New malware threat to Internet banking applications
SINGAPORE: The Association of Banks in Singapore (ABS) has issued a warning against a new computer malware dubbed "SpyEye" that targets local Internet banking applications.
It said there have been a few such cases.
It said whenever the customer tries to access the bank's Internet banking application from an infected computer, the malware attempts to create a fraudulent third party beneficiary addition and funds transfer.
ABS said customers who visit infected websites, open infected emails or download unknown files are vulnerable to the malware, which can also be transmitted through social networking sites.
Those logging in to Internet banking applications from an infected computer could see a web banner that claims be checking the computer's security settings
The login page will indicate that the transaction "may take 1-10 minutes to complete" or "security verification in progress".
It may ask for an additional SMS or token-based OTP (one time password) on the same login page in addition to the usual username and password.
ABS said a legitimate Internet banking website will only ask for your OTP on the second page after you have entered your password on the login page.
Customers may also receive an SMS alert providing them with an OTP when they did not login; or an SMS alert saying they have "Added a Payee" which they did not execute.
They may also receive an SMS alert saying they are about to make or have made a "Funds Transfer" which they did not execute.
ABS advises customers to shut down the online banking, close the browser and contact the bank immediately if they experience any of these suspicious activities.
They are also are advised to read clearly, SMS notifications they receive.
They should also not enter any token or SMS OTP (one-time passwords) for transactions that they did not initiate or request.
Customers are also advised to install anti-virus software.
When visiting the bank's Internet banking website, customers should type in the URL manually and verify the website before providing login credentials.
Customers also should avoid visiting unknown and unsecured websites, and check the bank balances upon completion of each online transaction.
ABS said banks are increasing their vigilance and are monitoring suspicious online activities to counter these new online threats.
- CNA/cc
Posted: 29 September 2011 1228 hrs
SINGAPORE: The Association of Banks in Singapore (ABS) has issued a warning against a new computer malware dubbed "SpyEye" that targets local Internet banking applications.
It said there have been a few such cases.
It said whenever the customer tries to access the bank's Internet banking application from an infected computer, the malware attempts to create a fraudulent third party beneficiary addition and funds transfer.
ABS said customers who visit infected websites, open infected emails or download unknown files are vulnerable to the malware, which can also be transmitted through social networking sites.
Those logging in to Internet banking applications from an infected computer could see a web banner that claims be checking the computer's security settings
The login page will indicate that the transaction "may take 1-10 minutes to complete" or "security verification in progress".
It may ask for an additional SMS or token-based OTP (one time password) on the same login page in addition to the usual username and password.
ABS said a legitimate Internet banking website will only ask for your OTP on the second page after you have entered your password on the login page.
Customers may also receive an SMS alert providing them with an OTP when they did not login; or an SMS alert saying they have "Added a Payee" which they did not execute.
They may also receive an SMS alert saying they are about to make or have made a "Funds Transfer" which they did not execute.
ABS advises customers to shut down the online banking, close the browser and contact the bank immediately if they experience any of these suspicious activities.
They are also are advised to read clearly, SMS notifications they receive.
They should also not enter any token or SMS OTP (one-time passwords) for transactions that they did not initiate or request.
Customers are also advised to install anti-virus software.
When visiting the bank's Internet banking website, customers should type in the URL manually and verify the website before providing login credentials.
Customers also should avoid visiting unknown and unsecured websites, and check the bank balances upon completion of each online transaction.
ABS said banks are increasing their vigilance and are monitoring suspicious online activities to counter these new online threats.
- CNA/cc
