Search This Blog

Showing posts with label Bank. Show all posts

Canara bank issues advisory for ATM users after fraud bid



Over the last few days, a video of a cautious user who spotted a device to read debit card data at a Canara Bank ATM in New Delhi is being circulated widely. The video was shared by a Twitter user @rose_k01. Canara Bank was quick to address the issue, as it responded by ensuring there was no breach of sensitive user data. "It has come to our notice that a video is being circulated on an attempted fraud on one of our ATMs by installing a skimming device. This attempt, which was made in one of our ATMs in Delhi, was found out immediately and the devices were removed expeditiously. Thus no data compromise has happened. We have closed down this particular ATM pending completion of police investigation," Canara Bank said in a tweet.

“We, at Canara Bank take strict measures to safeguard our customers. We immediately located and removed the skimmer from Gowtami Nagar, Delhi ATM," the public sector bank added. The bank further informed through the same tweet that no data has been compromised.

Canara Bank said it has already taken some proactive, preventive and customer friendly measures to protect the interest of customers, so as to prevent loss of their precious money, the bank said further in the tweet.

1) Canara mServe Mobile app: Using the app, customers can switch off their credit or debit cards when not in use thereby preventing any unauthorise use.

2)The bank is installing anti-skimming and terminal security solutions in all the ATMs across the country.

3) For withdrawal of more than ₹10,000 from our ATMs by any of our customers, an OTP facility as additional security feature has been introduced thereby preventing unauthorized use.

4)Bank is flashing Do's/Don'ts to all customers through social media and SMS.

5) Fraudulent transactions due to third-party breaches where neither the customer nor bank is at fault, there cannot be any liability to the customer under the norms on limiting customer liability in unauthorised transactions, in case the incident is reported within three days. Thus the customer is totally protected from any monetary loss.

Your home wi-fi isn't safe: Hackers know router trick to access bank accounts, card details

Next time when you connect smartphone or a laptop to relatively secure home Wi-Fi, you might actually be surprised how easy it is to hack into your home Wi-Fi network, courtesy that router installed by your Internet Service Provider (ISP). A small vulnerability in the home Wi-Fi network can give a criminal access to almost all the devices that access that Wi-Fi. This could spell trouble for bank accounts, credit card details, child safety and a whole lot of other concerns.

Trouble could come in the form of a neighbourhood kid who piggybacks on your Internet service. While he plays video games online and talks to his friends over VOIP (Internet-based) telephone service, your Internet service may become sluggish.

But an unsecured home wireless system can also be used to commit crime.

According to the US Department of Justice, law enforcement officers will come knocking on your door if someone uses your Internet connection to upload or download child pornography.

And the bad guys don't have to live next door. Powerful Wi-Fi antennas can pull in a home network's signal from as far away as over 4 kms.

According to Finnish cyber security firm F-Secure, for very little money, a hacker can rent a Cloud-enabled computer and guess your network's password in minutes by brute force or using the powerful computer to try many combinations of your password.

The US Computer Emergency Readiness Team (US-CERT) recently issued an alert about Russia-sponsored hackers carrying out attacks against a large number of home routers in the U.S.

According to Sanjay Katkar, Joint Managing Director and CTO, Quick Heal Technologies, cyber criminals are known to exploit vulnerabilities in home Wi-Fi routers by delivering a payload.

"Once infected with the malware, the router can perform various malicious activities like redirecting the user to fake websites when visiting banking or other e-commerce sites," Katkar told IANS recently.

Sure staff’s bank details stolen

Hundreds of staff at mobile phone company Sure have had their bank details and other personal data stolen in a "targeted" phishing attack.

Current and former employees working for the telecoms firm on the Isle of Man, Guernsey and Jersey have been affected.

The data includes names, addresses, account numbers and sort codes.

A spokesman said "fewer than 400" people were affected but no existing customers' data had been accessed.

The company is one of the main mobile and broadband providers on the islands.

The firm said it was contacting those affected, which includes "suppliers", urging them to be "extra vigilant" and working with the islands' authorities.

The attack is thought to have come in via a staff email account, which has since been shut down."Human error" was partly to blame, the company said.

A spokesman said Sure could not confirm any information about "the location or individual" whose account was targeted, for "confidentiality and security purposes".

Sure has apologised and said it was "constantly reviewing" its training programmes.

The Isle of Man Information Commissioner's office said it had been informed of the attack and an investigation had been launched.

Trickbot Trojan Gets 'BokBot' Proxy Module to Steal Banking Info.




In 2017, IBM's X-Force team discovered a banking trojan named as 'BokBot', which redirects users to malicious online banking websites or can link victims to a browser procedure in order to insert unauthorized content onto official bank pages, it's also known as IcedID.

The authors of Trickbot trojan have begun to distribute a custom proxy module to the users; Trickbot trojan is a new component originated from BokBot's code for web injection, it works with some of the widely used web browsers.

The new variant came with its separate configuration file, it was detected on an infected system on 5th of July as "shadnewDll".

How does the malware work?

The malicious process begins with an infected Office Word document that downloads the Ursnif trojan after deploying a PowerShell script. Then, a Trickbot version along with the IcedID proxy module is received by the compromised host, it is programmed to intercept and modify web traffic.

After examining the component, Vitali Kremez, security researcher, said that it can be attached to the following web browsers: Microsoft Edge, Mozilla Firefox, Internet Explorer and Google Chrome.

Upon further inspection, the module appeared to be particularly adapted for TrickBot or other fraud bank operations which is based on the installion of this malware and its variants.

Referencing from the research of FireEye, "The TrickBot administrator group, which is suspected to be based in Eastern Europe, most likely provide the malware to a limited number of cyber criminal actors to use in operations."