Along with the development of technology, the banking industry has introduced Malaysian bank app to adopt the online banking system. However, at the same time, the criminals or scammers also have been launching their modus operandi to deceive banking users. They lure their victims with some smart tactics that the victims do not even realise that they are falling into the criminals’ traps. The victims will transfer their money to fraudsters who are intelligent to falsify their identities. In this article, we are going to share with you 2 types of online banking fraud that usually take place in the banking application.
Brief Introduction to Online Banking Fraud
Online banking fraud is a deception committed by criminals in order to gain access to someone else’s finances or personal gain. In this context, online banking fraud occurs when a bank user is duped into transferring a large sum of money from a bank user’s account by a fraudster. The power transition in attempting to access the bank user’s account by the fraudster is another common scenario of internet banking fraud, in addition to the circumstance that falls into the category of an online banking scam.
ATO (Account Takeover)
An account takeover, abbreviated as ATO, is a type of fraud that occurs when a fraudster or cyber-criminal seizes control of your bank account. The fraudster usually begins the account takeover by stealing your personal credentials or the information needed to log into your bank account. In addition to stealing your personal credentials or information in order to gain access to your bank account, the fraudster may use social engineering techniques or install malware that can control your device.
Smishing, phishing, and vishing are common social engineering techniques used by fraudsters. Phishing typically occurs via clickable links contained in received emails, whereas smishing occurs via SMS that appears 100% reliable and legitimate. Vishing, on the other hand, is a deception perpetrated by a fraudster via phone or voice call.
SIM Swapping is another pure social engineering-based ATO technique that allows cybercriminals to transfer the victim’s phone number to another SIM. The illegal transfer of the phone number is accomplished by pretending to be the victim and convincing the mobile provider’s operators to issue a new SIM card for the same phone number. Fraudsters can then use the new SIM to receive OTP messages and circumvent multi-factor authentication processes, allowing them to access any account associated with that number.
Automatic Transfer Systems (ATS)
In contrast to Account Takeover, attacks using the Automatic Transfer System (ATS) typically do not necessitate taking control of the victims’ accounts (ATO). The banking user often does not unaware of the fraud activities done by the fraudsters while the user is actively using the banking application.
There are 3 significant differences between ATS and ATO attacks:
a. ATO is only possible using social engineering techniques, whereas ATS always involves the presence of malware on the victim’s device.
b. ATS malware is typically highly customised to the targeted application, making it more sophisticated and difficult to detect.
c. Because all of the actions are performed by real people using real devices who are unaware that malicious malware has been installed on their digital devices, ATS attacks can bypass fraud detection systems such as Two-Factor Authentication, Behavioral Biometrics, and Behavioral Analysis. In this case, cybercriminals aren’t interested in collecting user information or OTPs because legitimate users are transferring money to the fraudsters’ account (without realising that).
No responses yet