Boston-based Internet security company Trusteer sounded a warning this week about a financial institution customer security “training” scam that it recently detected, where the result has been that unwitting users willingly transferred money to cyber criminals.
Trusteer CTO Amit Klein elaborated in a company blog: “In the attack we've recently seen, fraudsters were simply waiting for customers to log on to their bank's website. The bank robber then 'changed' the content of the post login page, to a message, informing customers of an upgraded security system. The customer is invited to go through a training process that intends to help him/her deal with the bank's upgraded security system.
“As part of the training they're asked to make a transfer, to a fictitious bank account, and confirm the transaction using the confirmation code that is sent by the bank to the registered mobile phone. Fraudsters claim that the user's account will not be debited and the recipient's account is fabricated. Of course, the transaction then happens, the money is transferred, and the criminal disappears.”
In an interview Wednesday, Trusteer CEO Mickey Boodaei elaborated that the scam is a Zeus Trojan variant and that, so far, Trusteer has detected it only in Spanish language versions that preyed on bank customers in Spain.
But, said Boodaei, “I don't see why there will not soon be an English language version.”
He added, “This shows that fraudsters can steal even when confronted with transaction verification systems that involve reading an SMS on a mobile phone to verify a browser-based transaction.”
As for a lasting cure, Boodaei said, “Financial institutions need to communicate more about the threats and how the threats keep changing.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.