Fraudsters are lurking where there is money and with the advent of Online Banking Services that becomes an obvious choice to steal money. With sophisticated technologies and with the ease of procuring hacking tools more amateurs are attempting to bypass the Online banking security.

In the U.K. (2022), cyber criminals stole over a whooping £1 billion, whereas in India (2023) financial frauds were well over 75% of overall cybercrimes. Globally, with remote working culture post the 2020 pandemic, the fraud cases have gone up significantly.

In this article we will first understand the modus of operandi of the attacker and then suggest robust solutions to keep them at bay.

What are the topmost attacks (2023)?

• Phishing, Smishing & Vishing - Believe it or not these types of attacks are still around for ages. The victims give away their Online banking credentials or OTPs making way for the fraudsters to steal money. Business email compromise is once such phishing attack where the victims are tricked to believe its genuine email and transferring money. Sometimes victims land on a fake website by clicking on links in an phishing email.

• Malwares - Once the victim clicks through links sent via email or SMS, sophisticated malwares are downloaded onto the victim's device that exfiltrate data or enable Man-In-the-middle attacks.

• Man-In-the-Middle (MiTM) - Attackers sit in between the victim's device and the online banking system and tries to sniff the traffic to either steal the credentials or tamper the payment details to re-direct money to the fraudster's account.
  

.

How to deal with such attacks?

On the part of the Bank they would need to bolster their defences at various layers viz., Client device, network, application etc.

When it comes to a compromised end user devices, Banks would need to run scans to check the device health, even before loading their mobile App or Online banking portal. There are indicators of jail-broken devices and hidden malwares that can be detected easily to prevent the fraudster from connecting to the Bank's online services. Look for in-session changes on the end user's device and prevent them from taking any further action.

Using Machine learning technologies, one can detect anomalous behaviours and prevent such requests to progress any further. Banks can verify the payee or beneficiary account at the point of making payments and make the victim aware of any red flags associated with the beneficiary account.

Triangulate the end user's location with their general banking patterns viz., day, time & payment amounts etc. to identify if that's a genuine user and challenge with additional verification i.e., knowledge based or 2nd factor authentication before letting them any further.

Overall if the End user is compromised it's the Bank's duty to protect their money by adopting and adapting to various different attack vectors.