Remote controlled banking trojan |
The rise in Android malware to plunder financial information from unsuspecting mobile users is constantly evolving. The most recent malicious malware discovered, Android/FakeToken.A, has man-in-the-middle functionality but, unlike its notorious predecessors Zeus and SpyEye, can be controlled remotely by thieves. Disguised as an Android app, the trojan poses as a Token Generator application and targets specific well-known financial entities using the logo and colors of the institution in the icon, lending it credibility with consumers. Threatpost has the details.
Mobile banking fraud
It seems the more mobile consumers become, the more motivated and ingenious fraudsters get. Security firm Trusteer is warning mobile users that cybercriminals are impersonating users in order to obtain replacement SIM cards from the victims' mobile carriers. Variants of the Gozi trojan are being used to trick victims into exposing their phone's IMEI (international mobile equipment identity) number, which is used by the fraudsters to report the mobile device as lost or stolen and to obtain a new SIM card. The victims' online banking and other one-time passwords are then sent to the fraudulently-controlled device. Get the details about this and another newly discovered attack targeting your mobile customers at Help Net Security.
Fraud detection app
More than 11.6 million adults in the U.S. were victims of identity theft last year, according to Javelin Strategy & Research. Many of those cases resulted from phishing emails and malware, with consumers having no idea their information had been stolen until fraudulent charges surfaced. A Texas-based security firm is offering identity fraud protection with AllClear ID, a free mobile app that will alert consumers if their personal data has been stolen and is being used by cybercriminals. MSNBC has more details. With the rise in mobile banking and mobile fraud, this is an invaluable service worth sharing with your customers.
Check that check - now
Despite a reduction in the number of checks written each year, check fraud is responsible for billions of dollars of merchant and bank losses due to ineffective and outdated fraud detection methods. Signature management systems leader SoftPro has announced the release of its check verification solution, FraudOne, that enables banks to detect fraud in real-time when a check is deposited at the teller, ATM or using a mobile device. FraudOne’s Combined Risk Score engine compares the signature on a check with a reference signature on file and evaluates data from other fraud engines and external bank systems to determine the validity of a check being processed. ATM Marketplace has the details.
Trust is on the (phishing) line
Back in the day - before email, online banking and electronic bank statements - identity thieves would scour neighborhoods for unsecure mailboxes to procure bank and card statements and steal personal information. In this electronic age, cybercriminals have turned to email accounts as the avenue for bank fraud schemes...and as low-tech as it might seem, it's working. Technology may change but these attacks target a facet of human nature that remains an age-old security vulnerability: trusted relationships between customers and their banks. Krebs on Security has some insight into how the thieves are pulling off their financial phishing ploys.
The tax scams cometh
Tax refund time is one of the most anticipated seasons of the year for taxpayers who have big plans for the return of some of their hard-earned money. With the added convenience of online tax filing, consumers can get their refunds within a matter of days or weeks. So can identity thieves who have big plans for those tax refunds too. Tax and wage-related fraud is on the rise, accounting for 24 percent of consumer complaints to the FTC last year - up from 12.7 percent in 2009, reports Infosec Island. Educate your customers to help protect them from tax season scams with some tips from USA Today.
Citi teams up with Watson
Sometimes we could all use a helping hand. Even the world's most famous fictional detective had a right-hand man. Dr. Watson provided Sherlock Holmes with practical assistance in the conduct of his cases. Citigroup is teaming up with IBM's Watson - a high-performance supercomputer with data management and analytics technology. Citigroup will explore how Watson's technology can assist them with providing innovative and secure services designed around their customers' ever-evolving digital and mobile lives. Banking Technology has the details.
New, improved e-signatures
In June 2000, the Electronic Signatures in Global and National Commerce Act (ESign) was enacted to facilitate the use of electronic records and signatures. The benefits of e-sign for the financial services industry include quicker processing for time-sensitive transactions like loan applications, account openings, and more. Two new e-signature devices are now available from authentication provider VASCO, offering enhanced convenience with the ability to transmit the signature via sound or a scanned image. TechWorld has the details.
PCI: the obscure risk
Financial institutions are faced with myriad security and operational risks. The PCI (Payment Card Industry) Data Security Standards were developed to enhance cardholder data security and facilitate globally consistent data security measures. Some financial institutions that outsource merchant services are failing to implement and maintain effective risk programs in compliance with the standards set forth by the PCI. The failure to adequately manage these relationships might be viewed as facilitating fraudulent activity and lead to the bank being held liable. Bank Systems & Technology has more on what banks should be doing to mitigate the risks related to payment cards.
Updates, Patches and Alerts...
US-CERT: Current Activity
PC Magazine: Patch Tuesday: Microsoft fixes critical remote desktop flaw
Computerworld: Apple patches record number of Safari 5 bugs with monster update
PC Magazine: After Delay, Firefox 11 Arrives With Add-on Sync, Dev Tools
Threatpost: Microsoft adds new exploit mitigations to IE 10