Actu
Trusteer says student loan phishing arrests highlight the dangers of targeted attacks
December 2011 by Trusteer
Trusteer has welcomed news that six people have been arrested in connection with a £1 million phishing scam that saw students fooled into revealing their bank details to supposed representatives of the government student loans scheme.
According to Jack Blockley, managing director of Trusteer the Web browser security specialist’s UK and Middle East operation, the case highlights the increasing danger posed by targeted attacks against customers of banks.
"I have a lot of sympathy with the students as - if you were a student relying on a government loan for your course funding and living expenses - you’d probably want to do everything possible to ensure they have the information they need to pay your money into your bank accounts on a regular basis," he said.
"And this is the psychology of targeted attacks. Get to know your victim(s) and target their weak spots, meaning that their usual guard against frauds and scams is reduced - and you have a near-perfect storm as far as an IT-assisted fraud goes," he added.
The Trusteer Managing Director went on to say that the students were invited - via email - to update their account details and allied information via what turned out to be fake Web site.
Armed with the right information, he explained, it was a simple enough matter for the cybercriminals to log in and extract money from the student’s bank accounts.
Blockley says that once your online banking credentials have fallen into the wrong hands - for whatever reason - it is a relatively simple matter for the money to be siphoned out of your account in a matter of minutes and - under the new Fast Payment System (FPS) rules - the money can be a destination account with a couple of hours.
In practice, he notes, the FPS transfer is immediate and, perhaps more importantly from a fraud perspective, the two-hour maximum transfer timescales operate 24 hours a day, seven days a week - even on weekend nights when bank staffing levels are at a minimum.
"The combination of a targeted attack and the recently-enhanced FPS bank transfer system in the UK makes for easier online banking fraud as far as cybercriminals are concerned. And as they frequently operate on the other side of the world, the quiet times in the UK when these types of fraud take place are often normal working hours for them," he said.
"And even if the cybercriminals have to forgo a little sleep for their fraudulent endeavours, with potential rewards measured in seven figures, they are not too hard done by. This entire saga shows why all users of online bank accounts need to be on their guard 24x7 and use all available security measures - especially if their bank offers security software free of charge such as Trusteer Rapport, which has proven to be effective at stopping online banking fraud for tens of millions users around the world," he added.
