Panda Security has conducted an assessment of over 300 businesses for sending money abroad. Over 1,500 computers were scrutinised with alarming results: 30% of them had an outdated antivirus and 60% were infected.
According to a recent study by the United Nations, money sent by immigrants to their home countries amounted to over $300 bln in 2006 worldwide.
Inadequately protected and often used for other purposes, (chats, downloads, etc.), these computers are not secure for online transactions. This lack of security could allow criminals to intercept authorised remittances using the following tactics:
• A trojan / keylogger can be installed on the target computer capable of capturing screen information such as account numbers, banking credentials, PIN codes, etc. This would be facilitated by the high-risk behaviour of the people who operate the terminals and poor security standards, such as trial antivirus software and infrequent system maintenance.
• A targeted phishing attack (pretending to come from one of the most popular money transfer entities) or infections with malicious codes that lead users to fraudulent Web pages. Any banking data entered on these pages would end up in the criminals’ hands.
As a result of these attacks, banking details of money senders could be intercepted by cyber-crooks who would then have open access to the victims’ accounts.
“The danger with these computers is that, unsafe as they are, they are very frequently used to conduct bank transactions. The risk is enormous as we are talking about very sensitive information being stored on infected, vulnerable computers”, says Dominic Hoskins, Country Manager, Panda Security UK. “This combination of lack of maintenance, low security consciousness and inappropriate end user behaviour results in highly vulnerable systems that are very easy for cyber-criminals to infiltrate.”
Preventing and protecting
For all businesses geared towards money transfer services, Panda Security recommends the following:
1. Make sure you have an up-to-date anti-malware suite and set it to update regularly.
2. Make yourself aware of the security practices put into place before conducting your business. We suggest using banks accredited by the relevant authorities because they have higher security standards than most multi-service businesses.
