Cyber fraudsters now target two-factor bank authentication

Our Bureau Updated - August 23, 2013 at 10:11 PM.

Internet security solutions firm McAfee has asked customers to use only the official App (application) offered by their respective banks when they carry out financial transactions online.

The company, in its threat report for the second quarter, found that cyber fraudsters are attempting to bypass the two-factor authentication set by these banks.

“Once the attacker has stolen a username and password from a victim’s PC, the thief needs only to get the user to install SMS-forwarding malware,” the company said.

When they don’t, they will be duped.

“While the victims think they have the original app installed, the attacker logs in to the users’ accounts to get the latest SMS from the bank,” it said. Banks in Europe and Asia require two-factor authentications via SMS messages. When customers log in to their bank accounts online, they are sent a mobile transaction authentication number (mTAN) as a text message.

They must then enter the mTAN code to get access to their accounts.

This step prevents an attacker, who steals only the username and password, from making off with the victim’s money.

The total number of suspect URLs tallied by McAfee Labs crossed 74.7 million by the end of June. This represents a 16 per cent increase over the first quarter. These URLs refer to 29 million domain names, up by 5 per cent from the previous period.

> kurmanath.kanchi@thehindu.co.in

Published on August 23, 2013 16:41