The Trickbot banking trojan is sending its victims to fake bank websites that are identical to the victims’ real bank sites. Learn how this malware works and how to avoid becoming its next victim.
Banking trojans have been around for years. If your computer is infected, the trojan waits until you visit your online banking website. When you do, it redirects you to a malicious website that looks like your bank’s site. If you enter your banking credentials, they will fall into a cybercriminal’s hands.
In the past, you could usually spot a fake banking site by looking at its URL. The fake site would not have the same URL as your real bank’s web address. Plus, the fake site’s URL would start with “http” rather than “https”. The missing “s” means that the site does not have a Secure Sockets Layer (SSL) certificate. All legitimate banking sites use SSL to secure their Internet connections.
Looking for these clues may no longer work, though. In July 2017, cybercriminals started using a Trickbot trojan variant that sends recipients to a fake banking site that looks exactly like the real deal. The fake site even displays the real bank’s URL and SSL certificate.