There are several common ways that bank account information is hacked and stolen: ### Cyberattack 1. **Malware infection** - **Principle**: - When users browse unsafe websites, click on suspicious links, or download files from unknown sources, they may be infected with malware, such as Trojan viruses. Malware is quietly installed in the computer system without the user's knowledge. - Once installed successfully, it monitors the user's operations and records the content entered on the keyboard, including sensitive data such as bank account login information (such as usernames and passwords). The malware then sends this stolen information to a server controlled by the attacker. - **Case**: - Some criminals have created fake shopping websites to trick users into clicking in. When users enter their bank card numbers, passwords and other information on the fake website to make payments, a seemingly normal prompt box will pop up on the website page, asking users to download a "security plug-in" to complete the payment process. In fact, this "security plug-in" is malware, which will quickly infect the user's computer, steal account information and send it to the attacker. 2. **Phishing** - **Principle**: - Attackers forge fake websites that are very similar to regular bank websites, with page layouts and URLs that are very lifelike. - Then, they send fake notifications to users via email, text messages, etc., claiming that there is a problem with the user's bank account and that they need to click a link to verify or update the information. When the user clicks the link to enter the fake website, the account information entered will be obtained by the attacker. - **Example**: - Some criminals will pretend to be bank customer service to send emails, saying that the user's bank card is about to expire and that they need to click a link to update the bank card information. If the user believes it and clicks the link, they will enter a fake bank login page, and the account password and other information they entered will be stolen. After that, the attacker will use this information to transfer money and other operations. 3. **Man-in-the-middle attack** - **Principle**: - The attacker inserts his own device or program in the network path where the user communicates with the bank server to intercept the data transmitted by both parties. - For example, in a public wireless network environment, an attacker can set up a fake Wi-Fi hotspot with a name similar to a regular hotspot. When the user connects to this fake hotspot and performs bank account operations, the attacker can intercept the account information sent by the user and the response data returned by the bank server, thereby obtaining the account information. - **Case**: - In some public places such as airports and hotels, criminals have used this method to steal users' bank account information when users connect to public Wi-Fi for online banking operations. Users may be robbed of their account funds without knowing it. ### Internal staff violations 1. **Employee leakage** - **Principle**: - Bank employees may leak customer account information to outsiders for various reasons, such as profit temptation, work negligence, etc. - For example, bank employees may sell customer account details, login passwords and other information to criminals, or privately query customer account information and disclose it to others without authorization. - **Case**: - A bank employee once owed a huge debt due to gambling. In order to repay the debt, he sold the customer's bank account information to a fraud gang, resulting in a large amount of customer account funds being stolen. Fraud gangs use this information to gain customers' trust and induce them to transfer money through telephone fraud, online fraud and other means. 2. **System vulnerability exploitation** - **Principle**: - Banks' computer systems may have security vulnerabilities, which may be caused by software design defects, improper configuration and other reasons. - After attackers discover these vulnerabilities, they will use special tools and technical means to remotely attack bank systems through the network to obtain account information. For example, they may exploit a system vulnerability that has not been repaired in time to bypass the security authentication mechanism of the bank system and directly access customers' account data. - **Case**: - A bank's system was found to have a vulnerability. The attacker used the vulnerability to obtain some customers' account information and transaction records by sending specific request packets to the bank's server. Afterwards, the attacker used this information to perform a series of illegal transfer operations, causing financial losses to customers. ### Social Engineering Attack 1. **Gaining Trust** - **Principle**: - Attackers communicate with users and use various means to gain users' trust. - For example, they may pretend to be bank staff, couriers, etc., call users and claim that users have an important package that needs to be signed for, but need to verify account information first to confirm their identity. Or they may say that there is an abnormality in the user's bank account and they need to provide account password and other information for verification. Users may provide their personal information as requested by the attacker without any warning.