Trusteer discovered Ice IX configurations that extract telephone account numbers from victims New variants of the Ice IX online banking Trojan program are tricking victims into exposing their telephone account numbers so that fraudsters can divert post-transaction verification phone calls made by banks to phone numbers under their control, researchers from security vendor Trusteer warned.Ice IX is a modified version of ZeuS, one of the most successful and sophisticated online banking Trojans to date. Like its parent, Ice IX has the ability to manipulate the content displayed in browsers used by its victims and inject rogue Web forms into online banking websites.The rogue forms are usually used to extract online banking credentials along with other security information like secret questions/answer pairs and date of birth. However, new Ice IX configurations analyzed by Trusteer researchers also display forms that ask victims for their telephone account numbers, a piece of information used by telephone companies to verify the identity of their subscribers.“The victim is asked to update their phone numbers on record (home, mobile and work) and select the name of their service provider from a drop-down list,” Trusteer’s CTO Amit Klein said in a blog post. “In this particular attack, the three most popular phone service providers in the UK are presented: British Telecommunications, TalkTalk and Sky.” The Trojan then asks victims to input their telephone account number under the pretext of a malfunction of the bank’s anti-fraud system with its landline phone service provider. U.S. online banking customers are also targeted, Klein said.Trusteer suspects that this information is used by fraudsters to access the telecom operator’s self-service center and enable call forwarding for the victims’ phone numbers without their knowledge. However, the security company doesn’t have access to any data proving that such an attack has occurred, Klein said in an email. The existence of dedicated caller services contracted by cybercriminals to impersonate bank customers and confirm fraudulent transactions can serve as indication that fraudsters need to have post-transaction verification phone calls forwarded to numbers of their choosing.“Fraudsters are increasingly turning to these post-transaction attack methods to hide fraudulent activity from the victim and block email and phone communication from the bank,” Klein said. “This allows attackers to circumvent security mechanisms that look for anomalies once transactions have already been executed by the user.” Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe