Virus and Spyware - New Fake Banking Cert Attacks In Play - eWeek Security Watch
Editor's Note: It dawned on me that I could devote this entire blog to stories about how insecure online banking is, but since we can fix it, I'll stay with the HomeATM PIN Payments Blog. Here's yet another serious threat, this time it's fake digital certificates, that HomeATM would eliminate with our PCI 2.0 Certified SafeTPIN device. Swipe Bank Issued Card, Enter Bank Issued PIN, and you're authenticated. And the data is encrypted and is NEVER in the clear. Keep It Simple indeed.New Fake Banking Certificate Attacks In Play
Researchers with security training experts SANS Institute have reported the emergence of a new wave of attacks seeking to take advantage of trust in online banking sites and digital certificate e-banking security programs.
The involved attacks target customers of Bank of America, asking targets to click through from e-mail borne links to URLs where they are asked to upload new digital certs to protect themselves when e-banking.
Of course, once an end user has clicked on one of the links on the phony BoA pages they are instead infected with malware.
As SANS expert G.N. White highlights in a blog post on the topic, technologically savvy users may be even more likely to fall for the campaigns as they specifically target people who are to some extent educated about, and aware of, digital certs and the role they play in protecting e-banking applications.
At the same time, the example White touts in his post actually tips its own hand by warning users not to worry if after clicking on its links they receive any computer warnings about "potential scripting violations."
How industrious.
Continue Reading at eWeek
