Zeus-style malware now beats out password phishing for the dubious honor of "the greatest threat to online banking today."

That's according to a new survey of more than 70 financial institutions from PhoneFactor, an Overland Park, Kan., provider of phone-based multi-factor authentication.

The survey also found that while banks and credit unions are aware of the threat, they're not always fully educated on what to do to protect their customers and members, PhoneFactor said.

The survey, conducted in November, found that real-time attacks from banking Trojans such as Zeus and Clampi variants were seen as the greatest threat to online banking by 51% of the respondents, compared to 24% who cited phishing and pharming attacks, the company said.

Both were frequent, however, with 69% of the respondents saying they had seen an increase in Trojan attacks over the past and 55% saying they had seen an increase in phishing forays.

The survey also found that only 37% of the respondents correctly understood that current security measures such as one-time passcodes don't protect against man-in-the-middle attacks like Zeus and Clampi.

PhoneFactor said 79% of those who do recognize that threat plan to use such methods as out-of-band phone calls, transaction verification and biometrics to protect online banking channels.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.