Eileen Turner serves as the Product Manager for the web fraud portfolio of Trusteer, an IBM Company, part of IBM’s Security Systems division.

When Online Fraud Targets You

When pursuing malware prevention solutions for your customers, it is key to look at solutions that not only prevent the malware, but also focus on removing the malware. Customers will continue to browse to specific sites and access infected content, whether they know they are doing it or not. Because of this, it’s critical to have both a solution that can continue to remove malicious content as well as alert users to potentially suspicious web sites.

In an era of constant communication, we practically live our lives online. Unfortunately, that also means that cybercriminals continue to look for creative and innovate ways to fraudulently profit from these everyday interactions. In an era of constant communication, we practically live our lives online. Unfortunately, that also means that cybercriminals continue to look for creative and innovate ways to fraudulently profit from these everyday interactions. In fact, a JP Morgan report estimated online fraud losses to be approximately $3.5B. It’s apparent that companies have a lot more than just data to lose when it comes to fraud or a breach.

Online fraud will continue to be an issue for clients due to three major issues:  

  1. Humans are humans: We all make mistakes.  Whether it’s clicking on a malicious link accidentally or downloading a seemingly innocuous file, people will continue to access malicious content, despite continual educational efforts to train people to recognize and avoid online dangers.
  2. Systems are vulnerable too: System and application vulnerabilities will continue to emerge. Vulnerabilities in unpatched code, programs and systems can be exploited to invisibly deliver malware to a customers’ computer – with no action on the customer’s behalf. Cybercriminals make a business out of exploiting these vulnerabilities. 
  3. Malware detection lags: Cybercriminals are constantly looking for new threat vectors for online fraud and developing new variants of malware to evade detection. Malware offers a very flexible and powerful way for attackers to control the end user machine and tamper with their web access.

According to a McKinsey survey, 77% of banks believe that man-in-the-browser (MiB) malware represents the largest fraud risk assumed by a bank. Cybercriminals leverage man-in-the-browser malware to bypass authentication methods and gain access to the web browser session.  The latest attack vector in this space is mobile malware – including man-in-the-mobile malware.

With MiB malware, the cybercriminal can change content presented by the bank’s site, inject new pages into the browser and intercept and modify a user’s input. Ultimately, it means that the malware controls the session and can ask users for specific personal and financial information, which is passed onto the fraudster and can result in online fraud.

In an example of MiB browser malware in action, the malware prompts the user to enter his personal information (PII), including name, address, phone, credit card and security questions.  The user believes this is an additional security measure required by the bank.  However, the information is passed to the fraudster, who can now use this information for cross-channel fraud such as social engineering in the call center or check fraud.

Whether accessing a financial site from a computer or mobile device, here are some helpful tips for customers:

  • Verify that the URL is accurate and has not been re-directed to a new site. 
  • Pay attention to any files, attachments or links from non-trusted sources as these may be malware.
  • Look for suspicious requests for information that you previously have not provided.  For example, if your online banking session is suddenly asking for your Account Number or PIN, stop and assess whether the information being requested is legitimate prior to entering your credentials.

When pursuing malware prevention solutions for your customers, it is key to look at solutions that not only prevent the malware, but also focus on removing the malware. Customers will continue to browse to specific sites and access infected content, whether they know they are doing it or not. Because of this, it’s critical to have both a solution that can continue to remove malicious content as well as alert users to potentially suspicious web sites.

Featured

  • Securing the Future

    Two security experts sit down with Security Today’s editor in chief Ralph C. Jensen to discuss what they see emerging and changing over the next several years along with how security stakeholders can harness these innovations into opportunities. Read Now

  • Collaboration Made Easy Using a Work Management Platform

    Effective collaboration between security operators, teams and other departments is critical to the smooth functioning of organizations. Yet, as organizations grow in complexity, it becomes more difficult for teams to coordinate with each other. This is compounded by staffing shortages, turnover and ineffective collaboration tools. Read Now

  • Creating a Safer World

    Managing and supporting locks and door hardware within a facility is a big responsibility. A building’s security needs to change over time as occupancy and use demands evolve, which can make it even more challenging. Read Now

  • Creating More Versatility

    Today, AI has become top of mind for most security professionals. It is the topic of conversation in the technology world and continues to transform the way data is used to make important business decisions. Read Now

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.