Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Trusteer: A New Twist: Fraudulent Fraud Insurance

May 2012 by Trusteer

In their never ending effort to devise new schemes that defraud online banking accounts, criminals have come up with a scam that is both simple and extremely believable – they are promising online banking fraud protection insurance that is, well, fraudulent.

The recent attack Trusteer discovered uses the Tatanga malware platform. In the configuration file Trusteer captured, Tatanga notifies the online banking victim via a web browser injection that their bank is offering free insurance protection against online fraud.

The victim is then presented with a fake insurance account that claims to cover the total amount of funds in their bank account. This fake insurance account is actually a real bank account that belongs to a money mule. The victim is told that they will be protected against any losses from online fraud by this insurance coverage. In the final step, the victim is prompted to authorize a transaction that they believe is to activate the insurance coverage. In all likelihood, the victim does not expect any funds will be transferred out of their account.

To approve the transaction the victim enters a one-time SMS password that is sent to their mobile device. Unfortunately, the victim is actually approving a transfer of funds from their account to the fraudster’s money mule account.

Here is a screen capture of the web injection used by Tatanga. The fields in quotes (“) are placeholders for the “victim-specific” data inserted by the malware. These are the insurance coverage amount (when the victim’s balance is between 1000 and 5000 EUR, the amount is typically the entire balance rounded down to the nearest multiply of 100 EUR. If the balance is greater than 5000EUR, only 5000EUR are stolen) and the corresponding insurance account number (which is a money mule bank account).

“Once they have compromised an endpoint, the ability of Tatanga and the other cybercrime platforms to commit online fraud is limited only by the imagination of criminals,” said Heyman. “As this latest scheme illustrates fraudsters do not lack creativity when it comes to developing new methods that trick victims into authorizing fraudulent transactions.”


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts