Banks and their commercial clients face the persistent threat of online channel attacks with a significant threat posed by email from undetected crimeware and are being exposed to spear-phishing attacks more than ever before.
According to Gartner, crimeware designed to takeover online banking accounts and steal money is now the most significant threat concerning U.S. banks.
Financial services executives will be presented with “Strategies to Fight Online Account Takeover and Payments Fraud” when IronKey Chairman Dave Jevans and co-presenter, Kevin Thomsen, senior vice president, Citibank Strategies, address the topic at the Global Concepts 2011 Payments Operations & Strategy Forum, Wed., November 16th from 2:45 PM – 3:45 PM at the Four Seasons Hotel in Atlanta.
With 45 percent of U.S. PCs infected by crimeware, according to the latest Anti-Phishing Working Group (APWG) research, the risk of online banking crime, in which one wrong click can lead to financial disaster, has never been greater. Today’s anti-malware software fails to detect these threats at least 75 percent of the time according to real-time research from SpyEye Tracker.2 As a result, online banking account takeovers grew more than 150 percent based on new research published by FS-ISAC (Financial Services Information Sharing and Analysis Center).
Jevans will share the latest information regarding these risks to the financial executive and online banking customers’ desktops, and Thomsen will discuss Citi’s strategy for fraud prevention.
Jevans will update financial executives on these developments:
- An increase in spear-phishing, where individuals inside companies and government agencies are targeted by criminals who send individualized fake emails to their victims, often with crimeware payloads. These emails usually evade spam and anti-virus filters, and are very effective at infecting a user’s computer.
- How cybercriminals are using social media to social engineer spear-phishing attacks on CFOs, controllers and others in corporate finance roles. Criminals are taking their time, compiling as much information as they can through emails, social networking activity, chat records and even phone calls, before going after the big pay out.
- An expectation for more targeted attacks to commercial accounts and high profile individuals like CEOs, CFOs and celebrities.
- Smart phones will also likely become a target, working in conjunction with malware installed on computers. In short, threats will become more sophisticated, more complicated and harder to detect.
“It’s important that banks understand how financial malware such as ZeuS and SpyEye work and how they can go undetected by anti-virus software, firewalls and other conventional countermeasures,” said Jevans. “In light of the new FFIEC guidelines for online banking authentication that go into effect in January 2012, banks need to act now to better protect themselves and their clients from these potential threats at the customer’s own PC.”