ITBusiness.ca | Business Advantage Through Technology

Follow Us Follow @itbusinessca Like us on Facebook RSS SUBSCRIBE

Main menu

Skip to primary content
Skip to secondary content
ITBusiness.ca Menu
  • News
    • Digital Transformation
    • Sales and Marketing
    • Leadership
    • Finance
    • HR
    • Creative Capital
    • Security
    • Mobile
    • Operations
    • Smart Home
  • CMO Digital
  • Digital Transformation
  • Podcasts
  • Videos
    • Unboxing for Business
    • All Hands on Tech
    • 2 Truths and a Lie with Canadian Technology Leaders
    • Speak Up!
    • All Videos
  • Blogs
  • Events
  • LightningPR
  • Slideshows
Thieves use victims’ SIM cards to hack into online banking
Security

Thieves use victims’ SIM cards to hack into online banking

ITBusiness Staff
ITBusiness Staff
@itbusinessca
Published: March 13th, 2012
Thieves use victims’ SIM cards to hack into online banking

Boston-based Web security firm Trusteer has uncovered a new scheme to raid online bank accounts.

Trusteer, whose clients includeING Direct, CIBC and other globalfinancial giants, previously deciphered attacks in which criminalsactually changed victims’ mobile phone numbers to redirectone-time-password (OTP) authorization systems used by banks to theirown cell phones.

Related Story | New mobile banking enemy

In the newly discovered method, the bad guys steal the mobile deviceSIM (subscriber identity module) card, thereby using it to bypass bandauthentication mechanisms.

Here’s an example of how it works: thieves use the Gozi Trojan to stealIMEI (international mobile equipment identity) numbers from bankaccount holders when they log in to their online banking application.The bank uses an OTP system to authorize big financial transactions.When they’ve got the IMEI number, the criminals contact the victim’swireless provider, report themobile device as lost or stolen, and askfor a new SIM card.

Once the thieves have obtained the new SIM card, all OTP’s intended forthe victim’s phone are sent to the device owned by the criminalinstead.
Trusteer will post a second example of how this fraud can be achieved,plus images to go along with it, on itsblog Tuesday.

Post to Twitter Post to Facebook Share on LinkedIn Share on LinkedIn Share with Google+
More Articles
Rogue online pharmacies mainly supported by two main domain name registrars
Rogue online pharmacies mainly supported by two main domain name registrars
Video Rewind: John Mayer's augmented reality music video
Video Rewind: John Mayer's augmented reality music video

Security

application, bank account, banking, Criminal, financial, fraud, IMEI, online, Security, trusteer, Web

Related Content

CES 2020: Some of the more useful gadgets

CES 2020: Some of the more useful gadgets

It’s time to showcase your Digital Transformation prowess

26,000 Attendees at the Celebration of Women in Technology Conference Support the goal of 50/50 Gender Equity in Technology by 2025!

hashtag trending

Hashtag Trending – Facebook admits to another data leak, Netflilx’s war on password sharing, Google voice-assistant training

Tweets by itbusinessca

GET NEWS AND INSIGHTS CRITICAL TO YOUR BUSINESS Receive the IT Business Newsletter and stay informed.

  REGISTER NOW  
Websites ITWC.ca IT World Canada.com Channel Daily News.com Direction Informatique.com
Community Subscribe About Us Contact Us Social Media Tech Videos Tech News Tech Blogs Tech Slideshows Tech Events CMO Digital
Find
Follow
Follow @itbusinessca  Like us on Facebook
© 2021 ITBusiness.ca