Nowadays, it’s hard to imagine not having access to an online bank account. A huge number of people use it. SSL certificates effectively protect our personal data, so we do not have to worry about the security of our information. Transactions are also safe.
The vast majority of banks use an extended SSL certificate (Check out: What is an SSL EV (Extended Validation) certificate?). We can very easily recognize it – next to the web address, not only is there a padlock, but also the name of the entity to which the certificate was issued. The original website or banking application is not a cause for concern. However, let’s not forget about counterfeit websites that, at first glance, look exactly like the originals. Cyberattacks come in many forms, yet they all aim for the same thing. The main goal is, of course, to seize our personal data, which could be used, for example, to make a transfer.
Blocked bank account
In early December 2018, ING Bank Śląski issued a warning about cyberattacks. The bank became the target of a phishing campaign, and alarming activities were quickly noticed. Selected clients were sent emails that looked exactly like genuine bank correspondence. The subject line directly referred to account blocking, which was meant to capture the user’s attention while also stressing them out. As is well known, triggering negative emotions reduces vigilance. In the received email, we read that the account was blocked due to unauthorized access. Upon reading this sentence, the user fears that someone tried to break into their bank account. They are also worried about the funds stored in it. Later in the message, instructions on how to unblock the account are provided. It instructs the user to click on a provided link, which, of course, does not lead to the bank’s original website.
The fake website appears to have the same address. Visually, it does not raise any suspicions. The alleged account unblocking is done by logging in. The user enters their login and password – these details go directly to the fraudsters. They can therefore take over our account, along with the funds in it.
ING emphasizes that it never asks its clients to enter their login and full password for online banking. Receiving such an email assures us that it is part of a campaign aimed at seizing our data. It should also be mentioned that very recently, an almost identical situation affected owners of Apple devices. Let us not forget that cybercriminals are active. They will undoubtedly use the aforementioned tactic repeatedly. It doesn’t matter in which bank we have an account; in every situation, we should remain rational.
Security certificate with Extended Validation
The average internet user has no idea which website is safe and which is not. It is worth emphasizing once again that the padlock icon is currently not a confirmation of the website’s authenticity. A fake site can also have an installed SSL certificate.
However, most banks possess an SSL certificate with extended validation. This is by far the most detailed protection that comprehensively secures website users. Entities that hold this type of certificate must undergo a three-step verification process. In the web browser, next to the padlock, we find the name of the entity to which the certificate was issued. On counterfeit websites, we encounter at most just the padlock icon, which should serve as a warning signal.
Check out our offer for the cheapest SSL certificates with extended validation (EV – Extended Validation).