Phishers Use SCA Checks to Trick Banking Customers

Online scammers are using changes to European banking rules around customer authentication to trick consumers into handing over their sensitive financial details, according to Which?

The consumer rights group warned that attackers are spoofing the emails being sent from banks, payment firms and e-commerce providers asking for up-to-date info, as part of new Strong Customer Authentication (SCA) requirements.

Firms across the EU are gearing up for the changes, part of PSD2, which will require a form of two-factor authentication on any online transactions over €30, although some exceptions apply.

Ironically, payments providers and e-commerce firms in the UK have been given a further 18 months to comply with the new rules, originally set for a September 14 deadline.

Yet that hasn’t stopped the scammers: Which? claimed it has already spotted phishing emails imitating emails from Santander, Royal Bank of Scotland (RBS) and HSBC.

Urging the recipient to update their banking information ahead of “new procedures,” they include links designed to take the victim to a legitimate-looking page designed to harvest banking details.

Which? argued that in many cases, legitimate brands are making it harder for consumers to spot phishing emails, by including links in their own emails, and by using multiple unusual domains for various landing pages.

The group claimed that 78% of its members think banks and other financial firms should never include links in emails, to make phishing attempts easier to spot.

Tripwire VP, T ..

Support the originator by clicking the read the rest link below.