Catch of the Day: Banks Face New Phishing Scams - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Catch of the Day: Banks Face New Phishing Scams

A new attack can result in stolen personal data even if the recipient of the fraudulent E-mail is not fooled by it.

Banks and their customers are facing new threats of phishing attacks, making it more difficult than ever to protect customers from identity theft and fraud. The increasing sophistication of phishing scams makes it harder for consumers to discern the difference between a legitimate bank e-mail message and a fraudulent one, according to industry experts.

One new type of phishing attack is particularly hard to identify. The technique can result in stolen personal data even if the recipient of the fraudulent e-mail is not fooled by it. When a bank customer simply opens the e-mail, a program attached to the e-mail by the phisher silently runs a script - even if the customer deletes the message without clicking on any embedded links. When that customer attempts to visit his or her bank's legitimate Web site - during that session or a future session - the malicious code redirects the person being phished to a fraudulent Web site.

Even a savvy Web-banking customer is vulnerable to this type of attack. Banks are educating customers on how to identify a fraudulent e-mail, but financial institutions can't do much to protect clients from simply opening fraudulent e-mail, according to Alex Shipp, senior antivirus technologist, MessageLabs (New York), a provider of e-mail security services. "It is difficult because banks don't own their clients' computers," Shipp says. "They can't do much to protect customers, but what they can do is, as soon as they learn about these sites, they can take them down," he continues. "It's more of a reactive thing; there is not much they can do proactively."

Recently, three Brazilian banks, including Unibanco (Sao Paulo), were the target of this scheme, according to Shipp. And MessageLabs expects to see more phishing attacks of this type, he says. Shipp points out that this particular scam only works on machines running Microsoft Windows, but Mac and Linux users can be affected if they use Windows updates. He suggests using only Windows systems that have had all available security patches installed.

Another phishing technique that has flourished is actually a combination of hacking and spamming. As with a traditional phishing attack, the assailant sends a fraudulent e-mail to consumers. However, this technique directs recipients to a legitimate bank Web site. With a false sense of security, users are more likely to enter personal information, which is then hacked by the fraudster, according to Susan Larson, vice president of global content, SurfControl (Scotts Valley, Calif.), a Web and e-mail filtering solutions provider.

In this type of scam, the phishers take advantage of security holes in financial institutions' Web sites, Larson explains. "Anyone doing any e-commerce is at risk," she adds. "The customers think they are on the [legitimate] site, [but the data] is really going to a fraudulent site."

SunTrust (Atlanta; $199 billion in total assets) customers were the target of this type of phishing. As soon as SunTrust became aware of the threat, the bank corrected the security flaw in its Web site, according to Hugh Suhr, a SunTrust spokesperson. The bank has a fraud alert section on its Web site and warns customers that it does not solicit personal information through e-mail. "We never ask for confidential information via e-mail," Suhr says. SunTrust also is taking proactive steps to combat phishing, but Suhr says he cannot divulge which technologies are being leveraged - for security reasons, of course.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll