Admin

Hackers Are Cracking Online Banking Sites to Steal Your Cash

A couple easy tricks make it easy for hackers to drain your bank account.
Financial aggregation services are giving hackers everything they need to access and empty wealthy targets' bank accounts.
Image: Illustration by Tag Hartman-Simkins/Images via Pixabay

I’m In

With a couple of relatively unsophisticated tricks, savvy hackers can breach online banking sites and drain wealthy people’s accounts.

Banks that offer online services are under assault from hackers who are “constantly probing” for weak or common passwords, according to influential cybersecurity journalist Brian Krebs. According to Krebs, hackers can easily find wealthy targets through backdoors already built into banks’ cybersecurity — which is bad news for all of our wallets.

Password123

Even banks that require two-factor authentication — that’s when you have to enter a code sent to your phone or email to log in — give access to companies that aggregate financial information, like Mint or Yodlee.

“Because we have become something of a known quantity with the banks, we’ve set up turning off [multi-factor authentication] with many of them,” Brian Costello, VP of data strategy at the financial aggregator Yodlee, told Krebs.

Lucrative Targets

With access to the weak passwords they brute-forced, hackers can use financial aggregators to see who would make for a more lucrative target — and use recent transactions or partial account numbers to launch spear-phishing attacks.

From there, draining a bank account is as easy as linking it to the hacker’s own PayPal. In short, take a minute to use strong passwords and a password manager.

READ MORE: The Risk of Weak Online Banking Passwords [Krebs on Security]

More on bank cybersecurity: Banks Are Under Siege by Sophisticated Hackers

Dan Robitzki is a senior reporter for Futurism, where he likes to cover AI, tech ethics, and medicine. He spends his extra time fencing and streaming games from Los Angeles, California.