In today’s rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.
IBM Security Trusteer recently observed a new trend in a Spanish retail bank with the creation of virtual credit cards for fraudulent purposes, which turned out to be a little-protected service of the offering bank. Fraudsters exploited it to defraud victims of their entire account balance, reinventing a known and effective scam.
The fraud, step by step
Each security attack has a unique anatomy and flow. We will examine the flow of this specific fraud here.
Fraudsters initiate the attack by sending an SMS to the victim. The SMS will appear under the same section as previous messages from the bank. This is done using a tactic called SMS spoofing. The topic of SMS spoofing is outside the scope of this blog but is indeed a facilitator of this fraud flow.
The fraudsters, appearing to be the bank, inform the victim via SMS of a security issue with their banking account. They further explain that a bank representative will call the victim soon and provide a numeric code to identify themselves. The code is provided in the message as well.
Next, a fraudster calls the victim, providing the code from the SMS sent earlier to “identify” themse ..
Support the originator by clicking the read the rest link below.
