CCR Magazine

CCRi banner ad
You are here  :Home arrow News arrow Bank Customers Warned of New Smishing Scam
Contact Us Newsletter Signup RSS Feeds

Latest News Headlines

Headlines

 
Commercial Credit News

Headlines

 
Bank Customers Warned of New Smishing Scam PDF Print E-mail
Monday, 15 February 2016

UK bank customers should be extra careful after a new wave of 'smishing' attacks has seen data thieves drain thousands of pounds from current accounts.


One customer lost over £20,000 from his current account after fraudsters managed to 'hijack' a text message thread, claiming to be from Santander, and saying that there had been suspicious activity on his account. Mr Smith called the number and spoke to fraudsters who asked him for a 'one-time password' and wiped out £22,700 from his account.

SMS phishing - or 'smishing' - scams are the latest weapon fraudsters are using to target bank details. It involves tricking users into downloading a virus so they can impersonate a bank in text messages, hijacking genuine threads to steal passwords and security details.

Commenting on this, Lisa Baergen, manager at NuData Security, said: “Smishing”, a twist on the “phishing” scam, is an old scam that evolves each time new technology comes along. When banks started offering telephone services, fraudsters would impersonate a bank and call customers with criminal intent. As banks moved to providing online services and apps, fraudsters started emailing customer statements, fake websites popped up and phishing emails started to make the rounds. These SMS smishing scams are taking advantage of the consumer’s push for more mobile-friendly and innovative ways to communicate and interact with their financial institutions. With this specific wave of smishing attacks, hackers fool customers into downloading their malware by posing as a legitimate, unrelated app. The malware then takes over a legitimate SMS communication between the customer and their bank to socially engineer the customer into giving away their PII information and access their account.

Fraudsters know that it is generally easier to take over an account by phishing, spear phishing (targeting an individual) or smishing, than to open a new account using a real or stolen credentials, which is why account takeover (ATO) is alarming and, as we’ve been saying, on the rise.

It only makes sense, that account takeover (ATO) has become a new favourite fraud tactic. So as we hear of yet another example of real customers being scammed of their hard-earned funds, it is just another blazing example underscoring the need for financial institutions to move away from PII as the relied-upon authentication method. With the overabundance of stolen data, access to full identities are prevalent and cheap, meaning it cannot be relied on for authentication purposes. Customer education can help reduce the number of times this scam is successful, but we shouldn’t rely only on placing that burden solely on customers and account holders.

If your bank can't distinguish between legitimate users and fraudsters, even with valid credentials, it’s time to they move away from static data to protect accounts, and move to behavioural analytics for authentication. User behaviour analytics observes and understands how the user behaves. Behavioural analytics looks beneath the surface of matching usernames, passwords and other means of authentication such as one-time SMS, to truly understand user behaviour. These behaviour patterns reveal details that fraudsters can’t fake despite their best efforts.”
 
CCRI
3 October - Guoman Tower Hotel, Central London 

CCRInteractive, in association with Marston Holdings , is the largest and leading one-day conference from the publishers of CCRMagazine – a truly national and international event for the credit industry.

This landmark event allows delegates to: Learn best practice of how to increase profitable sales in today’s economy. Understand the key compliance issues and how they will impact upon you. Discuss the legislative and regulatory framework and how it will effect you. Consider the potential effects of Brexit on your business. Discover the latest innovations in the market to improve your collections. Motivate your staff to achieve ever improved results.

To book to attend in 2017, contact Stephen Kiely  or Alison Lucas. To find out more about being part of this landmark event, please contact Gary Lucas
CCRI 

 Forums International Ltd

Forums International Ltd

 Attendance at your first meeting is free of charge, and please quote reference 'CCR2016' to receive the special 10% discount off of your first annual subscription.

Find out more here.

latest issue

CCR Cover

The latest edition of CCR Magazine, the leading editorial publication in the UK credit industry, is out.

Read the latest issue online

The Credit Excellence Awards

Awards 

Tuesday 3 October - Guoman Tower Hotel, Central London


Do not miss your chance to meet and network with the Winners and Finalists at the Credit Excellence Awards, in association with Hoist Finance.


To book your place to attend, please contact Alison Lucas.


subscriptions

CCR is the premier magazine for consumer and credit professionals. It provides an independent voice to the industry, breaking major news stories and running in-depth features.

As a magazine, it works with and campaigns on behalf of the credit industry to promote its importance as a centre of potential profit and business development to the wider business world.

Subscribe to CCR Magazine

CCR World Magazine


 

Providing information and analysis for thousands of senior credit professionals worldwide, every quarter.

Find out more

GTS Media Ltd
81 Cambridge Road
Southend-on-Sea
Essex
SS1 1EP

Registered in England No: 05483197