Malicious software is coded with the intention of harming its target. Affecting private and corporate users alike, it can steal information, damage data, hijack website visits and spy on internet activity. Fraudulent redirection of internet banking users is an increasingly frequent form of attack.

What is malware?

Malware can hide inside innocuous-looking software (trojans), or spread between machines without relying on user interaction (worms). It can be custom-designed to evade defences and execute specific tasks.

Once inadvertently installed, malware can carry out many activities unseen. It may spy on website visits, destroy data, or piece together passwords. Increasingly, it’s being used by criminals to encrypt important business information until the organisation pays a ‘ransom’. Internet banking users might also be redirected to fake sites which record their login data to enable financial theft.

Malware is usually delivered via email ‘phishing’ or fraudulent links. Malicious apps and USB memory sticks can also compromise smartphones and computers respectively. Malware can stay hidden for months until activated.

The risks to business

  • Data loss
  • Financial loss
  • Hardware damage
  • Paralysis of business activity

How can I defend my business against malware?

  • Put in place strong response, recovery and back-up processes.
  • Run up-to-date anti-virus software on all machines, and consider systems that use file reputation / behaviour analysis within a safe sandbox system. Network behaviour anomaly detection (alert to attacker commands) is another systems security option.
  • Keep your PCs, servers and associated hardware up to date, installing the latest security patches as they become available.
  • Make sure that your staff avoid questionable websites, and know not to download free software / apps, run MS Office macros on email attachments, or use USB sticks, from unverified sources.
  • Consider application whitelisting (blocking any software not already authorised).
  • Use different passwords for different business logins.

Contact us

Please contact your Relationship Manager or visit our Contact us page here.

Find out more about HSBC Cybercrime

One of the most common cyber-attacks, phishing operates through emails which are often convincing and appear to come from legitimate senders. These messages entice their targets to click on links or attachments which, in turn, facilitate theft or fraud.

Cyber-attacks on SMEs have increased steadily in recent years. With criminals constantly devising new ways to steal information and money, one of the newest emerging threats is Business Email Compromise, also known as CEO or Chairman Fraud. The most frequent targets of this scam, small and medium-sized businesses, can lose huge sums because of one spurious email.

Texts and phone calls can be used maliciously to facilitate theft and fraud. 'Vishing' calls try to alarm recipients into making payments or providing important financial information. 'Smishing' texts may additionally try to entice their target to click on malicious links, activating trojan viruses which can steal passwords and other high-value data.

Need help?

Get in touch to learn more about our banking solutions and how we can help you drive your business forward.