It finally hit – in Brazil which reminds me of how Internet banking fraud started – also in Brazil. It looks like the same mode of attack. One mobile device is used to illegally access multiple online bank accounts and to transfer money out of them to new payees or existing mule accounts. Apparently, the banks in Brazil are more liberal with online banking functionality (e.g. money transfers) on mobile devices than the North American and European banks are.
I also heard that some banks are having users use separate and dedicated user ids and passwords for mobile banking. This helps in the documented cases where fraudsters illegally collect user credentials (user ids and passwords) used to access mobile banking applications, where they can’t do ‘too much’ damage because of limited functionality, and then reuse those credentials in online PC-based banking where they can do much more. I’m guessing it’s probably also because the fraudsters already have scripts written for PC-based Internet banking attacks and are too lazy to rewrite them for mobile banking.
So mobile bankers beware – mobile malware is not rampant yet but it’s starting to appear. For now, solutions are sparse, costly, or not yet fully implemented. And it’s a lot more expensive to use a dedicated mobile device for mobile banking than it is to use a dedicated PC for PC banking.
Category: Uncategorized Tags: