Serious Financial Fraud using social engineering and the prevention steps

After a long time I have decided to write an article about how a regular guy with bad intentions without limited technical ability can get a user bank details and transfer all his funds to foreign account.

A bad guy first will always analyze the person to check whether he is dumb/smart/generous. Below I will depict a small story which will tell you how it can be done from a very secured banking websites and how everyone should protect themselves from becoming a prey.

A girl named Ellen who is generous by nature  visits an internet cafe run by Mr. Dony. Mr. Dony talks with her for couple of minutes and tells her that his cafe provides free internet service once a week where she can come and perform all her online activities . By listening to that Ellen gets very happy. Mr. Dony asks her what are her hobbies and what she usually surf online? She tells that she visits youtube,social networking sites and also send money to her mom every friday. Dony now tell her " That's great because every friday we provide free internet service". 

Mr. Dony now installs a keylogger on the computer which Ms. Ellen will use. Now its friday and Ellen arrives at the cafe. She opens https://safestwebsite.com and logs in with her credentials. Credentials are now captured by the keylogger. But here is the catch, when she transfers money to her mom, the banking site sends an OTP(One time password) which comes only to Ellen mobile. So Mr. Dony now need to set a new trap to get access to her mobile phone . 

Next week she again visits the cafe . However Mr. Dony engages her into a long conversation to distract her from surfing websites. Dony has a friend called Dr. Evil who is sitting on other side of the world and already got the credentials from last week Ellen visit. Now Dr. Evil opens the https://safestwebsite.com and logs in with Ellen credentials but as we know that while adding an account and doing online transaction it sends an OTP to Ellen Mobile. So here Dony ask Ellen for her mobile phone for installing a new app which is very popular.Now when Dr. Evil starts the fund transfer process and OTP is send to Ellen mobile which is with Dony now. Dony immediately forwards that OTP to Dr. Evil. Dr. Evil immediately transfer all her funds .

How to prevent yourself from becoming prey to this ?

1.  Never do transaction from Internet Cafe or free WiFi hotspots.
2. Always use virtual keyboard instead of typing in keyboard.
3. Never use mobile banking app to perform transaction or third party websites.

Hope you all have enjoyed my article and I believe you are feeling much more confident about your banking transactions.