alexskopje - stock.adobe.com
Online fraud attacks originating from fake mobile applications that appear to be from legitimate banks almost trebled in the first six months of 2019, according to RSA’s Fraud and Risk Intelligence (FRI) team, which has just released its latest report diving into the world of online fraud campaigns.
In the report, the FRI team revealed it had detected 140,344 fraud attacks during the first six months of the year, up from 86,344 in the last six months of 2018 – a rise of 63% – and 29% of those attacks came from rogue mobile apps as cyber criminals capitalise on consumer trust in legitimate brands as a channel to commit fraud.
“The digital transformation of finance is well under way and yet this transformation is a double-edged sword,” said Daniel Cohen, RSA FRI unit director. “While digital has created opportunities for organisations to improve customer experience, it also introduces new digital risks that need to be managed.”
Cohen said that since the number of digital touchpoints that consumers can engage with to access their banks has increased dramatically – through initiatives such as open banking – the attack surface that fraudsters can exploit has also grown.
“From one-click payment buttons to mobile apps from our favourite retailers, spending our money has never been easier,” said Cohen. “The fact that fraud via fake mobile applications tripled in the first half of 2019 is testament to how perpetrators will constantly seek out weak points by exploiting consumers’ growing trust in mobile apps.”
A report from ImmuniWeb in August 2019 backed up RSA’s latest evidence. It found widespread failure among banks and other financial services firms to patch security holes in their websites and mobile apps.
All the financial services apps tested by ImmuniWeb contained at least one medium-risk vulnerability, and 97% had at least two medium- or high-risk vulnerabilities. It reported that 56% of mobile app backends had serious misconfiguration or privacy issues relating to SSL/TLS configuration and inadequate web server security hardening.
“To keep pace with constantly evolving tactics, banks need to take a layered approach to proactively manage the risk of fraud across all channels,” said Cohen. “This will help them embrace the opportunities that come with digital transformation while maintaining confidence in their ability to detect and respond to fraud, protecting both themselves and their customers.
“For consumers, it is essential we all stay vigilant of new digital risks and there are several simple steps we can follow. Firstly, avoid clicking on links in text messages or emails from unfamiliar senders, as this lowers the chance of having your bank details stolen, or malware being installed on your device.
“It is also important to keep track of bank transactions. Often, fraudsters will start with smaller purchases to test the water, so monitoring bank accounts closely is vital to catch fraudsters early.
“Finally, in light of the rise in fake mobile apps, download new applications with caution, make sure to verify the publisher, and pay close attention to what data permissions each app requests.”
Read more about fraud
- Research by Cisco’s Talos threat intel unit has identified a new click fraud campaign targeting people looking to jailbreak their iPhone devices.
- The majority of hundreds of thousands of applicants to UK universities are at risk of email fraud before and after A-level results day, due to a failure to implement full Dmarc protection, a study reveals.
- Challenges have been outlined and a consultation launched to find ways to reduce fraud and error loss in central and local government through data-driven technologies.
The average value of fraudulent transactions varied by region, ranging from $344 in North America to $312 (€276) in the EU, $285 (AUD411) in Australia, and $228 (£174) in the UK.
The FRI team also saw an increase in attacks from new variants of the Ramnit banking trojan, which has been around in some form since 2010 and has evolved significantly since a coordinated take-down effort four years ago led by Europol.
It was initially designed to compromise PCs and use them as proxy servers – a botnet – for malicious activity, but its descendants have been adapted to steal user credentials through a web browser injection by running an executable that contains concealed malicious code. There are also signs that Ramnit’s developers are collaborating with the developers of another widespread malware family, AZORult, to distribute it better.