Headlines News

Bank Trojans – how safe is your money?

11 February, 2013
ICT Africa Write
February 11, 2013

As financial institutions take advantage of ICT to effectively conduct their business, so are fraudsters determined to get your hard earned cash. For decades, there have been all sorts of Trojans used to defraud money from unsuspecting financial institutions. As banks get more sophisticated and find ways of protecting themselves, so are the fraudsters who always try to be a step ahead of the financial institutions. While the responsibility to safeguard your money in the bank lies entirely with the financial institution, it is important that you, the client, are aware of the fraudulent shenanigans out there and be vigilant enough to help your banker keep your money safely.

I first became aware of the Salami Trojan a couple of decades ago. The Salami was planted in a bank computer system and it would automatically deduct small amounts of money from thousands and sometimes millions of accounts and deposit the many into a fraudster’s designated account, amounting to hundreds of thousands of dollars. Because the amounts deducted from each account were too small, the account holder rarely noticed. More sophisticated variants of the Salami have been evolving over time.

Because it is now almost impossible for malware to sit inside a bank system for any length of time without being detected, sophisticated versions can sit on your browser after you log into your bank account, analyse the traffic, and react to it based on deep understanding of how the bank’s application works. The malware can then hijack the authenticated session to add a new account and transfer money in the background.

But banks are getting smarter, they now deploy protection layers to monitor the online sessions between customers and the bank provided web applications. These security systems can detect unusual activities during a customer session reminiscent of malware activity and take preventive action. Banks that deploy such types of security systems are able to detect and block such malware as Tinba, Tilon, Shylock and many other well-known bank malware.

Don’t get well rested yet, cyber fraudsters are going around this measure by bankers. Some of them now use a very old technique of luring you to a fake web page with the same feel and look as your financial institution’s page. (I remember kids in college setting up fake login screens on lab computers to steal passwords from their friends). Once the customer enters their login credentials into the fake page, the malware presents an error message claiming that the online banking service is currently unavailable. In the meantime, the malware sends the stolen login credentials to a fraudster who would login from a different computer and transfer money to an account of his choice.

The technique of creating a fake site is old and is really dependent on the perpetrator’s abilty to lure the unsuspecting victim to such a website. The following message from my own email box is an example of how fraudsters try to get you to use a fake sight to enter your bank login credentials:


Dear Absa Customer,
Due to numerous reports from most of customers,it has come to our notice that a new wave of sim swapping scam is active and on the rise, whereby your phone number is swapped with which access to your account is feasible and fraudulent activities are carried out in your account.

To prevent this notorious activity, we at ABSA have decided to verify that our customers have access to their sims by introducing a new security measure which was done via our SSL server upgrade.

To upgrade your account, please follow the link below to complete the process. It is compulsory that when you get the RVN,you must fill in the RVN sent to your mobile phone, this is the only way we can verify that the number is actually yours and with you. Failure to complete this process and confirm your RVN means a suspension and possible deactivation of your account for security reasons.
Go straight to your ABSA for procedures to follow or visit your nearest branch:
Click Here to continue
ABSA will not be responsible for loss of funds to hackers as a result of failure to comply with this important new directives. We are committed to serving you better. Bank and stay safe online. Security Management
Absa Group”

Typically, when a scheme is detected and becomes obsolete in the developing countries, “me too” fraudsters will try it in the developing world. While the bank is responsible for securing your access, thwarting fraudsters could be a lot easier if we were all vigilant and avoid being lured to fraudulent websites.


Make a Comment | Email this to a friend

Tell A Friend

Name :
Your Email :
Friend Email :
Message :