Eileen Turner serves as the Product Manager for the web fraud portfolio of Trusteer, an IBM Company, part of IBM’s Security Systems division.

When Online Fraud Targets You

When pursuing malware prevention solutions for your customers, it is key to look at solutions that not only prevent the malware, but also focus on removing the malware. Customers will continue to browse to specific sites and access infected content, whether they know they are doing it or not. Because of this, it’s critical to have both a solution that can continue to remove malicious content as well as alert users to potentially suspicious web sites.

  • By Eileen Turner
  • Apr 25, 2014

In an era of constant communication, we practically live our lives online. Unfortunately, that also means that cybercriminals continue to look for creative and innovate ways to fraudulently profit from these everyday interactions. In an era of constant communication, we practically live our lives online. Unfortunately, that also means that cybercriminals continue to look for creative and innovate ways to fraudulently profit from these everyday interactions. In fact, a JP Morgan report estimated online fraud losses to be approximately $3.5B. It’s apparent that companies have a lot more than just data to lose when it comes to fraud or a breach.

Online fraud will continue to be an issue for clients due to three major issues:  

  1. Humans are humans: We all make mistakes.  Whether it’s clicking on a malicious link accidentally or downloading a seemingly innocuous file, people will continue to access malicious content, despite continual educational efforts to train people to recognize and avoid online dangers.
  2. Systems are vulnerable too: System and application vulnerabilities will continue to emerge. Vulnerabilities in unpatched code, programs and systems can be exploited to invisibly deliver malware to a customers’ computer – with no action on the customer’s behalf. Cybercriminals make a business out of exploiting these vulnerabilities. 
  3. Malware detection lags: Cybercriminals are constantly looking for new threat vectors for online fraud and developing new variants of malware to evade detection. Malware offers a very flexible and powerful way for attackers to control the end user machine and tamper with their web access.

According to a McKinsey survey, 77% of banks believe that man-in-the-browser (MiB) malware represents the largest fraud risk assumed by a bank. Cybercriminals leverage man-in-the-browser malware to bypass authentication methods and gain access to the web browser session.  The latest attack vector in this space is mobile malware – including man-in-the-mobile malware.

With MiB malware, the cybercriminal can change content presented by the bank’s site, inject new pages into the browser and intercept and modify a user’s input. Ultimately, it means that the malware controls the session and can ask users for specific personal and financial information, which is passed onto the fraudster and can result in online fraud.

In an example of MiB browser malware in action, the malware prompts the user to enter his personal information (PII), including name, address, phone, credit card and security questions.  The user believes this is an additional security measure required by the bank.  However, the information is passed to the fraudster, who can now use this information for cross-channel fraud such as social engineering in the call center or check fraud.

Whether accessing a financial site from a computer or mobile device, here are some helpful tips for customers:

  • Verify that the URL is accurate and has not been re-directed to a new site. 
  • Pay attention to any files, attachments or links from non-trusted sources as these may be malware.
  • Look for suspicious requests for information that you previously have not provided.  For example, if your online banking session is suddenly asking for your Account Number or PIN, stop and assess whether the information being requested is legitimate prior to entering your credentials.

When pursuing malware prevention solutions for your customers, it is key to look at solutions that not only prevent the malware, but also focus on removing the malware. Customers will continue to browse to specific sites and access infected content, whether they know they are doing it or not. Because of this, it’s critical to have both a solution that can continue to remove malicious content as well as alert users to potentially suspicious web sites.

Featured

  • NRF Supports Federal Bill to Thwart Retail Crime

    The National Retail Federation recently announced its support for the Combating Organized Retail Crime Act of 2025. The act was introduced by Chairman Chuck Grassley, R-Iowa, Senator Catherine Cortez Masto, D-Nev., and Representative Dave Joyce, R-Ohio. Read Now

  • ISC West 2025 Brings Almost 29,000 Industry Professionals to Las Vegas

    ISC West 2025, organized by RX and in collaboration with the Security Industry Association, concluded at the Venetian Expo in Las Vegas last week. The nation’s leading comprehensive and converged security event attracted nearly 29,000 industry professionals and left a lasting impression on the global security community. Over five action-packed days, ISC West welcomed more than 19,000 attendees and featured 750 exhibiting brands. Read Now

    • Industry Events
    • ISC West

  • Tradeshow Work Can Be Fun

    While at ISC West last week, I ran into numerous friends and associates all of which was a pleasant experience. The first question always seemed to be, “How many does this make for you?” Read Now

    • Industry Events
    • ISC West

  • New Report Says 1 in 5 SMBs Would Be Forced to Shutter After Successful Cyberattack

    Small and medium-sized businesses (SMBs) play a crucial role in the U.S. economy, making up 99.9% of all businesses and contributing to half of the nation's GDP. However, these vital economic growth drivers face an escalating threat—cyberattacks that could put them out of business. Read Now

  • The Yellow Brick Road

    The road to and throughout Wednesday's and Thursday's ISC West was crowded but it was amazing. Read Now

    • Industry Events
    • ISC West
Most   Popular

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.