12:26 PM
Connect Directly

Fraudsters Find New Ways Around Banks’ Online Defenses

Guardian Analytics has detected the increased use of new strategies fraudsters are using to bypass online security strategies that banks need to be looking out for.

Fraudsters have proved to be creative in the ongoing security battle with banks, constantly finding new ways to circumvent banks’ defenses. Banks have been fortifying their online authentication and protections for years now in response to online fraud.

To counter those new defenses, fraudsters are now devising new ways around the online protections banks have built to thwart them. Guardian Analytics has detected two such schemes that fraudsters have been using that can help them slip by the safeguards that banks have enacted and get to their customers’ money.

Disposable Email Addresses

Everybody hates getting their email inbox overwhelmed with spam. With that in mind, some consumers have started using disposable email addresses that they can use, for example, when purchasing a product online so that any future unwanted emails from the seller are sent to the disposable address. Google and Yahoo have offered such temporary addresses for a while, says Craig Priess, Guardian Analytics' founder and vice president of products.

But Google and Yahoo aren’t the only providers, and some of the other providers like Mailinator, don’t require participants to register to sign up for one a disposable email address -- the account is automatically created when an email is received to the address. And after a period of inactivity the account is often removed from the providers’ servers.

This makes it very difficult to trace the owner of the address, and makes these email accounts a good weapon for fraudsters, Priess points out.

Over the last nine months Guardian has noticed an increase in attacks using disposable email addresses to execute fraudulent transactions that require email verification, Priess reports.

Fraudsters conducting these attacks typically begin by stealing login credential, and then changing the email address associated with an account to a disposable address, he explains. They then initiate a transaction that requires email approval, such as a wire transfer. The email confirmation then goes to the disposable email address and is then approved by the fraudster.

Guardian estimates from its own data that nearly one in three fraud cases involving a changed email address were conducted with a disposable email address, Priess says.

“There is a growth in the popularity of these disposable email addresses for legitimate purposes, so these types of addresses should be a concern for banks,” Priess notes. “They are not conducive for banking activity though -- it won’t help the customer get alerts. These addresses aren’t a clear indicator of fraud but, but they should raise a red flag.”

If a bank finds that an email address in a customer’s account has been changed to a disposable one, Priess advises the bank to look at other potential changes to the profile and be on the lookout for transactions initiated from the account that would require an email confirmation.

“Banks have worked hard to put controls in place after the authentication process has been compromised. This shows fraudsters have found ways to get around those controls and evade detection while initiating transactions once they’re inside the account,” Priess says.

Tech Support Scams

Over the last six months banks have also seen an increase in another scheme that fraudsters have used for a while to gain access to banks accounts, Priess adds.

The fraudster calls up an account holder pretending to be tech support --usually for Microsoft Windows -- and tells the victim that they have malware on their computer. Once the fraudster has gained the victim’s trust, they ask for remote access to the computer to remove the malware. Once that remote access is gained they change the security settings on the victim’s computer and then installs malware to steal the victim’s bank credentials. The fraudster then logs into the victim’s account and initiates a fraudulent transaction -- often while the victim is watching, but can’t do anything about it.

To the bank the fraudulent transaction in these cases looks like legitimate, Priess points out, because it is originating from the victim’s computer.

The fraudster sometimes also demands payment to remove the alleged hardware before trying to gain remote access, Priess adds.

Fraudsters are relying more on social engineering schemes like this one because banks have fortified their online channels and customers are becoming more aware about their online security, Priess comments. Guardian has also seen increased use of social engineering attacks by fraudsters via online chat and the call center, Priess reports. “Social engineering helps [fraudsters] pick the low-hanging fruit,” Priess says.

To help prevent these attacks banks need to pay attention to unusual behavior in customer accounts. The fraudulent transactions are generally going to be out of the norm compared to the customers’ historical behavior, Priess suggests. Banks also need to help educate customers about such social engineering schemes, as preventing these attacks is often outside of the bank’s control, Priess adds.

[See Related: Getting the Customer Involved in Fraud Prevention]

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
8/7/2013 | 2:01:54 PM
re: Fraudsters Find New Ways Around Banks’ Online Defenses
I was recently a victim of skimming fraud. Some of these old school fraud techniques are still pretty effective. I hope as more commerce and banking business happens on the mobile phone that we figure out how to make it more secure. That way some of these old schemes targeting plastic cards won't work.
Zarna Patel
Zarna Patel,
User Rank: Apprentice
8/2/2013 | 7:25:49 PM
re: Fraudsters Find New Ways Around Banks’ Online Defenses
I love the term "fraudsters". 100% sure it was derived from "hipsters" when I first heard it. On a more serious note, these are still serious issues bankers and customers must look out for. Most people are unaware of these types of attack until it happens to them. I didn't know people still went for the old school stuff like credit card skimming until I was a victim of it last year. I was lucky to have caught it by checking my account online before it escalated.
User Rank: Apprentice
8/1/2013 | 7:02:03 PM
re: Fraudsters Find New Ways Around Banks’ Online Defenses
Thank you for timely article. You are clearly on top of the current fraud trends.
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.