A statement released by the South African Banking Risk information Centre (Sabric) has highlighted the importance of vigorous security measures for both PC and mobile consumers to avoid banking fraud.
According to Sabric, criminals are able to send malware, or malicious software, to customers' devices, enabling them to capture keystrokes, while mobile banking takes place from that device. The malicious software can include worms, viruses or Trojans, and devices are often infected when users download software from unverified sources.
Knowledge is safety
Sabric CEO Kalyani Pillay says many bank customers are familiar with phishing scams and have generally got into the habit of ignoring them. "However, there are people that fall victim to bank cyber crime because their devices have been compromised with malicious software without them knowing. Never download software onto your PC, tablet or any other device, until you've verified its security and privacy features."
Pillay says it is essential to ensure adequate security is in place, especially when banking is done from a mobile device such as a cellphone or tablet. "Cyber criminals are always on the look-out for vulnerable mobile devices that they can compromise for their own means."
Security consultant for SpiderLabs at Trustwave, Philip Pieterse, says mobile users need to become more aware of the threats they face when using mobile devices for banking purposes. "Because of chip and PIN being implemented, it is a lot more difficult for credit cards to be cloned. So the criminals are focusing on 'card-not-present' environments, like e-commerce and mobile."
Chief security advisor at Microsoft SA, Dr Khomotso Kganyago, says it is of absolute importance to keep all software on devices up-to-date. "Attackers are trying to use vulnerabilities in all sorts of software from different vendors, so organisations and consumers in general need to keep all of the software in their environment up to date, and run the latest versions of software whenever possible."
Operating concern
When it comes to cyber attacks on smart devices, the security threshold has shown to differ from one operating system to the other.
Earlier this month, an attack on smartphones running Android raised concern about the security measures in place for the operating system. The Trojan was discovered by researchers at Kaspersky Lab and deemed as the most sophisticated attack on Android to date.
Pieterse says the Android platform continues to be the main focus of malware and adds that last year, Trustwave's malware collection for Android grew 400%, from 50 000 to 200 000 samples.
"All vendors routinely issue operating system updates, but device manufacturers often don't roll out these updates. This issue is most prevalent with Android, [as] device carriers are reluctant to make new versions of the OS available to users of older devices. Some estimates indicate that at least 90% of Android owners are vulnerable to known flaws because they can't update their operating system," he says.
Pieterse says while most malware takes advantage of Android, some malware appeared in the Apple iTunes Store this year. "All the malware discovered there was quickly removed."
He adds there was a common misconception that BlackBerry devices are immune to malware. "They are, in fact, being targeted by several new variants of the Zeus family of malware."
Pieterse says malware was not that common on Windows 8. "But this may change quickly as the operating system gains market acceptance."
Share