Cyber criminals crack two-factor bank authentications

Users who swear by online banking are in for a shock as the McAfee Threats Report: Second Quarter 2013 has divulged details about a banking malware that helps cyber criminals steal SMSes to get access to people’s accounts. The research also brings to light some entertainment and dating applications which are actually meant to carry out data theft. And a significant number of ransomware samples have also been found. As many as 3,20,000 of these were unearthed in the first two quarters of 2013.

Most banks require a two-factor authentication procedure to be carried out before they allow their customers to make online transactions. The first step is entering the username and password, while the second step requires them to enter the mTAN or the mobile transaction number. This code is sent to the registered mobile number of the person via an SMS.

Fraudsters use malware to acquire the username and password of a certain user, but it is not possible to log into the bank account unless they have the mTAN. Thus, they came up with some malicious software that leak the login details and then intercept messages for the code. McAfee found 4 such malware currently being used for this purpose. And once they manage to get all the credentials, all they have to do is sign in and transfer funds very conveniently.

In order to save yourself from such a fraud, you need to make sure not to use unreliable sources to access bank accounts. It is advisable to utilize only official bank applications for online mobile banking transactions.