(MoneyWatch) Computer security firm RSA is warning of an imminent cyber attack that could target customers of 30 banks. The scheme is part of a wider online assault of unprecedented scale and organization, according to the company.
The attack is expected to make use of a relatively little known Trojan malware that will have the ability to duplicate the victim's PC settings on remote machines, allowing criminals to mimic customers' time zone, screen resolution, browser cookies, IP address and more. Attackers will place fraudulent wire transfers and then prevent victims from getting notifications or confirmations through the use of what RSA refers to as VoIP, or voice-over-Internet Protocol phone-flooding software.
According to RSA, the gang behind the scam is recruiting as many as 100 "botmasters" to help orchestrate the attack, each one funded by an "inventor" who will supply the necessary hardware and software.
It appears American banks are particularly being targeted because their security is weaker than that of European institutions. For instance, few U.S. bank websites require two-factor authentication, or 2FA, while in Europe such protection is almost universally mandatory. 2FA requires users to log in using two or more different kinds of authentication, such as knowledge (like a password) and possession (such as a one-time code you can only get from your mobile phone).
Of course, it's unclear how large or successful this attack might be, but it should serve as a reminder just how fragile our online security is. Prepare for this, and other, attacks by:
- Ensuring you have unique and strong passwords for all of your financial accounts.
- Never clicking links that lead to your bank in email; navigate to the website yourself to minimize the risk of falling to prey a fake site, an online scam known as phishing.
- If your financial institution offers it, sign up for0two factor authentication.
Photo courtesy of Flickr user Todd Ehlers