Phishers target bank security upgrades: RSA

Summary:There was a spike in phishing activity last month, with fraudsters targeting an increasing number of brands and using more sophisticated tools to try and fool online banking customers, according to the RSA Online Fraud Intelligence Report for November.According to RSA, which recently became the security division of storage firm EMC, an increasing number of financial institutions have been upgrading their online banking systems in order to comply with US regulations.

There was a spike in phishing activity last month, with fraudsters targeting an increasing number of brands and using more sophisticated tools to try and fool online banking customers, according to the RSA Online Fraud Intelligence Report for November.

According to RSA, which recently became the security division of storage firm EMC, an increasing number of financial institutions have been upgrading their online banking systems in order to comply with US regulations. Phishers have been using the upgrade activity to try and exploit users.

Just over a year ago, five US banking regulators -- under the FFIEC umbrella -- advised financial institutions to "deploy security measures to reliably authenticate their online banking customers". The global nature of the banking industry means that any such regulations in the US are at least partly relevant for financial institutions based in Australia.

RSA claims that some of the most advanced phishing attacks during November tried to exploit banking customers before or during the implementation of these new systems.

"With the enhanced level of protective measures taking hold across the financial industry, fraudsters are stepping up the level of phishing activity prior to the deployment of additional layers of defence.

"And they are doing so by mimicking the very efforts that financial institutions are implementing to better protect their customers. The latest scam involves a phishing e-mail requesting customers to ... upgrade to the bank's new security enhancement," said the RSA report.

Citibank Australia was criticised last month for possibly contradicting its own security guidelines by sending an e-mail that asked customers to update their log-in details due to an upgrade to the bank's online security system.

Security experts and even Citibank's own staff had trouble confirming if the offending e-mail was genuine or a phishing attack.

Topics: Malware, EMC, Security

About

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.