Cyber criminals are waiting for banks to have online technical difficulties and then step in to target bank customers who complain about technical problems online. Using fake Twitter accounts that look just like the banks, they trick customers into handing over their banking credentials. Robert Capps, VP of Business Development at NuData Security commented below.
Robert Capps, VP of Business Development at NuData Security:
“While phishing schemes that are used to steal user login credentials and personally identifiable information (PII) aren’t particularly new, using social media to impersonate the customer care function at an online institution during a system outage, is a unique twist on an old scheme. And, one that wouldn’t immediately raise the alarm of consumers that may be at an elevated level of concern over cybercrime and identity theft. Particularly troubling about this type of attack vector, is the fact that in many cases, unlike in credit card theft, customers are often held directly responsible for any losses to their account.”
Robert explains, “Banks (and any other organization that conducts business online) need to take a more nuanced approach to authentication, and evaluate as much contextual information about interactions as possible, to determine if it really is the right user. Passive biometrics and behavioral analytics technology seems to be a perfect fit to restore consumer trust in online channels, while adding real security to the login process, and without adding friction that drives consumers away. Systems that can passively collect and analyze live customer data in real-time will have distinct advantages over systems that result in customer loss due to friction.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.