Criminals threaten money sent by immigrants to their home countries
12 December 2008. Over 1,500 computers were scrutinised with alarming results: 30% of them had an outdated antivirus and 60% were infected.
According to a recent study by the United Nations, money sent by immigrants to their home countries amounted to over $300bn in 2006 worldwide.
As many as 190 millions migrant workers sent money home in 2007, according to the World Bank.
Remittances/fund transfers that could be tracked reached $337 billion last year, of which $251 billion went to developing countries.
Inadequately protected and often used for other purposes, (chats, downloads, etc.), the computers are not secure for online transactions. This lack of security could allow criminals to intercept authorised remittances using the following tactics:
A Trojan / Keylogger can be installed on the target computer capable of capturing screen information such as account numbers, banking credentials, PIN codes, etc. This would be facilitated by the high-risk behaviour of the people who operate the terminals and poor security standards, such as trial antivirus software and infrequent system maintenance.
A targeted phishing attack (pretending to come from one of the most popular money transfer entities) or infections with malicious codes that lead users to fraudulent Web pages. Any banking data entered on these pages would end up in the criminals’ hands.
As a result of these attacks, banking details of money senders could be intercepted by cyber-crooks who would then have open access to the victims’ accounts.
“The danger with these computers is that, unsafe as they are, they are very frequently used to conduct bank transactions. The risk is enormous as we are talking about very sensitive information being stored on infected, vulnerable computers”, says Dominic Hoskins, Country Manager, Panda Security UK. “This combination of lack of maintenance, low security consciousness and inappropriate end user behaviour results in highly vulnerable systems that are very easy for cyber-criminals to infiltrate.”
Preventing and protecting
For all businesses geared towards money transfer services, Panda Security recommends the following protocol:
1. Make sure you have an up-to-date anti-malware suite and set it to update regularly.
2. Make yourself aware of the security practices put into place before conducting your business. We suggest using banks accredited by the relevant authorities because they have higher security standards than most multi-service businesses.