WASHINGTON (7/24/14)--Threats seem to be contained to banks in Austria, Japan, Sweden and Switzerland so far, but researchers at the computer security company Trend Micro report that there is a sophisticated, multistage attack by cybercriminals that can get around two-factor authentication systems.
Two-factor authentication requires a user to enter a regular password and then a second, one-time password that has been emailed or texted to that user for that transaction. The intent of the second step is to make it harder to hack an account than stealing an online password.
Trend Micro found that hackers were able to bypass the two-factor systems at the European and Japanese banks through an attack that is launched by a phishing email that pretends to be from some popular retailer. The email offers bogus receipts that, if clicked, expose the user to malicious software. Then, when that consumer later tries to reach a real bank website, the software redirects the person to a site that is managed by the criminals (The New York Times July 23).
Researchers at Trend Micro have given the new attack on online banking the name "Emmental." Like the Swiss cheese, they said, online banking protections may be "full of holes."