Sherri Davidoff, Author of “Network Forensics: Tracking Hackers Through Cyberspace” has documented a real life example of someone giving away all their credentials which means someone else now have the same access to your identity and subsequently, money, that you have.
It is a very effective demonstration of what not to do, share it with others!
And not necessarily very hard to protect yourself from. The best is of course to never accept and use links in emails, IM, etc. Which can be hard when you think it is from your friend or family member, or in the above case, your bank.
A safer method would be to use a LiveCD (a CD which you boot and run programs from) which does not have the ability to be altered. Which means each time you boot it – it is completely untouched by any virus. But it means booting into it each time you want to visit your bank, or other sensitive websites.
Joanna Rutkowska is a Polish security researcher who released a modified Operating System called Qubes OS which I think is a great compromise, and the best I have seen. It accomplishes that by setting up virtual environments in a particularly nifty way. First the whole O/S have been modified to be hard to break into, then it uses dedicated virtual computers for each sensitive website (all according to your preference).
I created one environment for each bank, Paypal etc. Then I ONLY visited that one website using that virtual environment. In other words if you have Paypal you would use the Paypal virtual environment to only visit Paypal. And so on.
Now it requires that the banks website gets infected with the malware needed to infect my virtual computer but only for that bank. Not for any other. It is also particularly easy to fix. Remove it and add a new one.
Another virtual environment is used for casual browsing. Another for business, email etc.
This means an infected email cannot corrupt your other environments and you have a very effective tool against online malware.
Security is about balancing security and work-ability. Too secure and nothing can get done. Too easy and you’ve given easy access for criminals. You need to strike a balance. It took very little to get used to and is about the safest and best balance I’ve seen anywhere.
As you can see at the bottom of the above article LMG Security offers workshops and her book is a very good read.
Make the extra effort to be security aware and avoid being a victim while at the same time not being the tool used to wreck someone else’s life.