Banks should presume that customers’ computers are infected rather than...

wealthy corporate bank accounts (http://xrl.us/bne4bs). While it should come as no surprise that large organized crime groups are focusing on online banking sites, the attacks sparked a lot of attention for several reasons, ENISA said: (1) The attackers reduced manual intervention to a minimum, relying heavily on automation, and the assaults were fast and easily missed by users. (2) Banks’ protective measures, such as two-factor authentication and fraud detection, were circumvented. Users didn’t notice this immediately because the bogus transactions were hidden by malware that inserted JavaScript into pages. (3) Only PCs from users with high bank balances were targeted. The cyberattacks came in three phases, it said. Criminals targeted accounts using online reconnaissance and phishing, and singled out victims with high balances, it said. They then loaded malware onto victims’ PCs that was customized for victims’ online banking sites. The malware was triggered when a victim started an online session, it said. Later, automated fraudulent transactions were carried out in the name of the users and hidden from them behind warning and waiting messages, it said. The malware transferred money from savings to checking accounts, and then to mules abroad who took the cash and sent it onward using person-to-person money transfer such as Western Union, it said. ENISA recommended that banks: (1) Assume all PCs are infected and use protection measures to deal with that. (2) Secure online banking devices and help protect customers from fraudulent transactions by, for example, cross-checking with them about the value and destination of certain transactions via a trusted channel or device. (3) Aim for strong global collaboration in terms of prevention and response.