Terry Cutler – The Ethical Hacker
Home » This is not your “real” bank

This is not your “real” bank

Coutesy of businesstoday.lk

This is not your "real" bankThis is not your “real” bank

by Terry Cutler

Hackers posing as bank employees are approving bank transactions

The goal is to enable the attackers to divert calls from banks that are intended for the customer to telephones controlled by hackers; unsettling to say the least. How are they doing it?

Reports suggest (http://www.darkreading.com/vulnerabilities—threats/attackers-divert-bank-phone-calls-to-cover-tracks/d/d-id/1137031) new configurations of Ice IX – a modified variant of the Zeus platform – are capturing telephone account information belonging to their victims. (http://www.trusteer.com/blog/malware-redirects-bank-phone-calls-attackers)

“We believe the fraudsters are executing fraudulent transactions using the stolen credentials and redirecting the bank’s post-transaction verification phone calls to professional criminal caller services…that approve the transactions,” said Amit Klein, CTO of Trusteer Trusteer, a provider of secure web access services for large bank corporations such as The Royal Bank of Scotland, SunTrust and Fifth Third bank, who are increasingly using online banking services or their customers.

Here is how the identity theft works.

Once the malware redirects the customer call it rips off user IDs and passwords as well as the usual information like date of birth, account balance and mother’s maiden name. The victim is then asked for updates of home addresses, phone numbers even cell numbers.

Next, the victim is asked to submit their private telephone account number, which is usually used to verify identities and allow account changes of sensitive data. When questioned as to why customer service would need such information, the usual verification process is the reason given. But in this case the justification is that there was a “malfunction of the bank’s anti-fraud system with its landline phone service provider”

Any activity to the account is not seen by the bank, especially those security people on the look out for fraudulent activities on the real website, so if a client is giving out this sensitive information, and money is being transferred out of the account, no one is the wiser.

Subscribe to our mailing list

* indicates required

Related posts

3 Reasons Why SMBs Should Definitely Care About Security

Terry Cutler

I’m going to ruin you, dear

Terry Cutler

The Advanced Persistent Threat: Attackers are Getting More Sophisticated

Terry Cutler

Interview with Canadian Living – Now that Facebook Places has launched in Canada, will you use it to let your Friends know where you are?

Terry Cutler

Family Friendly Social Site is Leaving Your Kids’ Information Unprotected for Hackers to Find

Terry Cutler

TV Interview – Four arrests in Quebec child-porn case with ties to Dutch daycare porn ring

Terry Cutler


Privacy & Cookies Policy