Earlier this week, AdaptiveMobile released a blog post which examined application-to-person (A2P) SMS banking scams, specifically as they relate to identity theft. Attackers are increasingly using creative social engineering led approaches to trick individuals into giving away personal information, allowing an attacker to impersonate a victim resulting in financial gain for the perpetrator. The post also looked at the recent Barclay’s TV advert which examines the same topic. Robert Capps, VP of business development at NuData Security commented below.
Robert Capps, VP of Business Development at NuData Security:
“The lack of standard trust indicators in SMS, coupled with the seemingly organic deployment of SMS as a messaging and authentication channel for online transactions, has not only led to consumer confusion. It’s also opened a wide channel for fraudsters to socially engineer consumers into disclosing their personal information.
It’s also not an unique attack. Other convenient forms of consumer communication like email and telephone calls have been utilised by cyber criminals in similar ways in the past, so perhaps it’s no surprise to find creative uses of the same old trick being employed.
At the root of this issue, is the continued reliance on the traditional (but tired) username and password authentication framework. It’s still the sole method of verifying consumer identity in many non face to face transactions. Coupled with weak auxiliary authentication schemes that have been duct taped on top of this framework, such as SMS challenges, and secret questions and answers, it’s no wonder that consumer authentication is a mess.
Traditionally, online authentication boiled down to a choice between “effective”, “easy” and “low friction”, where you can only pick two options. Execs are always biased toward tangibles, so the option usually left on the ground was customer experience (friction). Growing respect for the value of customer experience, plus advances in behavioural techniques and evaluation of human interactional signals, has injected new life in to these tired techniques. The great part about these new behavioural authentication technologies is that they provide real security for customers and their accounts, without negatively impacting the customer experience.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…