WHAT THE SUNDAY TERROR ATTACK MEANS FOR MALI—AND A... » WHAT THE SUNDAY TERROR ATTACK MEANS FOR MALI—AND AFRICA? At least two people have been killed in a ... Need to "Repeal the Perpetual Illegal Wars" » Charlie Savage of the New York Times reports in "Senators Wrestle With Updating Law Authorizing War ... After Terrorist Attack, Spain Rejected Its Hawks. ... » Email: sam@accuracy.org Husseini is communications director with the Institute for Public Accuracy.... Cisco includes Italtel’s enterprise SDN applicat... » Milan: Italtel has announced its Netwrapper application has been included in the official Cisco GPL ... InfinityQS upholds ISO 9001:2015 & ISO 27001:2013 ... » InfinityQS® International, Inc. (InfinityQS) has announced that it has successfully sustained its ce... New PT Application Firewall easier to deploy, co... » London: Cybersecurity expert Positive Technologies has announced a new version of its web applicatio... Logicalis acquires Packet Systems Indonesia to g... » London: Logicalis, an international IT solutions and managed services provider, together with Metrod... Revolutionary new AI event to launch in London -... » London: With discussion around artificial intelligence (AI) at an all-time high, MACHINA Summit.AI i... Basefarm acquires The unbelievable Machine Compa... » LONDON: Basefarm has announced their acquisition of the Berlin-based The unbelievable Machine Compan... PhishMe takes home SC Europe Awards 2017 » LONDON, UK: PhishMe® Inc. has announced that PhishMe Simulator™ and PhishMe Reporter® were recognise...

CLICK HERE TO

SOCIAL BOOKMARK

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to Vigilance Weekly

Appointments

Earlier this week, AdaptiveMobile released a blog post which examined application-to-person (A2P) SMS banking scams, specifically as they relate to identity theft. Attackers are increasingly using creative social engineering led approaches to trick individuals into giving away personal information, allowing an attacker to impersonate a victim resulting in financial gain for the perpetrator. The post also looked at the recent Barclay’s TV advert which examines the same topic.

 

Commenting on this, Robert Capps, VP of business development at NuData Security, said: "The lack of standard trust indicators in SMS, coupled with the seemingly organic deployment of SMS as a messaging and authentication channel for online transactions, has not only led to consumer confusion. It’s also opened a wide channel for fraudsters to socially engineer consumers into disclosing their personal information.

It’s also not an unique attack. Other convenient forms of consumer communication like email and telephone calls have been utilised by cyber criminals in similar ways in the past, so perhaps it’s no surprise to find creative uses of the same old trick being employed.

At the root of this issue, is the continued reliance on the traditional (but tired) username and password authentication framework. It’s still the sole method of verifying consumer identity in many non face to face transactions. Coupled with weak auxiliary authentication schemes that have been duct taped on top of this framework, such as SMS challenges, and secret questions and answers, it’s no wonder that consumer authentication is a mess.

Traditionally, online authentication boiled down to a choice between “effective”, “easy” and “low friction”, where you can only pick two options. Execs are always biased toward tangibles, so the option usually left on the ground was customer experience (friction). Growing respect for the value of customer experience, plus advances in behavioural techniques and evaluation of human interactional signals, has injected new life in to these tired techniques. The great part about these new behavioural authentication technologies is that they provide real security for customers and their accounts, without negatively impacting the customer experience.”