Banking

RELATED ARTICLES

BANKING
Global IT banking scam

Published: 21-JUN-05

The world's fastest growing fraud and money laundering scam is called phishing. Its a scheme to steal online banking identities from unsuspecting users. It has hit many of South African's major banks but has caused global financial headaches.

In Atlanta, US Master Card downplayed the recent security breach saying only a small percentage of its 13.9 million credit card accounts, were exposed to the risk of fraud.

Initially Mastercard claimed that an unauthorised user may have accessed the names, banks and account numbers of credit card holders, from a number of card issuers. They claim the security breach involed a computer virus

But later they said that about 68 000 of its card holders were at 'high levels of risk'. But they added they need not worry about identity theft.

MasterCard traced their breach to Atlanta-based CardSystems Solutions - a company who processes their credit card payments.

Globally MasterCard has shut down 2 000 sites involved in phishing or other credit card fraud activities, protecting thousands of credit card numbers that were in jeopardy.

This US incident is one of the largest security breaches involving financial data, at major financial institutions and data brokers.

But financial institutions are not the only ones being compromised. Bloomberg, the news service was approached by two hackers demanding $200 000 if the hackers told the company how they gained access to the Bloomberg network.

The hackers were arrested but it shows how vunerable major companies are to cyber-extortion, says i Week magazine.

In South Africa Standard Bank claim there was a phising attack by a foreign crime syndicate aimed at money laundering. First they were trying to find accounts to defraud and then recruit people for laundering the money and getting it out of the country.

There are several 'phising' techniques. The most dangerous one is called 'pharming' or ' DNS poisoning. ' This attack gets directly to the domain name system.There are servers that translate URLs like www.standardbank.co.za to IP addresses.

There are many global DNS servers which automatically transmits the IP address a web site advertises - some of them may lead customers to an IP address of an attacker, rather than to the domain they thought they were going to.

Special online offers are another way to lure customers to give credit card numbers and other confidential information. Often the customer receives a telephone call with unresistable offers enticing them to get their personal banking details.

Other more subtle methods are customers receive phising email messages or pop-up windows that include official-looking bank logos and other banking details copied directly from the bank's online web sites.

Deceptive emails encourage users to disclose passwords and PINs by replying to the email or by giving links to an authentic- looking site.

This is one of the fastest growing online crimes. In principle it is no different to information obtained from credit card slips or ATM receipts, that customers throw carelessly away. But it is a harder crime to investigate and difficult to shut down.

The APWG website www.antiphishing.org/ has information on how to spot phising attempts and what to do if you are a victim of such a scam.





Print this page Send this article to a friend










Market news on your cellphone
Get live JSE listed shares, warrants, major indices, brent crude oil, international markets, agricultural futures & daily market analysis via SMS on your mobile.
Find out more...


Energy in Africa
Energy in Africa is an intelligent and in-depth look at how energy impacts people, places, projects, price and development around the African continent.
Subscribe now...


African Business Leaders Forum
African business and public sector leaders define and construct a prosperous future for the continent.
Find out more...


Online travel bookings
Planning to travel? Book accommodation in Africa & South Africa here.
Book now...




Contact us | Advertising | Subscriptions | Newsletter | About us | Employee Email

All material copyright Business in Africa. All rights reserved. Material may not be published or reproduced in any form without prior written permission. Read these terms & conditions. Read our privacy statement and security statement. Powered by Mail & Guardian Online & iafrica.com. The domains businessinafrica.net, energyinafrica.net are owned by Business in Africa.