Internet Explorer warning against Internet BankingPOSTED: 05/26/14 3:12 PM
Here is a warning from the Netherlands that consumers who use internet banking in St. Maarten ought to heed: do not use Internet Explorer for internet banking.
The assistant-director of Betaalvereniging Nederland, Gijs Boudewijn, issued the warning on Saturday in the consumer TV-program Kassa. Earlier that day research by NU.nl and security company SecureLabs showed that it is possible to make transactions visible in several browsers and manipulate them by shutting down the encryption of internet connections.
Banks have already taken measures to close the loophole in their security, the National Cyber Security Center announced. But according to NU.nl not every bank supports at this moment the new technology that has to prevent fraud with transactions – the so-called HTTP Strict Transport Security. Microsoft allegedly will only take care of this in the next version of Internet Explorer. Google Chrome, Safari and Mozilla Firefox already support the new protocol.
As far as is known right now, no money has ever been stolen due to a shut-down encryption, but Betaalvereniging Nederland fears that this is still possible. “I have to say, if you want to be certain, you will have to use a different browser until Internet Explorer has been updated,” Boudewijn said.
Manipulating banking transactions requires a Wi-Fi hotspot where special software can be installed. While the connection to the bank is encrypted, the hotspot is able to shut down the secure connection to the client. Because the little lock in the url-bar remains visible, this is hardly noticeable.
After the transaction the software is capable of automatically changing the bank account number of the receiver so that the money goes to the criminals behind the scheme, Tests from SecureLabs show that this trick also works with booking sites and web-stores.