SMS Smishing Scams Becomes New Threat For NatWest & Its Royal Scotland Bank
The security breaches are increasing day-by-day and most are related to online banking. Recently a scam occurred including a new strain of ransomware that rises the so-called technique which is known as ‘smishing’ i.e.; done by phishing technique using SMS.
According to a journalist of BBC Radio 4’s You & Yours Programme, this is suggested by News reports that both NatWest & its Royal Bank of Scotland were hacked. And the interesting thing is that the ‘hackers’ were using the new technique i.e. known as ‘smishing technique’ for stealing money from UK citizen’s accounts.
HOW THIS NEW TECHNIQUE WORKS:
SMS smishing is a new technique to hack the bank accounts and obviously, you might be looking for how this technique works?
Okay! This new technique works by blocking a genuine user’s phone before user get to know that why his/her device gone dead or stopped working. While attackers have all the power to control that device for exploiting with theft to the user’s account that’s why the user’s account become penetrable.
Whereas the NatWest told BBC that its systems would be changed due to the investigation of You and Yours programme.
And the managing director of NatWest Digital, Chris Popple has told the BBC, "This is a cross-industry problem, particularly with us [banks] and the telecom companies. We are working with Financial Fraud Action UK to make sure we're communicating with each other to make sure mobile phone security is as strong as it possibly can be."
The Action Fraud UK has also posted an example of a spoof text to a UK-based user i.e; Matilda Bourne who openly tweeted an example of the NatWest alert which is as follows: “Hi Customer, We can't seem to access your account because of a problem we are having with you Full Pin. Please confirm your Full Pin and Password by clicking on the link below to remain high levels of security.”
As well as the readers of SCMagazineUK.com found that the poor grammar is the first sign of a scam email or other form of alert.
WHAT THE TECHNOLOGY INDUSTRY SAYS:
The VP of Business Development at NuData Security, Robert Capps said to SC about smishing that it is just like a twist on the phishing technique which is an old scam technique that evolves the capability that each and every time the new technology comes in this field. And also, Capps said, “With this specific wave of smishing attacks, hackers fool customers into downloading their malware by posing as a legitimate, irrelevant app. The malware then takes over a legitimate SMS communication between the customer and their bank to social engineer the customer into giving away their PII information and access their account.”
He also argued about the fraud attackers that this is a very simple and general technology to hack any account by new smishing technique comparatively than open new account using an original or stolen certificates which are why account takeover (ATO) is alarming and, as we've been saying, on the rise.
On this, Capps advised few things about this technique that, “If your bank can't distinguish between legitimate users and fraudsters, even with valid credentials, it's time for them to move away from static data to protect accounts and move to behavioural analytics for authentication.
User behaviour analytics observes and understands how the user behave. Behavioural analytics looks beneath the surface of matching usernames, passwords and other means of authentication such as one-time SMS to truly understand user behaviour. These behaviour patterns reveal details that fraudsters can't fake despite their best efforts.”
A CALL FOR MORE PASSWORD MANAGEMENT?
Here are latest news reports from password management company, LastPass at the same time of this smishing technique reports. The respondents say that the biggest reason for remote access to an account is that they share the personal passwords.
According to a recent survey, it is found that out of 38% of respondents, 31% share the personal passwords that give someone the power of remote accessing any account and respondents also say that they usually share the passwords in case of an emergency.
The Vice President & General Manager of LastPass, Joe Siegrist said, “The fact that 75 per cent of people acknowledges the risks associated with sharing passwords continue to do so suggests they are not aware of more secure alternatives.”
Siegrist insists that a secure password manager featuring with sharing centre just like LastPass 4.0 almost overcome both of the issues that the passwords will be safe as well as this will be easy to store many different passwords according to your need.
THE ISSUE OF A NETWORK:
Here is a question arises from the side of Claire Cassar who is the CEO of Haud Company which offers mobile network as well as SS7 security services i.e; it is not possible to say that the mobile networks doing enough to protect consumers and also brands that use their services from this type of fraud scams? Because she believes that it is not sufficient to do anything with protecting from these scams. There is a need to trust on mobile services which help to prevent against the long term damaging attacks.
On this attacking story, Cassar speaking to the SCMagazineUK.com said that the SMS scams are increasing daily and it also arises the question for telecom industry which is really needed at this time to take the responsibility seriously to prevent the customers from bothering messages, spam or any sort of irrelevant activity on mobile networks.
Cassar also added, “The technology exists to rapidly identify and block this traffic, but not all networks are currently using it. Smishing and fraud SMS are a reputational time-bomb for network operators and as the volume of unsolicited messages increases the quality of service suffers. Some mobile users have even started taking matter into their own hands by installing message blocking and spam blocking apps on their phones, but this presents the risk of preventing legitimate messages from being received, further impacting on customer experience.”
And the final word of Cassar was, the time has come for the network operators to do something more for protecting from the unwanted SMS traffic or scams. Otherwise, the risk will create irreparable damage, and it will break the trust of customers over the telecom industry.