Authentication Tokens from Banks Make Mobile Phones Susceptible to Attacks
Bank customers are required to enter the security token number to complete third party payments through Internet banking.
While the SMS tokens have introduced an additional layer of security, they may encourage criminals to launch denial-of-service attacks on the mobile phones to disrupt its use by customers. Attackers may also intercept the message during transmission from bank to customer and forward it to their own mobile device. RSA has also warned against increased smishing attacks, the mobile variant of phishing attacks. The growth of mobile banking also makes mobile devices soft target for attacks. While spear phishing attacks are replacing phishing attacks on e-mail, mobile phones may face increase number of spam messages and smishing attacks. Online computer training programs may help users in understanding the possible sophisticated threats in the e-banking environment and help in conducting secure transactions.
Usually, manufacturers avail the services of ethical hacker certified experts to explore and identify the vulnerabilities in devices and applications. Banking organizations may work with stakeholders such as manufactures, software developers, telecom companies, regulatory agencies and IT security firms to ensure safe transmission of information.
IT personnel holding security certifications can help banks in improving the IT security apparatus and ensure safe banking experience for customers. While banks are now providing security tips and information related to threats to customers, they may also create awareness through online video programs and case studies to ensure adherence to safety precautions and practices.
EC-Council provides industry training and certification for information security professionals in ethical hacking among many other specializations. "Understanding how hackers exploit these vulnerabilities is a key requirement to hardening software and hardware. That is why EC-Council focuses on ethical hacking as an approach to information security evaluation" as stated by EC-Council's Senior Director, Steven Graham. EC-Council through its Certified Ethical Hacker program has trained such information security professionals from all over the world.
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.
6330 Riverside Plaza Ln NW
Albuquerque, NM 87120
Tag Words: internet banking, spear phishing, sms tokens, authentication tokens, phishing, smishing, security certification, sms, mobile phones, ethical hacking