Beware of Error Messages At Bank SitesJune 2, 2008 – 11:39 AM
If you own or work at a small to mid-sized business, and are presented with an error message about data synchronization or site maintenance when trying to access your company’s bank account online, you might want to give the bank a call: A criminal group that specializes in deploying malicious software to steal banking data is presenting victims with fake maintenance pages and error messages as a means of getting around anti-fraud safeguards erected by many banks.
Dozens of banks now require business customers to log in to their accounts online using so-called “two factor authentication” methods, which generally require the customer to enter something in addition to a user name and password, such as a random, one-time-use numeric code generated by a key fob or a scratch-off pad.
But one of this past year’s most prolific cyber gangs — which targets virus-laden e-mail attacks against specific individuals at small to mid-sized businesses — has devised a simple but ingenious method of circumnavigating these security measures. When a victim whose PC is infected with their data-stealing malware attempts to log in at a banking site that requires two-factor authentication, the fraudsters modify the display of the bank site in the victim’s browser with an alert saying “please allow 15 to 30 minutes for your request to be synchronized with our server.”
By intercepting the victim’s password along with the one-time code – and assuring that the victim will never be able to use that one-time code – the thieves can quickly use the one-time code to log in as the victim and proceed to drain the bank account.