dcsimg

Security Expert Warns of Online Banking Vulnerability

Download our in-depth report: The Ultimate Guide to IT Security Vendors

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

Red Force Labs CTO Yash K.S. has published a proof of concept video to demonstrate how a virus could be leveraged for a man-in-the-browser attack that manipulates HSBC Bank transactions in real time.

"In the clip, the expert shows how an unsuspecting user logs in to his HSBC online banking account using an account password and a one-time password provided by the OTP device," writes Softpedia's Eduard Kovacs. "While the user enters the details of the destination account and the amount of money he wishes to transfer, the cybercriminal that controls the virus works in the background and alters the transaction’s details to his own liking."

"The victim confirms the transaction, again with the OTP device, and completes it, but when he checks to see if the money arrived to its destination, he finds that not only the amount transferred is considerably higher, but also that the destination is a Citibank account, other than the one he chose," Kovacs writes.

Go to "Expert: Bank Transactions Can Be Manipulated Even If OTP Devices Are Used" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.

Submit a Comment

Loading Comments...