Monday, June 02, 2008

Beware of Error Messages At Bank Sites

Brain Krebs writes on Security Fix:

If you own or work at a small to mid-sized business, and are presented with an error message about data synchronization or site maintenance when trying to access your company's bank account online, you might want to give the bank a call: A criminal group that specializes in deploying malicious software to steal banking data is presenting victims with fake maintenance pages and error messages as a means of getting around anti-fraud safeguards erected by many banks.

Dozens of banks now require business customers to log in to their accounts online using so-called "two factor authentication" methods, which generally require the customer to enter something in addition to a user name and password, such as a random, one-time-use numeric code generated by a key fob or a scratch-off pad.

But one of this past year's most prolific cyber gangs -- which targets virus-laden e-mail attacks against specific individuals at small to mid-sized businesses -- has devised a simple but ingenious method of circumnavigating these security measures.

More here.

0 Comments:

Post a Comment

<< Home