Are fishing, malware (spyware, trojans, ransomware, keyloggers, ...) sending cybercriminals false e-mails with links to fake websites or viruses reading passwords for online banking accounts or other techniques used by cybercriminals as the most dangerous?
Please reply
Best wishes
Good question, Dariusz Prokopowicz. The way I see it, a cybercriminal's goal is to get to the money. In order to accomplish that goal, the cybercriminal needs to gain access to the bank's systems. Malware is typically used to gain such access, but the attacker needs to get it onto the target system. Fishing/phishing e-mails and fake websites are often used as delivery methods. Therefore, my answer will focus on malware.
I believe that spyware is the most dangerous. Unlike ransomware, it is designed to avoid detection as long as possible. Spyware can access cameras, so it can potentially act as a keylogger in addition to spying on bank employees; both can allow the criminal to discover how access a bank's systems.
There's one hack for which, unfortunately, there is no defence.
Picture the scene:
1. Hacker listens to your internet connection, waiting for you to login to your account
2. You access the bank, it prompts for username/password/second factor/third factor/fingerprint/whatever
3. You send whatever it asks for, and are now logged in.
4. The hacker directs you to a fake bank page, that looks like yours
5. Meanwhile, he transfers all the money out of your account, and logs out.
It doesn't matter how good the authentication system is, because it is the victim who sends all the credentials and, by the time you see what you think is your bank's page, it's too late. Even if you use a public key system, with encrypted transmission (Isomething like Diffie-Hellman) you do all the hacker's work for him.
Hi,
I would rank Spear Phishing Whaling as the most dangerous cybercrime against the banking sector. It targets highly ranked individuals in the banking (or other organisations) hierarchy who can be in possession of highly confidential information. Instead of targeting individuals using obvious phishing methods that most of them get intercepted by advanced spamfilters, including mobiles phones text messsages, and bargaining on a few cents, they sophistically target the big heads who have their hands on the big money. Whaling attacks require considerable preparation but the payload is quite high (Park and Rayz, 2018).
Regards,
Ref:
‘Ontological Detection of Phishing Emails’ (2018) 2018 IEEE International Conference on Systems, Man, and Cybernetics (SMC), Systems, Man, and Cybernetics (SMC), 2018 IEEE International Conference on, SMC, p. 2858. doi: 10.1109/SMC.2018.00486.
Adil Chebbaa made an excellent point about Spear Phishing/Whaling. Cybercriminals still use social engineering methods to get people to do things they should not do. Increasing awareness helps, but people still fall for such methods, especially "highly ranked individuals in the banking hierarchy".
Spyware if they wish to monitor and steal our data.
Ransomware not at all case
I think all of them are dangerous but malwares are the most dangerous , phishing at the 2nd place
But they all needed to mix with a social engineering attacks in real world to be effective.
- Badges
- Science topic