Fraudsters Send False Messages About Bank Site Maintenance

A criminal gang specializing in installing malicious software designed to steal consumers' banking details is supplying victims with error messages of site maintenance as a way to elude anti-fraud defenses put in place by a number of banks, as reported by washingpost on June 2, 2008.

According to security experts, this particular tactic of defrauding the online banking users has proved to be the most teeming method in 2008 to collect consumers' personal data.

The experts further said that the virus-laced e-mails targeted specific people of SMEs but in the present case of non-intervention in security, the criminals had developed an ingenious but simple method of getting around the security systems.

Explaining the criminals' modus operandi, security professionals said that when a victim's computer was loaded with data-stealing malware trying to access an online banking site, new developments happened on that system. As such, sites require mutual authentication, the miscreants altered the appearance of the target site on the victim's Web browser with a message saying that it would take 15-30 minutes to synchronize the user's request with the bank's server.

Then, by grabbing the victim's banking password together with his one-time code and tricking the victim that the code cannot be used again, the thieves could login using that code, and then drain the victim's bank account.

Matt Richard, Director of Rapid Response, iDefense, said that the gang behind the current fraud as well as a series of other similar targeted attacks employs the fraudulent message to try and victimize customers of about 50 different financial companies that use the two-factor verification, as reported by washingtonpost on June 2, 2008.

Also, according to Researchers at iDefense, the tactic of using erroneous messages was recently applied in an attack during the 3rd week of May 2008, when fraudsters dispatched thousands of hoax e-mails claiming to have come from the United States Tax Court.

Meanwhile, security professionals added that the attack was significant if the attackers successfully loaded the certificate authority onto the victim's PC because they could again infect the victim's system with ease as it trust the fraudster's computer code.

Related article: Fraudster Acquiesce To Online Bank Theft

» SPAMfighter News - 6/12/2008