Fake Login Pages To Steal Bank Data

Uploaded on 2023-12-01 in FREE TO VIEW, BUSINESS-Services-Financial

As retail banking services have been transformed by the Internet and Mobile technology, the apparent convenience of online transactions has come at a significant cost as cyber criminals have engaged in defrauding banks and their customers. Now, Australian bank users are being targeted in a new malware campaign. 

Unsuspecting victims are being deceived by highly convincing fake login pages on their banking apps, which appear to be authentic but are criminally motivated.

Customers of several major Australian banks are being deceived into downloading a malicious app in response to seemingly legitimate text and email messages from their bank. The messages contain links to a page that either tells you to download or to add some personal details. It is a new malware called Octo and it's the latest offering from cyber criminals which can be bought on the Dark Web.

Data obtained by the ABC television channel has uncovered what appears to be the first major distribution campaign of the malware which is capable of monitor telephone calls, collecting contacts, dodging antivirus software, bypassing multi-factor authentication and key-logging email and text messages. It can also do overlay attacks, which is what happens when hackers superimpose a fake login page over an authentic app, like the ones above, to trick you into giving up your credentials.

Many of Australia’s major Banks are caught up in this scam, including ANZ, Bank Australia, Bank of Melbourne., HSBC, WestPac and several others. Hundreds of Australians have reportedly become victims by downloading the malware onto their personal devices. 

The threat of cyber criminals using bogus login pages to steal banking information is pervasive. Banks and their online customers must be alert and resist complacency that their existing security measures are good enough to protect them and maintain their trust in online banking services. 

ABC:    McAfee:    NCSC:     TerraNova / Forta SecurityMalwarebytes:   Newsbreak

Image: Tumisu

You Might Also Read: 

HSBC Mobile Banking App Fails:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Global Effects Of The Internet On Society
Trouble At Three »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Siepel

Siepel

Siepel manufactures high quality shielded rooms and anechoic chambers dedicated to TEMPEST, NEMP & HIRF.

VNCERT

VNCERT

VNCERT is the national Computer Emergency Response Team for Vietnam.

Atempo

Atempo

Atempo is a leading independent European-based software vendor with a global presence. We provide solutions to protect, store, move and recover all your data.

Atlantic Council Digital Forensic Research Lab (DFRLab)

Atlantic Council Digital Forensic Research Lab (DFRLab)

The Atlantic Council’s DFRLab has operationalized the study of disinformation by exposing falsehoods and fake news, documenting human rights abuses, and building digital resilience worldwide.

ACM-CCAS

ACM-CCAS

ACM is a UKAS-accredited certification body helping businesses around the world perform to a higher standard. Our certifications include ISO 27001 and ISO 22301.

Cytomic

Cytomic

Cytomic is the business unit of Panda Security specialized in providing advanced cybersecurity solutions and services to large enterprises.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

Concentric

Concentric

Concentric Data Risk Monitoring and Protection. Deep Learning to discover, monitor and remediate risks to sensitive data on-premises and in the cloud.

Sovereign Intelligence

Sovereign Intelligence

Sovereign Intelligence provides automated insight into the relative intensity of hidden Cyber, Brand, and Financial Risks to your company.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

Qrypt

Qrypt

Qrypt has developed the only cryptographic solution capable of securing information indefinitely with mathematical proof as evidence.

Sourcepass

Sourcepass

Sourcepass is an IT consulting company that focuses on providing expert IT services, cloud computing solutions, cybersecurity services, website, and application development.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

RSK Cyber Security

RSK Cyber Security

RSK Cyber Security are a leading cyber security services company that uses services, consulting, and product knowledge to lower security risk across the board.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.