According to a McAfee and Guardian Analytics report dubbed “operation High Roller,” an international ring of cybercriminals has been attacking banks around the world. They have been siphoning roughly $78 million from bank accounts in Columbia, Germany, Italy, the Netherlands, the United Kingdom and the U.S.
In the report, McAfee Director of Advanced Research and Threat Intelligence Dave Marcus writes that this organized crime ring built on tactics established with previous malware is coming up with innovations including: “bypasses for physical ‘chip and pin’ authentication, automated ‘mule’ account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as €100,000 (US$130,000).”
These hackers’ methodology represents a shift from traditional man-in-the-browser attacks on victims’ PCs to server-side automated attacks. Where they once used multipurpose botnets, they now rely on dedicated servers built for the express purpose of processing fraudulent transactions.
Like most financial fraud rings, this one had previously focused on European targets, but McAfee found that their thefts have gone global, spreading to Latin America and more recently to the U.S.
This threat impacts commercial accounts, high-net-worth individuals, and financial institutions of all sizes. The new methodology allows criminals to operate more quickly and to attempt a wider variety of transactions. It is a purpose-built, multiple-strategy approach that helps the criminals’ servers avoid detection, which keeps them live for longer, facilitating even more fraud.
Consumers can begin to protect themselves with antivirus, anti-spyware, anti-phishing, and firewall protection.
Banks and other financial institutions can improve their fraud detection rates even more by incorporating device reputation management into their layered defense. Many leading financial institutions use iovation’s ReputationManager 360 to helps stop new account fraud, detect fraud at user login, detect fraudulent credit applications and also to stop check deposit fraud from mobile phones.
About the Author
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Banking Security Guidelines Go Into Effect in January 2012
As banking applications evolve, common attacks on banks are becoming correspondingly more sophisticated. Small businesses, municipalities, and moneyed individuals are often targeted for obvious reasons: they have hundreds of thousands of dollars, if not a few million, in the bank, but their security is often no more effective than that of an average American household.
- Federal Investigators Bust Credit Fraud Ring
A federal investigation dubbed “Operation Open Market” recently yielded 19 arrests in nine states, for crimes including identity theft and counterfeit credit card trafficking. The defendants allegedly participated in “Carder.su,” a Las Vegas-based transnational ring that bought and sold stolen personal and financial information and manufactured counterfeit IDs and credit and debit cards in order
- FBI: Focusing on Hackers and Intrusions
Your tax dollars are being put to work in ways to secure your bank accounts and our critical infrastructure. But there’s still more work to do.
The FBI reports Early last year, hackers were discovered embedding malicious software in two million computers, opening a virtual door for criminals to rifle through users’ valuable personal and financial
- Username and Passwords Are Facilitating Fraud
In 2005, the Federal Financial Institutions Examination Council stated:
“The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Account fraud and identity theft are frequently the result of single-factor (e.g., ID/password) authentication exploitation. Where risk assessments
- Feds Catch Carder
“Carders” are the people who test and sell credit card details (most likely phished) to other individuals who carry out the actual credit card fraud. Carders are the most visible of criminals who distribute and sell stolen data to whoever is willing to take it and burn it onto a white card or make purchases over the
Leave a Comment
You must be logged in to post a comment.