WASHINGTON — Remember all those phony emails that purport to be from your bank, asking you to click on a link and turn over your account information?
Cyber experts say criminals have moved on and are using new methods.
A cybersecurity banking official told a House Financial Services panel Friday that criminals are now sending emails claiming to be from someone other than your bank. Newer scams use The National Automatic Clearing House Association, the Electronic Federal Tax Payment System, the U.S. Postal Service, private delivery firms, telecommunications companies and social media providers.
One thing hasn't changed. Once an unsuspecting user clicks on a link, he or she is redirected to a server that downloads malicious software onto the victim's computer. The software captures the user's online banking credentials as they are typed
Called "phishing," this tactic involves sending an email that falsely claims to be an established legitimate enterprise in an attempt to trick the user into turning over information.
Michele Cantley, testifying on behalf of the Financial Services Information Sharing & Analysis Center, said that phishing "remains the most popular attack method that criminals use to infect victims' machines."
The center is a nonprofit organization funded by financial services companies, commercial banks, credit unions, brokerage firms, insurance companies, exchanges and clearing houses, and payment processors.
She said criminals are also using malicious advertisements, which appear on search engines and prominent news sites. When a user clicks on the link, malware gets downloaded onto his or her computer.
"A more recent method involves fraudulent messages sent from social media sites," she said. "These may include bogus friend requests, for example, that include links to malicious sites."
Cantley's organization, along with the Microsoft and the Electronic Payments Association, has gone on the offensive against phishing scams. They used a creative legal strategy as part of a civil lawsuit filed earlier this year to disrupt a major cybercrime operation that used malicious software to allegedly steal $100 million from consumers over the last five years.
The lawsuit targeted a global network of computers under the remote control of a criminal group that stole personal information, financial credentials and money, according to court records. The network, known as Zeus, has not been eliminated, but the action has made it much more difficult and expensive for the criminals to operate.
Mark Graff, vice president of the NASDAQ OMX Group, told the panel that his organization is not only concerned about rogue hackers or organized crime, but also attacks backed by national governments.
"It is not reasonable to expect individual companies, no matter how large or sophisticated, to independently stave off cyberattacks coordinated and backed by a foreign government," he said. "If our headquarters or our physical infrastructure were under attack from foreign missiles, the U.S. government would work with us to defend our company.
"The same needs to be true for cyberattacks, especially since the U.S. government is equally under attack from these foreign entities."
NASDAQ OMX Group owns and operates 24 markets, 3 clearing houses, and 5 central securities depositories, spanning six continents.
Associated Press writer Richard Lardner contributed to this report.
- How colleges take from the poor, give to the...
- Mistake or miracle: New evidence on the...
- Can't catch a break: America lags behind on...
- Delta ups ante in battle for N.Y.
- Low US energy prices make Euro leaders see green
- Utah ranks No. 1 for economic outlook for...
- Some unions angry about health care law
- Classically trained chef opens diner in...
- S.L. draws up airport plans 33
- Couples registry gets preliminary nod... 29
- US companies challenging contraception... 20
- Should we let wunderkinds drop out of... 13
- Obama opposes GOP bill on Keystone XL... 11
- IRS official to take the 5th at hearing 8
- Obama threatens veto of Republican... 7
- Utah ranks No. 1 for economic outlook... 7