Criminals are defeating multifactor, knowledgebase and other forms of authentication to compromise a wide range of Web applications to steal money and personal information. Beyond online banking, there are personal wealth management portals, corporate treasury systems, board portals and trust services, just to name a few. In addition, there are Web applications used by bank employees, such as the wire system or web mail. All of which provide tempting targets to criminals looking to either directly steal money or gather personal information that can be used in separate fraud schemes. To stop them, you need to know how they operate.
This white paper:
- Describes four threat scenarios that demonstrate a range of techniques to bypass authentication, attack different portals, and move money through a variety of channels;
- Explains the common threads though all of these schemes, regardless of the techniques used;
- Suggests an effective strategy based on user or account holder behavior to detect unauthorized access.