More NewsNew Attack Technique Against Banks Highlighted

New Attack Technique Against Banks Highlighted

Actimize, the provider of transactional risk management software for the financial services industry and a NICE Systems company, has warned banks and banking customers of a new attack vector – Man-in-the-Phone (MitP).

MitP blends new and old fraud techniques to trick banking customers into authorizing transactions via the phone channel. MitP builds on the successes realized from Man-in-the-Browser (MitB) attacks in which criminals use Trojans to infect a users’ Internet Browser to “modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host application.” MitP also leverages ‘social engineering’, which in this case is the act of using trickery or deception during a phone conversation to convince an individual to divulge information.

In a typical MitP attack, a fraudster impersonates a bank representative and calls the banking customer to inform him/her that his/her savings, checking or card account may have been breached or compromised. The fraudster advises the customer that in order to remedy the situation he/she should remain on the line and verify a few account details. At the same time, the fraudster initiates a call to the customer’s bank and connects the customer with a real bank representative while the fraudster remains muted on the line. The bank requests authentication information, such as social security number, passwords and other personal information, which is then provided by the customer. Once the personal information is provided, the fraudster quickly ends the conference line and informs the customer that the issue has been resolved. Meanwhile, with the personal information gathered during the call, the fraudster can take over the customer’s phone banking relationship and transfer money out of the customer’s accounts.

Actimize recommends banks combine cross channel behaviour profiling and anomaly detection technologies with better call center processes and training. Call center employees should be trained to listen more closely and ask who originated the call. Attacks may be thwarted or losses minimized if bank employees ask simple (but random instead of static) security questions at various points in the phone conversation when confirming personal credentials. Fraudsters are less likely to trick customers into sharing answers to several security questions.

“We help many of the largest retail banks, investment banks and brokerage firms protect themselves and their clients from all types of cross-channel fraud attacks,” says Paul Henninger, director of fraud solutions at Actimize. “We’ve noticed an accelerating trend in Man-in-the-Phone attacks. We hope that by publicising this new trend, we can help reduce its impact on individuals and our banking clients.”

Related Articles

Infosys Finacle to power Santander UK’s international cash management system

More News Infosys Finacle to power Santander UK’s international cash management system

3w The Global Treasurer
Preparing for GDPR? Here’s four things to consider

More News Preparing for GDPR? Here’s four things to consider

4m Elliott Wiseman
Cash flow in focus for investors

Cash Management Cash flow in focus for investors

5m Conor Deegan
Treasury TV: Karen Pugsley, Domino's Pizza Group

More News Treasury TV: Karen Pugsley, Domino's Pizza Group

5m Victoria Beckett
Treasury TV: Yeng Butler compares US and European MMF reforms

Compliance Treasury TV: Yeng Butler compares US and European MMF reforms

5m Victoria Beckett
Treasury TV: Tim de Knegt, The Port of Rotterdam

10 Minutes With The Treasury Treasury TV: Tim de Knegt, The Port of Rotterdam

5m Victoria Beckett
Banks are selling clients short with short dated cash deposit U-turns

Banking Banks are selling clients short with short dated cash deposit U-turns

5m Victoria Beckett
What does sterling’s Brexit boost mean for UK manufacturers?

More News What does sterling’s Brexit boost mean for UK manufacturers?

6m Tasja Botha