New development in post-transaction banking fraud

Trusteer has discovered that ZeuS-variant Ice IX seeks to divert bank-to-customer telephone calls to further obfuscate any fraud.

In a blog yesterday, Trusteer noted that Ice IX configurations are capturing victims’ telephone account details as well as stealing their bank account data. “This allows attackers to divert calls from the bank intended for their customer to attacker-controlled phone numbers”, it writes.

Trusteer gives an example where the malware first steals the ‘traditional’ data: user id and password, memorable information/secret question answer, date of birth and account balance. It then asks users to update their telephone number because it is essential for the bank to ‘have your up-to-date phone numbers so that we can contact you.’ The fraud is completed by a requirement for telephone account details because of a malfunction in ‘our anti-fraud system called Enhanced Internet Authentication’.

Telephone account details are used by the telephone companies to verify the identity of the subscriber and authorize account modifications such as call forwarding.

Amit Klein, Trusteer’s CTO, explained that “fraudsters are increasingly turning to these post-transaction attack methods to hide fraudulent activity from the victim and block email and phone communication from the bank. This allows attackers to circumvent security mechanisms that look for anomalies once transactions have already been executed by the user.”