by Terry Cutler
Hackers posing as bank employees are approving bank transactions
The goal is to enable the attackers to divert calls from banks that are intended for the customer to telephones controlled by hackers; unsettling to say the least. How are they doing it?
Reports suggest (http://www.darkreading.com/vulnerabilities—threats/attackers-divert-bank-phone-calls-to-cover-tracks/d/d-id/1137031) new configurations of Ice IX – a modified variant of the Zeus platform – are capturing telephone account information belonging to their victims. (http://www.trusteer.com/blog/malware-redirects-bank-phone-calls-attackers)
“We believe the fraudsters are executing fraudulent transactions using the stolen credentials and redirecting the bank’s post-transaction verification phone calls to professional criminal caller services…that approve the transactions,” said Amit Klein, CTO of Trusteer Trusteer, a provider of secure web access services for large bank corporations such as The Royal Bank of Scotland, SunTrust and Fifth Third bank, who are increasingly using online banking services or their customers.
Here is how the identity theft works.
Once the malware redirects the customer call it rips off user IDs and passwords as well as the usual information like date of birth, account balance and mother’s maiden name. The victim is then asked for updates of home addresses, phone numbers even cell numbers.
Next, the victim is asked to submit their private telephone account number, which is usually used to verify identities and allow account changes of sensitive data. When questioned as to why customer service would need such information, the usual verification process is the reason given. But in this case the justification is that there was a “malfunction of the bank’s anti-fraud system with its landline phone service provider”
Any activity to the account is not seen by the bank, especially those security people on the look out for fraudulent activities on the real website, so if a client is giving out this sensitive information, and money is being transferred out of the account, no one is the wiser.