The world's most prolific phishing gang has ditched the technique in favour of the Zeus password-stealing crimeware that does not require the victim to hand over their financial account credentials, according to a report from APWG.
This news is very concerning, although it probably isn't surprising. What this means is that we are likely to see a sharp rise in the more sophisticated, and harder to detect forms of internet banking fraud such as man-in-the-browser, which may signal the
beginning of a new wave of internet banking fraud globally.
Banks need to ensure they are monitoring customer behaviour and profiling their typical activity. The highest risk patterns such as transfers to a new beneficiary need to be risk ranked and checked using alternative methods of communication such as an SMS
message to a mobile phone - even by those banks that employ multi factor authentication as part of the login process.
News that APWC researchers found that phishing criminals have ditched the technique in favour of the Zeus password-stealing trojan could spark a huge cyber crime wave affecting millions of individuals. Banks and authorities must go the extra mile in protecting
consumers through education on how to identify threats and how it can be prevented through the use of strong authentication devices that are available for online banking.
Phishing scams thrive on a lack of customer knowledge, while trojans silently steal ebanking login and password information without the end user realising it. Strong authentication solutions, already in use by banks such as Nationwide and Barclays, can prevent
this type of fraud because they utilise transaction signing as part of their two factor authentication solutions, which allows the banks to detect data tampering by Trojans during man-in-browser style attacks. This strong authentication method has already
shown to significantly reduce online fraud in the UK. Going one step further, the use of dynamic signatures could reduce the chances of social engineering attacks on customers drastically.
Cybercriminals are evolving rapidly and are using increasingly more sophisticated technology and the threat is far greater as a result. Banks and governments must work closely together to educate individuals on how best to protect their data while also equipping
them with the right tools.
© Finextra Research 2014