Trojans continue to wreak havoc on mobiles, as banking transactions are increasingly being conducted on these devices.
So said Ann Johnson, RSA Security's VP for global identity protection and verification, in an interview with ITWeb yesterday.
"By and large, most of our customers today are talking about mobile banking security. The growth in mobile is expected to be about 76% this year, and mobile banking applications have started dominating the market. One of our biggest concerns in that area is Trojans," Johnson said.
In reference to a recent Trend Micro report, she said, for every three Trojans infecting a PC, 14 are infecting mobiles.
Johnson also noted that Trojans are designed with the purpose of getting access to devices in order to gain more information about potential victims and to take over their online identities.
"So we are very concerned about Trojans and the sophistication of the attacks," she added.
She also pointed out that the Android platform, because of its openness and growing popularity, has been the biggest target for cyber criminals.
"Android now has about 70% of the market share and it also has the highest infections of Trojans. The problem with the Android market is its openness; it's also easy to download a fake app from there."
Johnson also revealed that HTML and SQL injection are becoming the most predominant type of attack. "We are also worried about the level of co-operation and collaboration of the fraudsters. But also, they seem to be going deeper underground and they have become harder to monitor and detect.
"For example, they are actually hiring other fraudsters to do things like penetration testing to protect their unique marketplaces. So they are definitely beefing up their infrastructure to avoid being detected, caught and defeated. So the fraudsters are becoming smarter and they are also well-funded these days."
In a report last month, RSA Security noted that phishing attacks are notorious for their potential to harm online banking and credit card users who may fall prey to phishers looking to steal information from them.
It adds that compromised credentials are then typically sold to the underground or are used for the actual fraud attempts on that user's bank account.
According to Johnson, since e-mail accounts are an integral part of user identities online, they have also become a pivotal access point for many account types.
RSA says, when it comes to online retailers and merchants, the e-mail address is most often the username in the provider's system or database. When it comes to bank accounts, it adds, the customer's e-mail is where communications and alerts are sent, and sometimes even serve as part of transaction verification.
The compromise of e-mail accounts by a cyber criminal can have detrimental effects, said Johnson.
She added that e-mail takeover may mean a hostile third party will attempt and sometimes succeed to reset the user's account information and password for more than one Web resource, eventually gaining access to enough personal information to enable the complete impersonation of a victim.
To prevent such attacks, Johnson believes users must start by doing basic things like installing anti-virus software and keeping it up to date.
"It's also very important to know how your bank communicates with you. Most consumers, about 80%, simply give answers to callers without first verifying who they are speaking with. So, one of the best ways for consumers to protect themselves is to verify who they are speaking to.
"If someone calls you and says they are your bank, the best practice is to say 'let me call you back', and call them back with the number that you already have for your bank; that way you will know you are legitimately dealing with your bank."
Regarding banking app downloads, she urged consumers to first verify the apps with their banks to ascertain their originality.
Share