Terry Cutler – The Ethical Hacker
Home » This is not your “real” bank

This is not your “real” bank

Coutesy of businesstoday.lk

This is not your "real" bankThis is not your “real” bank

by Terry Cutler

Hackers posing as bank employees are approving bank transactions

The goal is to enable the attackers to divert calls from banks that are intended for the customer to telephones controlled by hackers; unsettling to say the least. How are they doing it?

Reports suggest (http://www.darkreading.com/vulnerabilities—threats/attackers-divert-bank-phone-calls-to-cover-tracks/d/d-id/1137031) new configurations of Ice IX – a modified variant of the Zeus platform – are capturing telephone account information belonging to their victims. (http://www.trusteer.com/blog/malware-redirects-bank-phone-calls-attackers)

“We believe the fraudsters are executing fraudulent transactions using the stolen credentials and redirecting the bank’s post-transaction verification phone calls to professional criminal caller services…that approve the transactions,” said Amit Klein, CTO of Trusteer Trusteer, a provider of secure web access services for large bank corporations such as The Royal Bank of Scotland, SunTrust and Fifth Third bank, who are increasingly using online banking services or their customers.

Here is how the identity theft works.

Once the malware redirects the customer call it rips off user IDs and passwords as well as the usual information like date of birth, account balance and mother’s maiden name. The victim is then asked for updates of home addresses, phone numbers even cell numbers.

Next, the victim is asked to submit their private telephone account number, which is usually used to verify identities and allow account changes of sensitive data. When questioned as to why customer service would need such information, the usual verification process is the reason given. But in this case the justification is that there was a “malfunction of the bank’s anti-fraud system with its landline phone service provider”

Any activity to the account is not seen by the bank, especially those security people on the look out for fraudulent activities on the real website, so if a client is giving out this sensitive information, and money is being transferred out of the account, no one is the wiser.

Subscribe to our mailing list

* indicates required

Related posts

Zappos takes steps to reassure customers in latest hack

Terry Cutler

iOS Hacking. Rise of the evil Smartphone

Terry Cutler

French Interview on Radio-Canada

Terry Cutler

Charbonneau commission has been hacked

Terry Cutler

Internet Safety Presentation to students

Terry Cutler

Risk of cyber-attacks growing: CSIS memo

Terry Cutler


Privacy & Cookies Policy