Rogue applications can give end attackers complete control over your phone. There’s growing concern at the Federal Reserve and the banking industry about increasing attacks on smartphones by fraudsters.
In a paper presOnline account takeovers are one form of identity theft, which occur when
an unauthorized party gains online access to an existing bank account by stealing
the access credentials to the account and then conducts illegal transactions. Online account takeover incidents are increasing in both frequency and levels of financial loss.
The year 2012 witnessed the largest account takeover on record, an event known as
Operation High Roller. The attack spread from Europe and Canada to the United
States and did not require any human intervention. The attack involved malware, which were used to skim money from high-balance accounts onto prepaid debit cards and to modify the statement balances to mask the transactions.
The malware was installed on computers through tainted links in e-mails, or when
users visited malicious websites or legitimate pages already compromised by
hackers.
Companies:
Educate employees repeatedly through multiple channels of communication
on the risks of clicking on unknown e-mails, links, or web pages.
Block employee access to social sites.
Conduct banking activity on stand-alone computers without access to e-mail
or web surfing.
Align organizational functions such as information technology, internal audit,
and the board of directors to instill a cyber-risk culture, including defining
who is responsible for what when it comes to cybersecurity.
Deploy multifactor, multilayer security for access to financial accounts.
Banks:
Require specific bank-downloaded virus software on client computers prior to
engaging in financial transactions (personal and business).
Require multifactor, multilayer security for access to customer, especially
business customer, accounts.
Individuals:
Use strong passwords and avoid using the same password for multiple sites,
especially those where you handle financial transactions.
Install and maintain malware and virus protection software.
Avoid conducting personal banking on public computers or through public
network sites.
Cautiously assess before clicking on e-mail links or responding to e-mail or
text requests.
Practice safe Internet surfing.
Practice safe shopping, and be cautious when entering payment information,
including checking to ensure the website has a valid URL.
Use common sense.