Back to TrustID Home Page
  • Home
  • Company
  • Solutions
  • Blog
  • Contact

Blog

  • » contact
  • » industry briefing paper
  • » use cases
  • » newsroom

New malware exposes bank security gap

Posted on: February 8th, 2012 by art No Comments

A new malware that values phone numbers more than banking credentials is bringing to light weaknesses in financial institutions’ call centers.

In the recent article, “Banking Malware Finds New Weakness,” instead of gathering personal credentials to socially engineer bank call centers, a new Zeus malware variant called Ice IX collects a banking customer’s telephone number to socially engineer individuals to divulge their phone carrier or service provider. Then, instead of calling banks armed with the customer’s banking credentials, they are using call-forwarding to automatically reroute post-transaction verification calls that banks make to customers, to their own phone numbers. In essence, banks are unknowingly talking to criminals, who verify fraudulent transactions.

As more telephone-related schemes continue to surface, fraud analysts like Gartner’s Avivah Litan are highlighting the fact that customer authentication via the phone channel is getting very little attention from U.S. financial institutions. The increase in online banking has many banks focusing all their resources on securing online banking and electronic funds transfers, basically leaving telephone fraud as a mere afterthought to online authentication.

By ignoring the telephone channel, which costs U.S. businesses over $60 billion in fraud losses each year, financial institutions are leaving themselves exposed to high levels of phone fraud largely because many considered “low-tech” fraud a lesser threat. But as we learned from last year’s DefCon event, the ease at which criminals can use the telephone channel to gain access to highly confidential company and customer data makes phone fraud a very serious and real threat to banks today.

We at TrustID continue to see an increase in spoofed calls to bank call centers all the time. This is why banks need to consider a caller authentication solution like the TrustID® network-based Physical Caller Authentication tool that automatically validates the location of landline and mobile calls to identify and stop phone fraud before it happens. In today’s banking environment where criminals seek every opportunity to take advantage of a bank’s security loopholes, writing off telephone fraud as a secondhand threat is, for lack of a better word, just plain criminal.

Share
Tags: Avivah Litan, bank fraud, bank security, banking credentials, call center fraud, fraudulent transactions, online banking, phone fraud, Physical Caller Authentication, telephone authentication, telephone channel, TrustID

Leave a Reply

Click here to cancel reply.

You must be logged in to post a comment.

  • Search the Blog

  • Recent Posts

    • TrustID eliminates game of wits with sophisticated bank criminals
    • Unvalidated Caller ID Claims Leave Bank Call Centers at Risk
    • Authenticating banking customers in a mobile world
    • Is the “fear of Caller ID spoofing” costing your business?
    • Customer Care: Key to building a strong financial brand in the digital age
  • View Demo
  • Use Case
  • Reguest ANI Spoofing Tool Access
  • Request Industry Briefing Paper
    • Home
    • Contact
    • Site Map
    • Privacy Policy

    ©2012 TrustID | Portland website design by Gravitate Design Studio