With a couple of relatively unsophisticated tricks, savvy hackers can breach online banking sites and drain wealthy people’s accounts.
Banks that offer online services are under assault from hackers who are “constantly probing” for weak or common passwords, according to influential cybersecurity journalist Brian Krebs. According to Krebs, hackers can easily find wealthy targets through backdoors already built into banks’ cybersecurity — which is bad news for all of our wallets.
Even banks that require two-factor authentication — that’s when you have to enter a code sent to your phone or email to log in — give access to companies that aggregate financial information, like Mint or Yodlee.
“Because we have become something of a known quantity with the banks, we’ve set up turning off [multi-factor authentication] with many of them,” Brian Costello, VP of data strategy at the financial aggregator Yodlee, told Krebs.
With access to the weak passwords they brute-forced, hackers can use financial aggregators to see who would make for a more lucrative target — and use recent transactions or partial account numbers to launch spear-phishing attacks.
From there, draining a bank account is as easy as linking it to the hacker’s own PayPal. In short, take a minute to use strong passwords and a password manager.
READ MORE: The Risk of Weak Online Banking Passwords [Krebs on Security]
More on bank cybersecurity: Banks Are Under Siege by Sophisticated Hackers