Eileen Turner serves as the Product Manager for the web fraud portfolio of Trusteer, an IBM Company, part of IBM’s Security Systems division.

When Online Fraud Targets You

When pursuing malware prevention solutions for your customers, it is key to look at solutions that not only prevent the malware, but also focus on removing the malware. Customers will continue to browse to specific sites and access infected content, whether they know they are doing it or not. Because of this, it’s critical to have both a solution that can continue to remove malicious content as well as alert users to potentially suspicious web sites.

In an era of constant communication, we practically live our lives online. Unfortunately, that also means that cybercriminals continue to look for creative and innovate ways to fraudulently profit from these everyday interactions. In an era of constant communication, we practically live our lives online. Unfortunately, that also means that cybercriminals continue to look for creative and innovate ways to fraudulently profit from these everyday interactions. In fact, a JP Morgan report estimated online fraud losses to be approximately $3.5B. It’s apparent that companies have a lot more than just data to lose when it comes to fraud or a breach.

Online fraud will continue to be an issue for clients due to three major issues:  

  1. Humans are humans: We all make mistakes.  Whether it’s clicking on a malicious link accidentally or downloading a seemingly innocuous file, people will continue to access malicious content, despite continual educational efforts to train people to recognize and avoid online dangers.
  2. Systems are vulnerable too: System and application vulnerabilities will continue to emerge. Vulnerabilities in unpatched code, programs and systems can be exploited to invisibly deliver malware to a customers’ computer – with no action on the customer’s behalf. Cybercriminals make a business out of exploiting these vulnerabilities. 
  3. Malware detection lags: Cybercriminals are constantly looking for new threat vectors for online fraud and developing new variants of malware to evade detection. Malware offers a very flexible and powerful way for attackers to control the end user machine and tamper with their web access.

According to a McKinsey survey, 77% of banks believe that man-in-the-browser (MiB) malware represents the largest fraud risk assumed by a bank. Cybercriminals leverage man-in-the-browser malware to bypass authentication methods and gain access to the web browser session.  The latest attack vector in this space is mobile malware – including man-in-the-mobile malware.

With MiB malware, the cybercriminal can change content presented by the bank’s site, inject new pages into the browser and intercept and modify a user’s input. Ultimately, it means that the malware controls the session and can ask users for specific personal and financial information, which is passed onto the fraudster and can result in online fraud.

In an example of MiB browser malware in action, the malware prompts the user to enter his personal information (PII), including name, address, phone, credit card and security questions.  The user believes this is an additional security measure required by the bank.  However, the information is passed to the fraudster, who can now use this information for cross-channel fraud such as social engineering in the call center or check fraud.

Whether accessing a financial site from a computer or mobile device, here are some helpful tips for customers:

  • Verify that the URL is accurate and has not been re-directed to a new site. 
  • Pay attention to any files, attachments or links from non-trusted sources as these may be malware.
  • Look for suspicious requests for information that you previously have not provided.  For example, if your online banking session is suddenly asking for your Account Number or PIN, stop and assess whether the information being requested is legitimate prior to entering your credentials.

When pursuing malware prevention solutions for your customers, it is key to look at solutions that not only prevent the malware, but also focus on removing the malware. Customers will continue to browse to specific sites and access infected content, whether they know they are doing it or not. Because of this, it’s critical to have both a solution that can continue to remove malicious content as well as alert users to potentially suspicious web sites.

Featured

  • Live From ISC West 2023: Day 1

    ISC West 2023 in Las Vegas, Nevada, has officially begun! Make sure to keep an eye on Security Today’s ISCW Live 2023 page, as well as our associated Twitter accounts—@SecurToday and @CampusSecur—for the latest updates from the show floor at the Venetian Expo. Read Now

    • Industry Events
    • ISC West
  • It Happened Again

    Just yesterday (as of this writing), it happened again. A 28-year-old woman shot her way into a Christian elementary school in Nashville, Tenn., on Monday and killed three children and three adults, according to national news. AP News reports that the victims were three 9-year-old children, a top school administrator, a substitute teacher, and a school custodian Read Now

  • Let's Get to Work

    You are standing at the conference center doors just waiting to get into the exhibit hall. I know you are because I’m standing next to you. This week at ISC West has been three years in the making. Last year was encouraging, and here we are waiting for the Big Show. Read Now

    • Industry Events
    • ISC West
  • Using Modern Technology

    Using Modern Technology

    Workplace violence is a serious and growing challenge for many organizations — including those in the healthcare industry. Read Now

Featured Cybersecurity

New Products

  • PACE® Long Range Ethernet Solutions

    PACE® Long Range Ethernet Solutions

    Altronix introduces the newest addition to its portfolio of PACE® Long Range Ethernet Solutions. 3

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • Paxton10 CORE Cameras

    Paxton10 CORE Cameras

    The new CORE Series cameras feature edge processing for ultimate scalability, built-in edge storage, and plug-and-play installation. The addition of the CORE Series gives installers new hardware, better choice, and more value than ever before. 3