Free Download     |     Resource Center    |     Customer Login
1.877.No.Token (1.877.668.6536)
Live Chat
PhoneFactor Press Releases

Zeus-Style Malware Beats Out Password Phishing as “The Greatest Threat to Online Banking Today”

Survey Indicates That Banks Are Aware Of The Shift Toward Malware-Driven Attacks, But Not Fully Educated About What To Do To Protect Their Customers

December 8, 2010 – PhoneFactor, the leading global provider of phone-based multi-factor authentication, today released the results of its recent survey on the state of online banking security. The results point to a rapid shift in the prevalence of real-time attacks from online banking trojans, such as ZeuS, which are now more common than password phishing attacks, but a lack of understanding about what to do to protect against these threats.

The survey, conducted in November 2010, included responses from financial services professionals at more than 70 banks. Key findings in PhoneFactor’s study include:

  • Real-time attacks from online banking trojans (ZeuS, Clampi, etc), also referred to as Man-In-The-Middle attacks, are seen as the greatest threat to online banking today for more than half (51%) of survey respondents, and 69% indicated an increase in the frequency of these attacks over the last 12 months. In fact, 37% of respondents reported that online banking trojans are the most prevalent type of attack at their bank.
  • Password phishing and pharming were a distant second with 24% of respondents believing password attacks to be the greatest threat to online banking. These attacks, however, continue to rage on. 55% of respondents indicated an increased frequency of these attacks over the last 12 months.
  • Online ACH and wire transfers were seen as being most vulnerable to attack with nearly one in three respondents rating these types of transactions as either “extremely” or “very” vulnerable.
  • There is still widespread misunderstanding about whether current security measures, such as one-time-passcodes, protect against today’s top threats. Only 37% of respondents recognize that one-time-passcodes do not protect against ZeuS. Of those who recognize the weakness of these methods, 79% are either using today or plan to use next generation methods, such as out-of-band phone calls, transaction verification, and biometrics to protect against ZeuS.

“Password phishing attacks have plagued online banking for nearly a decade, but have been outpaced in the last year by a surge in real-time attacks from the likes of ZeuS, Clampi, and SpyEye, among countless other malware variants,” said Steve Dispensa, Chief Technology Officer at PhoneFactor. “Banks are implementing a number of measures to strengthen the security of their online banking platforms, which is unquestionably good. Unfortunately, many don’t understand the vulnerability of methods like one-time-passcodes, which these attacks easily circumvent. As banks become more educated, we expect them to move even more quickly toward methods like out-of-band authentication and transaction verification to protect against these threats.”

PhoneFactor defeats online banking trojans like ZeuS by verifying account logins and transactions through an out-of-band channel – the telephone network. PhoneFactor works by placing an automated voice call or sending a text message to the user’s registered phone number to authenticate account logins, ACH transactions, wire transfers, bill payments, and account changes. The account holder simply answers a call or responds to the SMS text message from PhoneFactor to authenticate. Because confirmation is completed through the telephone network, PhoneFactor protects against attacks initiated by malware running on the user’s computer as well as less sophisticated password phishing and pharming schemes. Real-time fraud notifications and voice biometric options are also available.

   Terms  |  Sitemap  |  Support  |  Contact               

PhoneFactor, Inc provides secure two-factor authentication services to leading companies worldwide. PhoneFactor's multifactor out-of-band authentication software is a cost effective, user friendly alternative to security tokens, fobs, certificates, and other 2 factor authentication methods.
Secure User Authentication: SSL VPN Authentication | Citrix Authentication | Web Authentication | Terminal Services Authentication | Tivoli Authentication | Online Banking Authentication
Two-Factor Authentication for Regulatory Compliance: Payment Card Industry Data Security Standards (PCI DSS) Compliance | FFIEC Compliance | HIPAA Compliance | NIST 800-63
Compare Phone Authentication to: Security Tokens | SMS Authentication | Biometric Authentication | Soft Tokens | Smart Cards | Certificates