New malware threat to Internet banking users

Internet banking customers should be on guard against a new computer malware, said the Association of Banks in Singapore (ABS) on Thursday.
In a statement, it warned customers to look out for "SpyEye", a Trojan Horse malware that targets local Internet banking applications after a few cases were reported recently.
When a user tries to access the bank’s Internet banking application from an infected computer, the malware tries to create a false third party beneficiary addition and funds transfer.
Customers who visit infected websites, open infected emails or download unknown files are vulnerable to the malware, which could be spread through social networking sites as well.
Customers using an infected computer may experience one or a combination of the following, when they log in to their online banking site.

  • A web banner claiming to check the computer's security settings pops up.
  •  The login page will indicate that the transaction "may take 1-10 minutes to complete" or "security verification in progress".
  • It may ask for an SMS or token-based one-time password (OTP) on the same login page, in addition to asking for the username and password. According to ABS, a legitimate Internet banking website will only ask for the OTP on the second page after the password is entered on the login page.
  • Customers may also receive an SMS alert providing them with an OTP even when they did not login.
  • The SMS alert might also state that they have either "Added a Payee" or made a "funds transfer" when they did not do so.

ABS advises customers to stop the online transaction, close the browser and contact the bank immediately if they experience any of these suspicious activities.
They are also advised to read the SMS notifications they receive clearly and not enter any token or SMS OTPs for transactions that they did not initiate or request.
When visiting a bank's website, customers should type in the URL manually and verify the website before providing login credentials.
Customers should avoid visiting unknown and unsecured websites. They should also check their bank balance after completing an online transaction.
ABS said that they are increasing their vigilance and monitoring suspicious online activities to counter these new online threats.