We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Free fraud protection scam delivers financial malware

There are plenty of reasons for the cliche known as FUD (Fear, Uncertainty, Doubt) in the cyberworld. There are a staggering number of threats online, and any number of vendors trying to ease the minds of computer users with security products.

Now, in a new twist on FUD, an online banking Trojan horse first discovered in May 2011 is promising security products to gain access to confidential personal information to steal identities and money.

"[The new scam] is both simple and extremely believable -- they are promising online banking fraud protection insurance that is, well, fraudulent, " the online security firm Trusteer's senior malware analyst, Ayelet Heyman, wrote in a blog post on Tuesday about Tatanga.

One report said Tuesday that the scam works by "[displaying] a rogue message inside the browser when the victim authenticates on their bank's website, claiming that their bank is offering free credit-card fraud insurance to all customers."

The Tatanga malware affects nine browsers, including Internet Explorer, Mozilla Firefox, Google Chrome, Opera and Safari, and uses social engineering techniques to try to trick victims into bypassing security measures enforced by banks, like one-time passwords (OTPs) or transaction authorization numbers (TANs).

Oren Kedem, director of product marketing for Trusteer, says the new configuration of Tatanga, discovered last week, was initially aimed at customers of a specific bank in Spain, but he says the authors of it may be trying to spread it to customers of other banks. So far, he says, the scam is not aimed at the U.S.

"We don't know where it originated," he says, "but it's fair to assume that the people are Spanish speaking, and familiar with the Spanish banks. There is reason to believe it is coming from that part of the world."

Kedem says he does not know how many customers may have fallen for the scam, but that it may appear credible to customers because it hijacks the browser and then injects a page, or part of a page, that looks to the customer like part of the bank web page.

Since it works when the customer is on the bank's website, it also finds out how much the customer has in his account, and offers free insurance for that amount.

To counter such threats, Kedem says the banks should provide anti-malware services to customers, and says there are "some things they could do on the website side that would detect abnormal behavior."

The most effective way to counter it, however, is making customers more savvy. "Banks need to make customers watch for any change from normal," he says. "They should be suspicious if they see any unsolicited offering, anything that is asking for new information, if the screen changes or if suddenly somebody from the bank is chatting with you. Call the bank and ask if it is genuine."

"The best way to be safe is to be suspicious," he says.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model