Software

mTAN method for online banking is Cracked

So far was online banking transaction numbers, which in the short term can be sent out for each operation via SMS as fairly safe. But at least customers of Telekom had to experience the opposite now. The company advises customers to precautionary measures.

Who wants to transfer money online need a Transaction Number, short mTAN. Earlier, you got long lists of paper with these six-digit numbers, which were executed one after the other by his bank. Were gone, there was a new piece of paper. On these papers, you had to fit well, because if someone had the list and cracked also have access to online banking, he could the account whitespace cheerfully, without big to attract attention.

The procedure with mTAN, so mobile numbers that come with each transaction via SMS from the Bank, should make online banking more secure. However, cases were known already in the past year where scammers are provided access to the mTAN and thus led money of the victim on their accounts.

Scammers masquerade as mobile phone dealer – mTAN method for online banking is Cracked

Now, the Süddeutsche Zeitung reported by a series of fraud after this scam in which the perpetrators have captured around one million euros in recent weeks. Only bank customers with a mobile contract of Deutsche Telekom were affected. The principle: The scammers spying about phishing or other espionage procedure from the computer of the victim’s online banking login details and gain access to the customer data of the mobile phone contract in a similar way. Then they spend themselves at Telekom as a mobile reseller, order a replacement SIM card in the name of the customer. They can then send the TAN, with which they can withdraw money from the account of the victim on this SIM card.

Telekom
Deutsche Telekom has confirmed the series of fraud in online banking.

According to Deutsche Telekom, but only a detail is new to this method. In the cases in the previous year was similar to acts been, only had himself the scammers not as a dealer issued, but as the mobile customer myself. “We have reacted immediately with the intensification of security measures, as the cases have become known”, said a Telecom spokesperson told Ingenieur.de.

Improved identification of dealers

So, according to the company, the vulnerability has been closed. mTAN method for online banking is Cracked. Now would the perpetrators with the dealer scam but its approach “refined”. The Telecom spokesman said: “basis of the approach are still chopped customer’s computer, the customer data being spied. With this data, the perpetrators pretend to enable a new replacement SIM card dealers on behalf of their customers. Deutsche Telekom has responded promptly after becoming aware of this scam and Toughens its measures for the merchant identification.”

Online-Banking
Acting as virtual telecommunication company scammers masking himself behind SSL protocols with different, but valid encryption. This simple action is possible because quicker to operator DNS response actions.

Telekom stressed that not the process of online banking has been hacked as it is stated in some media. The fundamental problem lies in the backup of each computer. The company therefore recommends each user the usual: current virus protection, current software, regular information about phishing schemes and other types of attacks.

Telecom sent out mass information about malicious code

It is remarkable what attached the Telekom to her statement to Ingenieur.de: “at the same time we inform affected customers, if we have knowledge of them, that your computer with malicious code is infected. Currently we send on average. approximately 200,000 of such mails and letters per month”