Eileen Turner serves as the Product Manager for the web fraud portfolio of Trusteer, an IBM Company, part of IBM’s Security Systems division.

When Online Fraud Targets You

When pursuing malware prevention solutions for your customers, it is key to look at solutions that not only prevent the malware, but also focus on removing the malware. Customers will continue to browse to specific sites and access infected content, whether they know they are doing it or not. Because of this, it’s critical to have both a solution that can continue to remove malicious content as well as alert users to potentially suspicious web sites.

  • By Eileen Turner
  • Apr 25, 2014

In an era of constant communication, we practically live our lives online. Unfortunately, that also means that cybercriminals continue to look for creative and innovate ways to fraudulently profit from these everyday interactions. In an era of constant communication, we practically live our lives online. Unfortunately, that also means that cybercriminals continue to look for creative and innovate ways to fraudulently profit from these everyday interactions. In fact, a JP Morgan report estimated online fraud losses to be approximately $3.5B. It’s apparent that companies have a lot more than just data to lose when it comes to fraud or a breach.

Online fraud will continue to be an issue for clients due to three major issues:  

  1. Humans are humans: We all make mistakes.  Whether it’s clicking on a malicious link accidentally or downloading a seemingly innocuous file, people will continue to access malicious content, despite continual educational efforts to train people to recognize and avoid online dangers.
  2. Systems are vulnerable too: System and application vulnerabilities will continue to emerge. Vulnerabilities in unpatched code, programs and systems can be exploited to invisibly deliver malware to a customers’ computer – with no action on the customer’s behalf. Cybercriminals make a business out of exploiting these vulnerabilities. 
  3. Malware detection lags: Cybercriminals are constantly looking for new threat vectors for online fraud and developing new variants of malware to evade detection. Malware offers a very flexible and powerful way for attackers to control the end user machine and tamper with their web access.

According to a McKinsey survey, 77% of banks believe that man-in-the-browser (MiB) malware represents the largest fraud risk assumed by a bank. Cybercriminals leverage man-in-the-browser malware to bypass authentication methods and gain access to the web browser session.  The latest attack vector in this space is mobile malware – including man-in-the-mobile malware.

With MiB malware, the cybercriminal can change content presented by the bank’s site, inject new pages into the browser and intercept and modify a user’s input. Ultimately, it means that the malware controls the session and can ask users for specific personal and financial information, which is passed onto the fraudster and can result in online fraud.

In an example of MiB browser malware in action, the malware prompts the user to enter his personal information (PII), including name, address, phone, credit card and security questions.  The user believes this is an additional security measure required by the bank.  However, the information is passed to the fraudster, who can now use this information for cross-channel fraud such as social engineering in the call center or check fraud.

Whether accessing a financial site from a computer or mobile device, here are some helpful tips for customers:

  • Verify that the URL is accurate and has not been re-directed to a new site. 
  • Pay attention to any files, attachments or links from non-trusted sources as these may be malware.
  • Look for suspicious requests for information that you previously have not provided.  For example, if your online banking session is suddenly asking for your Account Number or PIN, stop and assess whether the information being requested is legitimate prior to entering your credentials.

When pursuing malware prevention solutions for your customers, it is key to look at solutions that not only prevent the malware, but also focus on removing the malware. Customers will continue to browse to specific sites and access infected content, whether they know they are doing it or not. Because of this, it’s critical to have both a solution that can continue to remove malicious content as well as alert users to potentially suspicious web sites.

Featured

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • The Progress of Biometrics

  • Next-Gen AI for Smart Cities

    The future of smart city technology is not being shaped in Silicon Valley — it is taking root in Dubuque, Iowa. With a population of about 60,000, this mid-sized city has become a live testbed for AI-driven traffic management thanks to a unique public-private collaboration led by Milestone Systems. Project Hafnia demonstrates how cities can transform urban mobility and safety through Responsible Technology—without costly infrastructure overhauls. Read Now

Most   Popular

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.