Phishing emails, account theft, data theft: the risks of being ripped off by criminals when banking online are great. A combination of two authentication methods should provide protection. This is how secure online banking works with the virtual machine.
When it comes to online banking, there are a few things to consider when it comes to security.
© Kantver / Shutterstock.com
For online transactions in this country, bank customers must identify themselves to their financial institution using a combination of two authentication methods. Many banks implement the legal requirement by first requiring their customers to enter a password on their banking website and then either sending them an mTAN (mobile transaction number) via SMS or requiring them to enter a code in a smartphone app .
If the customer does his banking on the desktop computer, there is an additional level of security: In this case, two-factor authentication is carried out on two different devices that are not connected to each other. It is very difficult for a hacker to gain control of both the PC and the smartphone in order to intercept the bank’s queries. However, as soon as the customer carries out his transactions on the smartphone alone, this protection is no longer applicable. The criminals are now taking advantage of this. A virtual PC for online banking is an additional level of security. The following tips will help you isolate the virtual system from the host PC in the best possible way.
Dangers and protection in online banking
No shared folder
An important point in isolating your virtual online banking PC is to switch off the shared folder. With this function, virtualization programs simplify the data exchange between the host PC and the virtual PC. If you deactivate the shared folder, you will prevent accidentally executable programs from reaching the banking PC.
Access protection for the VM
Protect access to the online banking VM. To do this, either set up a password in the operating system on the guest PC for logging into the system. Or you can activate hard disk encryption for the virtual PC. In Virtualbox this can be done in the VM settings under “General” and “Hard Disk Encryption”.
Page view and logout
The certificate displayed by clicking on the lock in front of the URL provides information on whether the website called up in the browser is actually operated by your bank or whether it is a fake.
Do not use a search engine to find the web address for online banking. This could lead you to bogus websites for stealing your account information. It is best to surf the homepage of your bank directly and use the link there for online banking, which you then save as a bookmark in your browser. Your web browser shows you in the address bar of the virtual PC at the top whether the current website is safe, so that you can make money transactions with peace of mind. Microsoft Edge puts a small lock symbol in front of secure web addresses. Clicking on it provides you with detailed information about the security certificate that the website uses.
If several people have access to the virtual PC, you should log out of banking immediately after you have finished your work by clicking on the corresponding button. It is also a good idea to create a savepoint in the virtualization software that you can easily revert to after the transactions are complete.
Prevent phishing risks
If you want to protect online banking with a VM, you can use a Linux-based guest system, such as Linux-Mint. Windows malicious programs don’t stand a chance.
If you only conduct your financial transactions in a virtual machine and only use Edge as a browser to access the bank website, you are safe from phishing. In this case, however, you are not allowed to receive any e-mails in the virtual computer and you are not allowed to install any software.
You will receive alleged notifications from credit institutions by email with great regularity. You will be asked to authorize yourself, to confirm your address data, to try out new security functions or the like. The so-called “phishers” try to get hold of your log-in data with such messages. The criminals usually use graphic elements from the respective bank so that the emails look deceptively real at first glance. However, if you take a closer look, you will mostly recognize the forgery by the lack of direct salutation, clumsy sentences, spelling errors and the lack of umlauts.
Circumnavigating the Trojan trap
You are also protected against another perfidious cybercrime scam in the virtual machine – the so-called referral Trojans. This is malware that has a direct influence on the sales displays in online banking. You will receive a notification that a certain amount of money has been incorrectly transferred to your account and will be asked to refund the money. The specified amount actually appears in the (manipulated) account overview, so that many victims make a transfer immediately. In fact, no such amount has ever landed in your account and you use your own funds to make the transfer. The credit institutions warn against such scams and emphasize that you will never be asked for such a transfer by the bank itself online or by e-mail.
Further protective measures
In addition to the Push TAN procedure on smartphones, many banks support other authentication methods, such as QR code approval.
No VM banking to go:
Do online banking in the virtual machine only from your own computer, never with USB stick solutions such as Portable-Virtualbox on another computer. Your entries could be intercepted unnoticed here.
If your bank offers several authentication methods, you should decide against the mTAN method and in favor of logging in using a chip card, for example. You should accept the cost of the chip card reader in the interests of greater security.
When logging in to your bank’s website, choose a password that is as long as possible, consisting of lower and upper case letters and numbers.