Photo (cc) by Bankenverband - Bundesverband deutscher Banken
Cybercrooks are at it again, and this time they’re going after bank accounts in Europe and Asia.
According to a new report from Trend Micro, a computer security company, hackers have bypassed banking protections and accessed online accounts in Japan, Sweden, Austria and Switzerland. American banks haven’t been affected – not yet, anyway.
If you’re like me, cybersecurity and tech talk can cause your eyes to glaze over. But it’s very important to know how to protect yourself.
This latest scam bypasses the two-factor authentication system at banks, which typically requires people to input a password and then enter a second one-time password, which they receive by email or text. Entering two passwords is supposed to make it more difficult for criminals to hack consumers’ accounts, The New York Times said.
In theory, it sounds great. Unfortunately, hackers have found a hole. Because of this, Trend Micro dubbed the new online banking attack Operation Emmental – because online banking protections, like Swiss cheese, are full of holes.
According to Credit.com, Operation Emmental’s approach is unconventional.
The attack exploited what some would consider the weakest link in the chain when it comes to security — the users themselves. That’s right, the scammers circumvented any security protections that were in place at the financial institutions by going directly to the customer base.
Here’s how the scam works: A consumer receives a phishing email that appears to be from the bank or a trusted retailer. Consumers who click on the links in the emails inadvertently allow malware to be installed on their computer or other device.
When the unsuspecting consumer tries to log on to their banking page online, they are redirected to a fake site. So when the user enters personal information – username, account number, PIN – the hacker gets that info. Then the phony site prompts the user to install an app to complete the transaction. After the app is installed, the cybercrooks have all the information they need to clean out victims’ bank accounts.
Although Operation Emmental hasn’t hit the U.S. yet, it could. According to JD Sherry, vice president of technology and solutions for Trend Micro, Europe has more security in place than the U.S.
Sherry told Credit.com:
Many U.S. banks are still slow to implement multifactor authentication, especially as it pertains to mobile banking. This should be of great concern for the entire financial community. As we see most often with sophisticated criminal campaigns such as Operation Emmental, testing will be conducted against various financial institutions across the globe to determine success rates before putting the crosshairs directly on the U.S. financial sector.
Follow these tips to protect yourself against all phishing scams:
- Don’t click. Think twice before opening attachments or clicking on email links, especially if you don’t recognize the sender. That’s an easy way for you to unknowingly download malware.
- Use spam filters. Oftentimes spam filters can fish out any unwanted emails before they hit your inbox.
- Be cautious. If you think an email you received from a company is legit, call the company directly to check on the validity of what you received. It’s better to be safe than sorry.
Have you fallen victim to a phishing scam? Share your thoughts below or on our Facebook page.