Skip to Content

Microsoft warns two banking Trojans that can steal from your accounts on the rise

With scammers lurking around every digital corner, it’s extremely important that you’re careful with sensitive data. The last thing that you need is to have that information fall into the wrong hands.

That’s exactly what’s happening to victims right now with these two dangerous banking Trojans. Microsoft is warning that criminals could drain your bank accounts.

New banking Trojan techniques trickier than ever

Banking Trojan’s are typically spread to consumers through phishing emails. Victims receive fraudulent emails, purporting to be from their financial institution.

The fraudulent emails will look like a bill, or another piece of critical information from your bank and has either a PDF, Excel or Word document attached with more details. If you click on the link, a banking Trojan will be installed on your gadget.

Once the Trojan infects a victim’s gadget, malware runs in the background, waiting for the user to visit their banking website. When they try to visit their bank online, the malware sends them to a spoofed site. It looks very official, so a large number of people fall for it.

The spoofed site requires the user to enter their banking credentials. When they do, they’re just handing them over to cybercriminals. Now, Microsoft is warning that two banking Trojans that have been around for quite some time are being tweaked by the criminals behind them.

We’re talking about the Qakbot and Emotet banking Trojans. They have adopted exploits similar to what was found in WannaCry ransomware that allow them to be spread quickly through corporate networks.

They do this by using a file-sharing protocol dubbed Server Message Block (SMB). This new technique makes the banking Trojans more dangerous than ever as they can now be spread without every user on the network clicking on a malicious link.

Microsoft mapped common behaviors between Qakbot and Emotet, the following chart shows its findings:

Image: Traits of the Qakbot and Emotet banking Trojans. (Source: Microsoft)

Even though these banking Trojans can be spread through new, unconventional ways, we still need to be aware of the original method. Phishing attacks. Here are suggestions on how to avoid falling victim:

Be cautious with links

Never follow web links in unsolicited email messages, it could be a phishing attack. Cybercriminals take advantage of popular websites and trending news stories to try and find new victims. That’s why you need to be able to recognize a phishing scam.

One thing to watch for with phishing attacks are typos; criminals are typically careless with spelling and grammar. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.

Have strong security software

Make sure you’re using strong antivirus software on all of your gadgets. And keep them up-to-date for the best protection. This is the best way to keep your device from being infected with malware.

Set up two-factor authentication 

Two-factor authentication means that to log in to your account, you need two ways to prove you are who you say you are. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.

Use unique passwords

Many people use the same password for multiple websites. This is a bad idea. If your credentials are stolen from one site and you use the same username and/or password on others, it’s easy for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.

Do not disclose sensitive data

Unsuspecting people are mistakenly handing over sensitive information to scammers all too often. If you receive an unsolicited email, do not reply with personal information. You don’t want it to fall into the hands of criminals.

If a company that you do business with on a regular basis emails you and asks for personal information, type the company’s official web address into your browser and go there directly to be safe. If you’re asked to call the company, use the phone number found on the back of your credit/debit card so you know it’s official.

Don’t let cybercriminals infect your computer, here are 5 ways to keep your PC secure

When our PCs work normally, we sometimes take them for granted. We recklessly fill up our hard drives with data, download files, install applications and browse the web as we please. But of course, all it takes is one installation of a malicious application to ruin your PC and worse, have all your information stolen.

Click here for 5 tips you must do regularly to keep your PC healthy and secure.

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me