Eileen Turner serves as the Product Manager for the web fraud portfolio of Trusteer, an IBM Company, part of IBM’s Security Systems division.

When Online Fraud Targets You

When pursuing malware prevention solutions for your customers, it is key to look at solutions that not only prevent the malware, but also focus on removing the malware. Customers will continue to browse to specific sites and access infected content, whether they know they are doing it or not. Because of this, it’s critical to have both a solution that can continue to remove malicious content as well as alert users to potentially suspicious web sites.

  • By Eileen Turner
  • Apr 25, 2014

In an era of constant communication, we practically live our lives online. Unfortunately, that also means that cybercriminals continue to look for creative and innovate ways to fraudulently profit from these everyday interactions. In an era of constant communication, we practically live our lives online. Unfortunately, that also means that cybercriminals continue to look for creative and innovate ways to fraudulently profit from these everyday interactions. In fact, a JP Morgan report estimated online fraud losses to be approximately $3.5B. It’s apparent that companies have a lot more than just data to lose when it comes to fraud or a breach.

Online fraud will continue to be an issue for clients due to three major issues:  

  1. Humans are humans: We all make mistakes.  Whether it’s clicking on a malicious link accidentally or downloading a seemingly innocuous file, people will continue to access malicious content, despite continual educational efforts to train people to recognize and avoid online dangers.
  2. Systems are vulnerable too: System and application vulnerabilities will continue to emerge. Vulnerabilities in unpatched code, programs and systems can be exploited to invisibly deliver malware to a customers’ computer – with no action on the customer’s behalf. Cybercriminals make a business out of exploiting these vulnerabilities. 
  3. Malware detection lags: Cybercriminals are constantly looking for new threat vectors for online fraud and developing new variants of malware to evade detection. Malware offers a very flexible and powerful way for attackers to control the end user machine and tamper with their web access.

According to a McKinsey survey, 77% of banks believe that man-in-the-browser (MiB) malware represents the largest fraud risk assumed by a bank. Cybercriminals leverage man-in-the-browser malware to bypass authentication methods and gain access to the web browser session.  The latest attack vector in this space is mobile malware – including man-in-the-mobile malware.

With MiB malware, the cybercriminal can change content presented by the bank’s site, inject new pages into the browser and intercept and modify a user’s input. Ultimately, it means that the malware controls the session and can ask users for specific personal and financial information, which is passed onto the fraudster and can result in online fraud.

In an example of MiB browser malware in action, the malware prompts the user to enter his personal information (PII), including name, address, phone, credit card and security questions.  The user believes this is an additional security measure required by the bank.  However, the information is passed to the fraudster, who can now use this information for cross-channel fraud such as social engineering in the call center or check fraud.

Whether accessing a financial site from a computer or mobile device, here are some helpful tips for customers:

  • Verify that the URL is accurate and has not been re-directed to a new site. 
  • Pay attention to any files, attachments or links from non-trusted sources as these may be malware.
  • Look for suspicious requests for information that you previously have not provided.  For example, if your online banking session is suddenly asking for your Account Number or PIN, stop and assess whether the information being requested is legitimate prior to entering your credentials.

When pursuing malware prevention solutions for your customers, it is key to look at solutions that not only prevent the malware, but also focus on removing the malware. Customers will continue to browse to specific sites and access infected content, whether they know they are doing it or not. Because of this, it’s critical to have both a solution that can continue to remove malicious content as well as alert users to potentially suspicious web sites.

Featured

  • Smarter Access Starts with Flexibility

    Today’s workplaces are undergoing a rapid evolution, driven by hybrid work models, emerging smart technologies, and flexible work schedules. To keep pace with growing workplace demands, buildings are becoming more dynamic – capable of adapting to how people move, work, and interact in real-time. Read Now

  • Trends Keeping an Eye on Business Decisions

    Today, AI continues to transform the way data is used to make important business decisions. AI and the cloud together are redefining how video surveillance systems are being used to simulate human intelligence by combining data analysis, prediction, and process automation with minimal human intervention. Many organizations are upgrading their surveillance systems to reap the benefits of technologies like AI and cloud applications. Read Now

  • The Future is Happening Outside the Cloud

    For years, the cloud has captivated the physical security industry. And for good reason. Remote access, elastic scalability and simplified maintenance reshaped how we think about deploying and managing systems. But as the number of cameras grows and resolutions push from HD to 4K and beyond, the cloud’s limits are becoming unavoidable. Bandwidth bottlenecks. Latency lags. Rising storage costs. These are not abstract concerns. Read Now

  • Right-Wing Activist Charlie Kirk Dies After Utah Valley University Shooting

    Charlie Kirk, a popular conservative activist and founder of Turning Point USA, died Wednesday after being shot during an on-campus event at Utah Valley University in Orem, Utah Read Now

  • The Impact of Convergence Between IT and Physical Security

    For years, the worlds of physical security and information technology (IT) remained separate. While they shared common goals and interests, they often worked in silos. Read Now

Most   Popular

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.