A site dedicated to providing credit unions with relevant news and information related to security and information technology.
Thursday, January 15, 2015
Bank Fraud Toolkit Circumvents 2FA & Device Identification
Another user-friendly attack toolkit is on the market, and it's perfect for the budding Brazilian banking fraudster. It's got an attractive, user-friendly interface that includes a "start phishing" button. And it effectively circumvents both two-factor authentication and device identification protections.
The toolkit is distributed by being embedded in other malware. It comes preloaded with a list of targeted banking URLs. When the infected user visits one of those sites, the malware operator gets an alert and can then decide whether or not to proceed with an attack.
If the toolkit surfaces in English, is your firm prepared to detect the toolkit that leverages a malware infection, the use remote access tools, abnormal browser patterns, or other abnormal transactions?