Bank Info Security: Zeus Strikes Mobile Banking
‘Once online banking users logged in to access their accounts, they were asked to enter their mobile numbers and the makes of their mobile phones. A link was then SMS/text-messaged to the mobile users, who were each asked to click the alleged transaction-authentication/verification link contained within the text.
…This Zeus Trojan had the ability to manipulate a mobile device’s address book and add an entry for a number that could be hard-coded or programmed into the device. “Every time a phone was infected, SMS messages from telcos in Spain were being sent back to the same U.K. number,” the number that had been injected into mobile phones by the Trojan. Once fraudsters had control of the address book, they could send text messages without the user even knowing. So banking transactions could, in theory, be approved via SMS/text, and the action would be completely invisible to the user.’
About me
a friendly linkblog covering email technology, spam prevention, "deliverability," and related topics.
Box of Meat is not associated with any particular company or organization.
www.flickr.com
|
Box of Meat is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
