Banks and other financial institutions have a responsibility to their customers to protect their data and money from fraud. Lately, this has become more and more challenging because customers can access their accounts through multiple channels. This multichannel adoption raises a crucial issue — how do you verify that the person logging into an online bank account is the legitimate account owner?
The number of stolen credentials available to scammers is mind-blowing. According to
Forbes, over 15 billion stolen credentials are being sold on the dark web. Scammers use a vast variety of fraud practices to fool users to reveal their credentials. While the methods used by scammers are better known nowadays, it is still quite complicated to oppose them.
Let us explain the most common fraud practices used to provide more clarification:
Malware. Malware, short for "malicious software", is a broad term that describes a variety of software, including viruses, ransomware, spyware, etc. Malware penetrates computer equipment by means of copying, distorting, deleting, or substituting information to disrupt the computer or steal the user's personal data.
Ransomware. Ransomware is a type of malware that encrypts the local files on an infected device. Usually, scammers will demand payment or some kind of ransom by threatening to publish the victim's personal data or perpetually block access to it.
DoS. DoS, short for Denial of Service Attack, aims to overload the computing resources of a website in order to cause it to crash. Using thousands of servers simultaneously, a hacker can make his botnet penetrate your computer through spam. One way of doing this is by repeatedly filling out a feedback form on your website until the website cannot process the flood of requests any longer.
Phishing. Phishing aims to use the employees of a company to extract valuable information. Using an email, SMS, phone call, or another form of communication, a phishing message will attempt to trick the user into revealing information or downloading malware onto their device. This happens if scammers copy the official websites of companies and "sell" services there.
Vishing. Vishing is a type of fraud activity where individuals are tricked over the phone into revealing critical financial or personal information to unauthorized entities or encouraged by scammers to perform certain actions. A vishing attack can be conducted by voice email, smartphone, VoIP (voice over IP), or landline. One example of this is when scammers pretend to be bank employees.
Skimming. Skimming is the practice of using a special card reader to steal card data. Attackers copy all information from the magnetic stripe of the card (holder name, card number, expiration date, CVV and CVC codes).
CNP. CNP, or Card Not Present, uses a stolen credit card account to complete a transaction that does not require a physical card, such as an online purchase on an e-commerce site.
MitM. MitM, short for Man-in-the-Middle Attack, is an attack that occurs when a fraudster intercepts communication between an online service and a client in order to steal information or hijack an online session