations. This malware uses an active directory attack to lock down users with multiple login attempts. These bots and trojans are focused on stealing money from victim bank accounts," Kaushik said.

Hackers also employ what is known as macro malware which is developed using programs such as the VB Script programming language used for MS-Word and MS-Excel. Legitimate-looking files are usually sent via phishing emails that contain malware-infected attachments such as cover letter reports by job seekers in the form of CVs and MS Word files, Kaushik said.

"Even any advanced antivirus programs not easily detect macro viruses. So, hackers are staying ahead of the game. Malware can comfortably hide within a system for long periods of time which gives hackers enough time to infect users' systems. Using free Wi-Fi is like requesting hackers to invade privacy. User data is shared by a person on the Internet can be intercepted by a hacker. This includes valuable personal data, such as usernames/passwords for online bank accounts," he added.

In fact, Kaushik further said, a user would find it difficult to differentiate between free Wi-Fi provided by an authorized agency and one installed by a hacker. Because of this, many banks have started using two-factor-authentication methods to keep their transactions secure. However, there are some advanced Trojans, which can circumvent these security measures. One such Trojan, Bankbot, mimics real banking applications to steal the login details of users.

Kaushik said that it’s always advisable to avoid opening or downloading any attachments on the device without knowing the context.

"It’s equally vital to invest in a genuine and licensed antivirus software on all the devices. Additionally, users should never click on suspicious links within an email that may hold genuine information claims and abstain from sharing personal details on social media. Resorting to a VPN service is another way for users to neutralize and overcome potential cyber threats migrating. Free internet or hotspots should even be averted when travelling. Instead one should use a paid VPN to encrypt network traffic," he said.

On this, Kaushik said that the systems will remain weak unless the technical foundation of the internet system is strengthened as some of the technical products that we use in our day to day work are still dependent on other countries.

To secure the Internet in a foolproof manner, Kaushik said that the hardware devices should be indigenously built with built-in security features.

"Unless this is achieved, the government's Cyber security will remain 'porous' and vulnerable. There should be multi-factor authentication to track all logins across companies. If a company uses third party vendors for any services etc, they should make sure that they have their own security auditing or test reports. There should be dedicated cyber security and IT, support person, for the company. While it's important to use cloud-based and physical backups of important files, it's even more important to audit those backups regularly, he told CNBC-TV18.

According to Kaushik, they should first freeze their bank accounts and credit cards and then change the internet and mobile banking passwords.

"They must inform the bank about the cyber fraud that has happened within 24 hours. Also, they should initiate a legal process to minimize the negative consequences of cybercrime. Customers can contact their local cybercrime investigation cell to file a written complaint against cybercriminals. Or the same can be done online," he suggested.