Three signs of an “invisible” attack that could empty your bank accounts have been described to bank customers. The attack works by silently “hijacking” your clicks, with an expert warning bank account customers and holders to “stay vigilant”.
Keeper Security revealed how “invisible” “clickjacking” can steal your info and money – and infect your gadgets. “Cybercriminals use clickjacking to trick you by manipulating what you see on screen,” said Keeper Security’s Aranza Trevino. “They overlay invisible fields on top of legitimate-looking fields in order to disguise the action you are taking.
“This can happen with a whole website or just a pop-up ad. Sometimes, the hacker even embeds the legitimate website inside their own site to make it look as real as possible. Believing you are on a legitimate site, you will click things, enter your credentials or provide other sensitive information.
“You will believe you are completing legitimate actions but the invisible fields will cause you to accidentally download malware or send your information to cybercriminals instead.”
The first instance the experts are warning over is Facebook emails, with victims clicking the link and being taken to a fake version of Facebook – with the real website embedded.
Victims then enter personal details into an “invisible field” allowing criminals to steal your data. A second could be an email from a reputable brand, which does the same, and a third instance is pop-ups. “A pop-up appears while a user is navigating a website,” security expert Aranza explained.
“The user clicks the ‘X’ to close the pop-up, but the ‘X’ is actually a download link that installs malicious software on the user’s computer.” Once they’ve been successful, malware is placed onto victims’ devices and could be used to steal your info or money.