Lack of security could allow cyber-crooks to obtain users’ bank details and empty their accounts
An assessment of over 300 businesses for sending money abroad commissioned by Panda Security, the global IT security vendor, has revealed that 30% of the PCs used for bank transfers had an outdated antivirus and 60% were infected with malware. Inadequately protected and often used for other purposes (like instant messaging and downloads), Panda has expressed concern that the computers’ lack of security could allow criminals to intercept authorised remittances using the following tactics:
- A Trojan/keylogger can be installed on the target computer capable of capturing screen information such as account numbers, banking credentials, PIN codes, etc. This would be facilitated by high-risk behaviour of the people who operate the terminals and poor security standards, such as trial antivirus software and infrequent system maintenance.
- A targeted phishing attack (pretending to come from one of the most popular money transfer entities) or infections with malicious codes that lead users to fraudulent websites. Any banking data entered on these pages would end up in the criminals’ hands.
As a result of these attacks, banking details of money senders could be intercepted by cyber-crooks who would then have open access to the victims’ accounts.
“Despite being unsafe, these computers are very frequently used to conduct bank transactions. The risk is enormous as we are talking about very sensitive information being stored on infected, vulnerable computers,” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “This combination of lack of maintenance, low security consciousness and risky end-user behaviour results in highly vulnerable systems that are very easy for cyber-criminals to infiltrate.”
“This is an extremely serious issue,” says Matthews, “ especially when you bear in mind that according to the World Bank’s latest data, almost $11 billion of remittances were sent to sub-Saharan Africa last year from economic migrants around the world.”
Preventing and protecting
For all businesses geared engaged in money transfer services, Matthews recommends having an up-to-date anti-malware suite. “You must also make yourself aware of the security practices put into place before conducting your business,” he says. “We suggest using banks accredited by the relevant authorities because they have higher security standards than most multi-service businesses.”