Research & Resources: Online Fraud Today

Fraud Updates

Recent updates and events related to banking fraud. Contact us if you want to know more about any of these.

  • Zeus now available as a rootkit, speeding development of new attacks
  • 12.6 million victims of identity theft in 2012
  • NBC website hacked, leading visitors to Citadel banking malware
  • DDoS attack hid $900,000 cyberheist; OCC confirms that DDoS attacks are being used to hide fraud attacks
  • Hackers offer phone flooding service that will "take care" of competitors phone lines
  • Fraudsters using mule accounts at big banks to move funds out of small banks
  • New scheme uses website Live Chat feature to process fraudulent wire transfer
  • Fraudsters successfully authenticate in 3 out of 5 attempts to log into online banking
  • New mobile banking Trojan for Android lets crooks use smartphone as part of DDoS attack
  • Carberp banking Trojan now available as bootkit with $40,000 pricetag
  • Phishing scheme exploits Facebook to compromise 11 million computers and stead $850 million

See Fraud News tab to the right for the latest developments.

Internet Banking Fraud Creates Severe Challenges to Financial Institutions

Organized cyber crime rings are stealing $billions. And the more financial institutions understand about who they're up against and how fraudsters operate, the better prepared you'll be to defend yourselves and your account holders.

1. Organize Fraudsters work together, sharing skills, successes, and information, allowing them to innovate faster and pool their resources for larger, more successful attacks.

2. Advance They reinvest their "earnings" to continually improve their techniques and technologies. And they're very quick to adjust as soon as the banking community demonstrates an ability to defeat one of their schemes.

3. Expand Criminals are targeting more account holder touch points, including online banking, mobile devices, and clients' ACH batch files.

4. Scale They are moving away from single bank attacks and scaling their efforts to reach thousands of banks, including community banks, by targeting banking platforms.

5. Evolve Fraudsters are further adapting their approaches to compromise bank employees to gain direct access to accounts and systems such as the FI's wire system.

This increased sophistication resulted in the FFIEC Guidance Supplement issued in June 2011, acknowledging that authentication is insufficient and that layered security featuring anomaly detection is now a minimum expectation for effective fraud prevention. And in the time since mid-2011, the fraudsters have only gotten better. (Video: Existing Controls Aren’t Enough))

Click on the tabs below to learn more:

Fraud News

Fraud News

Here is some of the recent news about banking fraud. If you would like to know more about any of these news items, please contact us.

  • Zeus now available as a rootkit, speeding development of new attacks
  • 12.6 million victims of identity theft in 2012
  • NBC website hacked, leading visitors to Citadel banking malware
  • DDoS attack hid $900,000 cyberheist; OCC confirms that DDoS attacks are being used to hide fraud attacks
  • Hackers offer phone flooding service that will "take care" of competitors phone lines
  • Fraudsters using mule accounts at big banks to move funds out of small banks
  • New scheme uses website Live Chat feature to process fraudulent wire transfer
  • Fraudsters successfully authenticate in 3 out of 5 attempts to log into online banking
  • New mobile banking Trojan for Android lets crooks use smartphone as part of DDoS attack
  • Carberp banking Trojan now available as bootkit with $40,000 pricetag
  • Phishing scheme exploits Facebook to compromise 11 million computers and stead $850 million

Internet Banking

Internet Banking is Strategic

Protecting your customers and members from fraud attacks is not just a simple matter of making sure their money is not stolen. The strategic opportunity at stake is much larger and includes lifetime value, profitability, competitive advantage, and brand reputation. (Video: Why Online Banking is Strategic)

Individuals and businesses want to bank when and where it's convenient for them. To be competitive, to meet customer needs and reduce churn, banks and credit unionsmust not only offer online and mobile banking capabilities, but must continually expand the set of offerings. And do so while building customer confidence that their transactions are secure, their assets are safe.

To fully realize the strategic benefits of robust Internet banking services, youmust have a fraud prevention solution that's up to the challenge.

Please click the Know Your Enemy tab to learn more.

Know Your Enemy

Know Your Enemy

It's a war, and the enemy is relentless.

Fraudsters are businessmen. Fraud is a large, organized, global business with strong funding and state support. And their targets are financial institutions in the West.(Video: Financial Institutions are at War with a Formidable Enemy)

Fraudsters are organized and specialized (see graphic), and have established social networks to share their ideas, assistance, and successes.

Fraudsters also have a very efficient capital system, and often operate with the implicit approval and support of their federal government. In short, by being criminals and operating outside of the laws, ethics, and procedures that guide much of the law-abiding institutional behavior, fraudsters have a lot of advantages. And the financial returns they realize are very attractive.

How They Attack

Cyber criminals use a spectrum of techniques (see graphic) to compromise accounts and set up attacks, and are using all options available to them for completing transactions. Malware is certainly a challenging aspect of what you must detect, but many of the schemes involve human interaction, which enables the fraudster to adapt quickly and therefore makes the attacks harder to detect.

Credentials Are Widely Available
  • 40% of PCs already infected (APWG)
  • Authorities found thousands of stolen credentials on a single fraudster's computer
  • Phishing and email breaches provide additional data
  • Fraudsters successfully authenticate for 62% of the online banking sessions they attempt (Guardian Analytics)
Phishing and Social Engineering Resurfacing
  • Social engineering on the rise (Gartner)
  • Trend showing fraudsters using mobile/tablets to compromise credentials (Aite)
  • Email breaches connected to banking fraud (Aite)
  • 60% of passwords reused

Keep Current

Sign up for our on-going series about the latest fraud attacks and how to defend against them.

Learn More

Rapid Malware Innovations Leave FIs Exposed.

Malware detection providers themselves say when something new appears, it is a two-week cycle to research and formulate new protections. A study by Imperva found that AV software detects only 5% of new malware. Criminals are accelerating their investments to exploit this weakness.

Here are just some of the malware familiesthat criminals are using steal credentials and bypass authentication, with an increasing number of "rootkits" available commercially within the fraudster community, dramatically shortening the time needed for a new fraudster to develop and launch an attack.

Zeus
SpyEye
Gameove
ICE IX

Ramnit
Carberp
Shylock

Gozi
Zitmo
Spitmo

Moving Funds Through Online and Offline Transactions
  • In a 2012-2013 account reconnaissance attack, ~1000 accounts at 75 FIs were involved in a single offline fraud scheme
  • ACH channel represents 56% of losses (FS-ISAC). Criminals are taking advantage of operational weaknesses in ACH
  • Wire channel represents 76% of attempts (FS-ISAC)
  • Fraudsters using online account to gather information for offline fraud attacks (for example, see Guardian Analytics Fraud Informer: Chatting for Dollars)
  • 90% of confirmed fraud incidents did not involve a payment (Guardian Analytics); fraudsters are gathering information online for offline attacks.

Please click the True Cost of Fraud tab to learn more.

True Cost of Fraud

The True Cost of Fraud

A Guardian Analytics survey found that in 78 percent of attacks, the money left the institution before the attack was recognized, and in half of the cases, the FI took all or some of the loss. So, the initial fraud loss certainly is part of the cost. But additional costs can be significant, too. (Video: The True Cost of Fraud)

The full cost of fraud loss includes:

  • Investigation and Remediation. Investigation is the staff time for the forensic analysis (i.e. what malware was involved and how the account was compromised), determining fault, and evaluating what processes worked or didn't work. Remediation is determining how the bank may or may not compensate the business for the loss.
  • Legal Costs. Recent court cases have sided with the victimized business. If you (the financial institution) are found to be liable, you can expect to have penalties added on to court costs.
  • Customer churn. Customers will leave if they feel you are not adequately protecting them, costing you the future lifetime value of that customer.
  • Brand & Reputation. It's hard to measure true cost, but clearly there's damage to your brand and reputation if you're a victim of fraud losses.
Fraud Informer

Keep Current with Fraud Informer

Sign up for our on-going series about the latest fraud attacks and how to defend against them.

Learn More

Anomaly Detection Toolkit

Guardian Analytics' Blog

This in-depth primer explains what anomaly detection is and how it works to stop the online banking fraud attacks that other solutions miss.

Learn More