Almost a third of all fraudulent banking transactions now originate from the customer's own computer, as cyber criminals use increasingly sophisticated malware to hijack accounts, online security specialists warned yesterday.
To combat the ever-present threat of online crime, financial institutions across Europe have developed multiple security mechanisms such as encrypted card readers and complex security questions when customers log on to their accounts.
But experts are warning that the latest software used by criminals to steal money from people's accounts is becoming so clever that it fools the bank into thinking that they are making a legitimate online transaction.
Cyber-security experts have described the latest remote administration tools used to hijack people's computers – often referred to by hackers as "rats" – as "blood chilling" in their complexity and efficiency. Analysts yesterday illustrated how the latest malware could infect an unwitting person's computer and quickly persuade the user to send over vital security data such as log-on details and passwords.
The example they used came from a Russian hacker who was recently arrested with more than £140,000 in his house.
Using the latest trojan viruses, hackers infect a computer and communicate with their victims by pretending to be their bank, asking them for personal data which then enables them to log into their accounts and move money around. Until recently, less sophisticated malware meant that those hackers who had gained en-ough log-in data would still have to try to access a stolen account from a computer that was not the customer's, which often alerts a bank's al-arm systems and prompts further security questions.
Now the latest software allows the hacker to remotely access an infected computer's bank account from the customer's own machine without them knowing.
"This is a new combination and very alarming from a cyber-security perspective," Uri Rivner, head of cyber strategy at BioCatch, said. "We are starting to see this more and more. When I talk to banks in Europe, about 30 per cent of the fraud is coming from [customer] computers, which explains the risk."
An executive at a Dutch bank confirmed that such attacks are becoming increasingly commonplace. "This is happening at the moment," he said. "This is the main concern for the banking sector right now."
The increasing sophistication of malware is a constant headache for banking groups, which want to keep customers' money safe but easily accessible. The latest kind of attack was just one of many new developments in the hacking world that were being discussed at the RSA Conference in central London, one of the largest global annual gatherings of information security specialists.
Many of those at the conference accused privacy campaigners of hindering the cyber-security industry's ability to protect against new threats because data-protection laws often stopped large-scale sharing of information.