• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

User-Centered Bank Fraud: 5 Ways Hackers Attack

August 5, 2019 By The Editor

Online banking is big business. As a matter of fact, according to a recent survey from Deloitte, 73% of respondents use online banking resources at least once a month, and 59% use mobile banking apps. Yet despite the high level of user traffic, today’s banking platforms are not designed specifically to stop hackers. As a result, attackers have been taking advantage of the built-in weaknesses of e-banking and manipulating users into making online mistakes.

In a recent article for Help Net Security, Andre Machado, Product Manager at WatchGuard, explores five ways hackers engage in user-centric bank fraud. These include SMS Swaps, Man-In-The-Middle attacks, Man-In-The-Browser attacks, Spear Phishing attacks, and Mobile Malware attacks. Here’s an excerpt from the article:

Although banking attacks have become more complex in the past few years, the vast majority still rely on tricking users. For example, one common phishing attack used against banks involves directing targets to a malicious clone of the banking platform’s actual website. Once users try to log in to this genuine-looking fake website, the platform can confuse them by displaying a “Service Not Available” messages and store the credentials the user just tried to enter.

Another old but effective tactic is the Man In-The-Middle (MITM) attack, in which attackers target banking platforms that do not adequately protect their infrastructure. This not only allows hackers to steal money, but also negatively affects the bank’s reputation by making their infrastructure seem fragile and vulnerable. The attack allows fraudsters to interfere with the communication between users and the bank’s backend implementation to change transaction values and accounts. It can be prevented by using certificate pinning technology, which allows bank application to trust a specific certificate for a given server.

To read about all the different bank fraud attacks – and to get some information on how banks can better protect their systems – follow this link to Andre’s article.

Want to learn how to prevent employees from falling for a phishing attack? Check out this Secplicity post. Need a better mobile authentication service? Check out AuthPoint.

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: Hacking, mobile security

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use