Users will always click on an URL sent to them right? I bet any information security pros out there must have heard or said this before.
Here is a news reporting that some people in Germany got their bank account swipe out after a Trojan "intercepted/diverted" their mTAN (SMS based one time password).
Excerpt from the news by Thelocal.de:
Berlin state police warned on Tuesday that "bank customers using the
SMS-TAN/mTAN process have become victim of fraudulent money
withdrawals." Several people have reportedly had their bank accounts
emptied in the past few weeks, the police said in a statement.
"In all cases, the SMS containing the mTAN for the online banking system
was caught or diverted," the statement said. "Up until now, those
affected have been customers using a Smartphone with an Android
operating system."
The criminals reportedly use a Trojan virus to get their victims' bank
details from their desktop computer. Then a fake notification appears on
their browser saying they should protect their smartphone with a
security update, which requires them to give the phone's number and
model.
An SMS is then sent to the phone containing a link to the supposed
security update - but the software they then download is highly
dangerous. "From then on, all instant messages containing an mTAN are
diverted to another mobile phone, belonging to the criminal," the
statement said.
These mTAN numbers, along with the account and PIN numbers gleaned
before, can now be used to withdraw money. The transactions cannot be
reversed. In several cases, the fraudsters not only emptied the
accounts, but also used up overdraft limits, the police said.
Police are now warning people not to download security updates onto
their phones apparently sent by their banks. Emails apparently sent from
banks asking for security details should also be regarded suspiciously,
the police said.
1. Never enter any personal details, phone number etc you are not sure what it will be used for.
2. Ignore those warnings or ads that suddenly pop-up on your browser. Use ad-block or ad-block plus :)
3. On very top of that, do not simply click on any link you see, no matter how cute or attractive the picture is.
4. Also, install a Anti-Virus on your mobile phone. I found Avast Mobile quite useful :)
5. Patch, patch, patch your system.
Ain't security fun? ;)
acknowledgement - picture taken from http://www.flickr.com/photos/86979666@N00/8161660138/sizes/m/
No comments:
Post a Comment