Good morning and welcome to another pentest people Tech Bytes. Your headline this morning hackers are using stolen bank information to trick victims into downloading bit rat malware. There are no signs that the information has been previously shared on any forums in the darkness of the clear web, suggesting that the threat actors themselves got access to customer data to mount the phishing attacks. On today's episode, we welcome Chris and Josh, our consultants here at pentest people who will be discussing bank fraud and how we can protect ourselves from getting our bank details stolen. I appreciate your time today both of you so first things first, Josh, can you explain to our listeners what bit rat is
so better is a type of malware or malicious software that is designed to steal personal information from victim's computer, it's versatile, can perform a wide range of operations, including stealing credentials, which are often bank information.

‍

‍
So from bit rats popularity arising from his personality, the malicious tool can perform a wide range of operations, which includes credential theft, like bank fraud itself. Chris, can you tell our listeners why hackers are stealing personal data and what are they gaining from this? So why hackers steal personal data really depends on the notice. But there are a few reasons why few reasons why hackers do steal personal data. One of the primary reasons probably is for monetary gain. Because also use it again, as we previous mentioned for identity theft account takeover, and in some instances, it's just simply because they come just to prove that their gun bypassed people's defences. Josh, would you say the same?
Yes, I would say the same. The this often finds itself away onto the dark web and this information is so worth monetary value, often in cryptocurrency.

‍
So once a scammer has your personal information or your bank details, they can use them for all sorts of crimes, especially identity theft. Can you both tell our listeners, how fraudsters can get hold on my data? For example? Yeah, sure. So one of the primary ways is from previous data breaches. So if a threat actor can access data that has been previously leaked, they can use that to gather information about a person and then use that information for their own personal reasons, whatever that may be. Well, they can also use social engineering as well, such as phishing. So some fraudsters use phishing attacks, where they send official canned emails to targets and then attempts to elicit personal information from them. And then that can include and that can include passwords and credit card numbers.

‍
Yeah, so data breaches, phishing scams, or using malware such as bet route which just come back to this social engineering, bank card fraud, bank fraud, it's often targeted in vulnerable populations, such as the elderly or those with less technical knowledge that don't know how to spot these social engineering techniques. And it can be difficult to trace it. And these vulnerable populations often fall victim to this more often due to the lack of technical experience growing up with ICT technology compared to younger generations.
And how can we recognise the signs of identity theft? Chris, I know when you mentioned phishing emails, phishing attacks, those can be some early signs of identity theft. Do you want to explain that a bit more? So yeah, sure. Also, when it comes to phishing emails, a thing you can look out for is the sender address. So does it come from address that is that looks legitimate Is it legitimate, but can also be multiple different things as well, if you're not sure if it is a phishing email, I would say don't interact with it, because that can obviously lead to download malicious malware and things like that, which can lead to information being stolen as we previously mentioned. But there are a multitude of different other ways to notice the early signs of identity theft. And these can be receiving unfamiliar or unexpected charges on bank statements, being denied credit for no apparent reason even include your mail not arriving, and even suspicious login attempts on your social media or other accounts. And that's just to name a few. There are ways to spot it if you are being subjected to identity theft, but that was just a few Joshua, what do you say these hackers are targeting?
So hackers with these malware on scams often target populations which have less experience with technical products. So elder people who might not have grown up with technology who use banking information on their phone, but with weak passwords. or just are leaving information line or bytes in for anyone to see when they're people could be shoulder surfing in public and information as well. There's people that just are aren't aware of the sorts of techniques and tactics that threat actors are using to where people don't realise they're fallen victim to these sorts of attacks.
So bank card fraud, it's been happening for years. Why is it so hard to stop? Is it because criminals are getting smarter and more technical every year. So bank fraud, it is difficult to stop for a number of reasons that could be one of them. But also, another reason is that fraudsters are constantly developing new methods of deception. And that's making it more difficult for banks to keep up with the latest tactics. So I think when it comes to bank fraud, it also reiterates the sentiment behind the statement, humans are the weakest link in cybersecurity, your costs. As I mentioned previously, a great way to say a great, a dangerous way to steal information is through social engineering. And that's obviously playing on the emotions of people. And as I mentioned that with a statement, humans are the weakest link in cybersecurity, so they will divulge that information. Josh, would you like to add any comments?

‍
Yes. So on. On top of that, we often see humans given out information on social media, which has no need to be public. And this is often given throughout actors more information about the talk about their targets, which often once they put a number of posts together could possibly answer security questions, which are meant to be private questions for only that for only people to know, once all of these pieces are linked, linked together, they'll be able to ring impersonate these people. So people are actively, actively not knowing that they're given threat actors this information when they're just trying to be closer to the friends who might live on a different continent.
Can you both give our tech listeners advice to protect themselves from identity theft? Yeah, sure. So So in terms of keep yourself protect from identity theft, I think one of the key points and one of the most common cybersecurity punch all over here is us using complex passwords. So creating strong passwords and different passwords. For every online account, you have your email, online banking, any social media or retail websites are using, and building on that avoid using any personal information in passwords. So avoid using their names like family, where you went to school, your pet's names and college or anything like that. And this will reduce the likelihood that someone could guess your password and access other platforms like us, which in turn will mitigate identity theft. And one thing that can be used to help with this is a password manager who can help you create strong passwords and keep track of all your passwords. So that's definitely a point I'd mentioned. And also the use of antivirus software as well. So for example, coming back to the example of bit rat, so protect your internet connected devices with up to date security software, and making sure that you instal all official software updates and security fixes on your devices. That's probably the best advice I could give.

Josh,what advice do you have?

so it's important to remain vigilant at all times. However, if you notice any suspicious activity on any sort of bank, but bank accounts or social media platforms, it's important to report this to the correct authorities. The correct action can be taken then,
Josh, going back to what you said earlier on about people sharing too much personal information on social media I think limit what they share if they share too much information that that makes it easy for hackers to know about their personal lives such as the home addresses, it's important to make sure that privacy settings are up to date across all social platforms. Also monitoring your accounts, review your statements and sign up for text message alerts. So you can catch debit card fraud attempts early. The growth of fraud is on the rise more than ever, identity thieves are always developing new ways to steal your money. It has been great having you both on today's episode. If you are listening to this podcast, both Chris and Josh have discussed insightful information how to be precautious from bank card fraud. Join me next week on another tech bite episode. Thank you. Yeah, man. Thank you

‍