New online banking scam

[Wayne]

http://www.securitynet.org/new-online-banking-scam/

Because the bad guys never sleep and try to come up with new ways of hijacking the bank accounts that have online access, there is a new scam on the market that is simple yet very trusted. The cybercriminals promise protection against online banking frauds that is in fact a fraud !

online banking fraud

The latest attack was found by Trusteer and is uses the malware platform Tatanga. Trusteer engineers got the configuration file and saw that Tatanga sends a message to the victim via an injected web browser and the message contains informations about the fact that the victim’s bank offers free protection insurance against online phising.

After that, the victim is offered a fake account for the insurance that is meant to cover the funds in the victim’s account. But this fake account for the insurance is in fact a real bank account that is used to collect the money. The victim is noticed that they it will be protected from phising or any other attacks by this insurance. At last the victim is convinced to authorize an online transaction in order to activate the account insurance.

Anyway, the victim woulnd’t even think about the fact that the funds will be transfered from their account.

In order to authorize the transaction the victim sends an SMS password that they received on their mobile gadget. In fact, they are actually approving the transfer from their own account to the cybercriminal account used as a fake insurance.

“Once they have compromised an endpoint, the ability of Tatanga and the other cybercrime platforms to commit online fraud is limited only by the imagination of criminals,” said Heyman. “As this latest scheme illustrates fraudsters do not lack creativity when it comes to developing new methods that trick victims into authorizing fraudulent transactions.”