Online Bank Fraud: Cybercriminals' Newest Way to Steal Your Money

Ever the innovators, cyber thieves have figured out how to infiltrate your bank account and siphon money out of it without you ever suspecting you've lost a penny.

Automated transfer systems, or ATS, essentially work as add-ons to known malware such as Zeus and SpyEye. ATSs let hackers run a script in the background that automatically withdraws funds from one account and sends them to another. The big innovation here is that, unlike older malware technology, the criminal doesn't need users to key in their names and passwords in order to access the account. In fact, the criminal doesn't even have to be online while the victim is logging in.

With ATS, cybercriminals can instantly and invisibly carry out financial transactions that wipe out victims' bank accounts—and hide that fact from the victim by injecting fraudulent data into their transactions.

That's pretty scary stuff, and the worst of it is that financial institutions don't seem to have a solution to the problem yet. So what can you do about it?

First, try to head off ATS at the pass. They install themselves on user machines through phishing emails and "drive-by" malware attacks. If you have security software that identifies phishing attempts and blocks malware, you'll be a lot safer.

Second, periodically check your bank account through some means other than the Internet. Get mail-based statements or call your bank to confirm your balance. Part of the (evil) genius of ATS is that they can conceal the true state of victims' finances—but they only work online. If you access your bank balance through other means you'll know what's really going on in your account.

Third, change your passwords frequently. It's a tedious chore, but the alternative isn't very appealing—and with programs like DirectPass, you can store and manage all your passwords in one place.

If there's a silver lining to all this, it exists primarily for US-based users. Ironically, Europe's strong online banking authentication systems have made it harder for cybercriminals to access victim accounts through simple phishing means—which has driven more of them to sophisticated ATS attacks. Right now, they're most common in Great Britain, Germany, and Italy. However, as cybercriminals start to look farther afield, it's reasonable to expect that they'll eventually become a global problem.

< Back to main page


© 2012 by Trend Micro Incorporated. All rights reserved.