Small-Biz Threats
Small and midsize businesses are losing between $100,000 and $200,000 a day on wire transfer and automated clearing house fraud, according to a
Though 83% of the survey's 315 respondents know what phishing is, only 9% had heard of a man-in-the-browser attack and only 21% had heard of the Zeus Trojan, an extremely prominent form of malware used to compromise online banking accounts. Only 30% of the companies surveyed said they were very concerned about the problem.
Though nearly a third said they thought wire and ACH fraud should be the financial institutions' responsibility, 18% said it should be shared between the business and the bank, which represents an opportunity for the banks.
Fifty percent of respondents said they were not aware of any steps their company was taking to secure against electronic payments attacks, but most said they would be willing to adjust their processes to guard against such attacks, including downloading a browser application specifically for protecting banking transactions and answering security questions drawn from their own credit or historical information.
Wireless Woes
Consumers are frequently advised against using public wireless networks to transmit sensitive data (such as online banking credentials) or to conduct transactions, but there could also be dangers with the networks that consumers use at home,
Hackers can use widely available programs such as Gerix Wi-Fi Cracker, Aircrack-ng and Wifite, along with a high-powered Wi-Fi tracking antenna that costs less than $100, to access networks from as much as three miles away. The programs imitate legitimate user activity, searching for back doors into routers, and can automatically generate and test password combinations until they hit on the right ones. The programs can crack Wired Equivalent Privacy and Wi-Fi Protected Access enabled networks.
The report recommends wireless network users at home change the network's Service Set Identifier to a name other than the default, which typically identifies the brand of router associated with the network. Banks might do well to pass the information along to their customers.
Man in the Mobile
A wave of Zeus Trojan attacks is under way against ING Group NV's customers in Poland and it is targeting two-factor authentication, according to
The attacks target users of the Symbian and Windows Mobile platforms, and will ask bank customers to enter their telephone numbers and smartphone models to "update" their security certificates.
Hackers then send an infected link by text message to the smartphone. After clicking on it, all other incoming text messages are redirected to another mobile phone number, the post said.
Double Time Crime
The boss of an international ATM skimming ring was sentenced on Friday to nearly 4 years in federal prison in Connecticut, according to Feb. 18 stories from the Associated Press and
Dragos Osanu of Romania pleaded guilty to conspiracy to commit bank fraud. Along with an unspecified number of accomplices, Osanu installed skimmers at automated teller machines in Connecticut, New Jersey, New York and Pennsylvania.
Bank of America Corp., People's United Financial Inc., PNC Financial Services Group and Wachovia Corp. were among the banks targeted, the
UPS and Downs
A strange e-mail infection is reportedly making its way around the world. It originally claimed to be from United Parcel Service Inc. and the Federal Deposit Insurance Corp., according to a Feb. 14 post from the security blog
The subject line originally said "Undelivered Parcel," but the body of the text claimed to be from the FDIC, fraudulently alerting consumers to changes in current regulations, the blog reported.
The subject line has since been amended to appear to be from the FDIC, Naked Security reported.
Both versions of this e-mail contain an attached file loaded with malware.
Trick or Tweet
Bankers might be interested in research by the security firm Barracuda Networks Inc. of Ann Arbor, Mich., into how hackers and spammers use social media sites like Twitter to attack users.
According to a Feb. 17
They also make use of imbalances, following popular users to make use of their contacts, which they then unfollow, while continuing to send updates, including links embedded with malware. The firm spent two years analyzing Twitter data, including the ratio of tweets to followers, and determined that only 43% of Twitterers were legitimate.
Left Home Without It
After 40 years, the wallet of a former New York Times art director, Rudolph R. Resta, was returned to him by a security guard in the newspaper's former building.
The guard discovered the wallet while investigating an empty space between an unused window and the masonry behind it, according to the Times' City Room
Resta can rest assured that the thieves, which took all of his cash before ditching the wallet, did not make any bogus charges to his American Express card.
The card, so old it was purple and white (not the standard-issue green of today) and said "Member since 1964," was still with the wallet.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any
