New research and intelligence by Trend Micro™ TrendLabs℠ shows evidence of a sophisticated online banking scheme targeting Chase customers is currently underway. Mobile users are being targeted for sensitive login credentials regarding their Chase bank accounts. The last piece of the fraud campaign even asks the end user to upload a photo of their government issued identification card. The addition of the government identification card significantly improves the resale value of these credentials on the black market. Prices range from $2-$25USD for these types of personal artifacts. We have also seen prices for other well-known banking credentials sore as high as $1,000 USD depending on the bank and balance of the acquired account. A massive amount of threat data is being analyzed by our researchers across the globe to determine where these activities are happening, what the dynamic of the attack looks like and essentially how their targets (end users) can defend against this attack.
As always, TrendLabs℠ is making this research available not only so Chase banking customers can protect themselves, but other mobile banking customers can as well. In addition to the specifics of this attack, our researchers have provided information on the precautions end users should take to become aware of these types of activities and the tools they can use to combat these types of fraud attempts.
Over the last year, especially with the recent release of our Q2 2013 Threat Report-Mobile Threats Go Full Throttle, Trend Micro has chronicled the evolution of mobile cyber threats and how threat actors are taking direct aim at the world’s mobile device ecosystem. As heavy users of these devices, we must respect and appreciate the new attack vectors in which cyber criminals are leveraging to acquire banking and personally identifiable information. Additionally, we must take great care to ensure our devices are protected and become educated regarding the nefarious techniques used by crafty cyber criminals and professionals to extract our electronic wealth, both personally and professionally.
To understand the scope of the threats it’s important to note that Trend Micro’s Mobile App Reputation Service has detailed more than 820,000 pieces of malware and high-risk mobile applications through July in the major Android marketplaces. Alternatively, another area of great concern is the spoofing campaigns utilizing malicious mobile banking websites and dynamic DNS platforms to increase the effectiveness of the overall fraud campaign and improve the probability for higher payouts.
It’s not just Trend Micro calling this out. Recently, the UK House of Commons House Affairs Committee released a report on E-crime and goes on to explain that these types of crimes and the monetary gains they produce have become even more lucrative than the drug industry. Let’s not kid ourselves, cybercrime is a major factor in the drug industry for moving money, bankrolling operations as well as improving the overall logistics of how the industry operates. The two business models combined can make a lethal cocktail and unfortunately victims of cybercrime often have their money channeled into very unethical activities related to crime and even national security implications.
It is paramount to combine global threat intelligence regarding platform-based mobile applications as well as web reputation for known malicious/infected web properties to help consumers and businesses reduce their risk for fraud and device contamination. Together they help usher away sites such as the fake Chase login page designed to spoof and acquire your precious banking credentials. In order to give you and your business an adequate defense against cybercrime remember to take focused action and the following precautions:
- Although discussed ad nauseam, do not click on suspicious attachments or links. No matter what device you are utilizing.
- Install and maintain device specific security software for your mobile device, PC or Mac computer that incorporates antivirus, secure browsing and firewall protection as well as integration with the latest in threat intelligence for web reputation.
- Keep a common bookmark list for trusted banking and credit card sites. Ensure these sites always are protected by the lock icon (usually close to the URL/address window) indicating you are utilizing a SSL (Secure Socket Layer) protected website. Although cybercriminals are also capable of installing their malicious sites on an encrypted channel and you have to be aware of this as well, it is one of the first things you must check when accessing a web site when conducting a sensitive transaction.
- Make sure all operating system patches/versions are up to date. This includes current versions of the trusted applications you have residing on your mobile device or other computing platform in which you will conduct financial business. Exploit kits are designed to find and penetrate systems that are not properly patched. Improve your chance against exploitation by keeping current with patches.
Countermeasures for device protection are also being incorporated into our cloud security and Big Data platform, the Trend Micro™ Smart Protection Network™. This integrates directly with our mobile security solutions as well as our other leading virtualization, cloud and content security solutions. This provides consumers and businesses the latest defense mechanisms against these types of fraudulent attacks.