Text message scammers quietly prey on regional banks
IDG News Service - You get a text message from your bank telling you there's been suspicious activity on your account. You call the number on your phone to see what's going on, and before you know it, you're a victim.
Welcome to the next big thing in phishing.
Law enforcement and security experts say that for more than a year now, scammers have been using scam text messages to prey on small regional banks and their customers. And according to a report set to be released next Tuesday by Cisco Systems, the problem has only been getting worse in recent months.
"It's a serious problem," said Pat Peterson, a security researcher with Cisco.
Here's how the scam works. The criminals pick a bank -- say a credit union in Medford, Oregon -- then they bombard every phone in Medford's 541 area code with a phishing message sent by SMS (Short Message Service) telling the victims to call a fake 800 number that looks like it's from a local credit union. Because they're targeting a bank in the region, the bad guys have a pretty good chance of hitting real customers who may not have heard about the scam.
They use the open-source asterisk software to set up a fake voice-operated system and steal information when people enter their account numbers, passwords and other sensitive information to authenticate themselves on the system. When the criminals use this information to transfer money overseas, the banks take the loss.
By targeting regional banks, they scam has managed to stay somewhat under the radar and not attract a lot of attention, said Nick Newman, a computer crimes specialist with the National White Collar Crime Center. Big banks have large security teams set up to tackle this type of fraud, but with a regional institution such as a credit union, "their entire IT team for the bank might be only five people," he said.
Another problem for the banks is that the scam subverts one of the main techniques that banks and security experts have been trying to drill into their customer's heads for years now, Newman said. "We always say, 'If you have any questions, call your bank, or they'll call you.' Well SMS is pretty close to calling your bank. It gets to the point where it's like, 'What do we tell people to do now?'"
The criminals have been going through the country credit union by credit union, bank by bank, Peterson said.
"It's working pretty well for them," he added. "It's a pretty innovative technique."
Sometimes it works exceptionally well, in fact. When Medford's Bank of the Cascades was hit with the attack in May this year, the scammers got more than they bargained for, according to Detective Sergeant Kevin Walruff with the Medford Police Department. "I've spoken with people that gave their personal information and aren't even customers with Cascades bank," he said. "They actually called that number and provided information."
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!