Combating the invisible bank robber: RMIT expert

By Dr Jonathan Crellin
Tue, June 4, 2024 | 7:32 pm GMT+7

In the past, bank robbers wore masks, but now you cannot see them. In the digital era, second device authentication is the best method of combating the invisible bank robber, wrote Dr Jonathan Crellin, program manager in cybersecurity at RMIT Vietnam.

 Dr Jonathan Crellin, program manager in cybersecurity at RMIT Vietnam. Photo courtesy of RMIT.

Dr Jonathan Crellin, program manager in cybersecurity at RMIT Vietnam. Photo courtesy of RMIT.

Second device authentication (where a code is sent to a second device) is secure, but not invulnerable. For example, a bad actor can create a simulation of a banking login system, and simulate the request for an OTP via text message, or by using a bank app. When the customer enters the OTP into the simulation, the criminal can then use it to log in to the real bank account and take control of the account.

The bad actor may simulate some forms of system failure (“website unavailable please log in later”), so the customer does not immediately realize something has gone wrong. This is one reason why your bank tells you “…never to follow a link sent to you (for example: by email)” as this can contain a very similar URL pointing to a fake, simulated bank site.

From your point of view, always use a legitimate link or web address for your bank. If you use a banking app, download it from a legitimate source, such as the Play Store or Apple’s App Store. If your phone is compromised with malware, it can facilitate a bad actor gaining access to your phone, using apps, seeing received text messages, controlling the phone remotely, running apps, and extracting information.

SIM swapping has been a very popular technique in recent years. This involves a criminal tricking a mobile network company into reissuing a replacement SIM card linked to the same original number. This is often used with high-profile targets. It is an easy attack if the bad actor can obtain personal information about the victim, which may be recoverable from a dark web marketplace. Once the new SIM is reassigned, the original SIM will stop working.

Another technique that was used in the past was SIM cloning. Here, a duplicate SIM is created which has the same IMSI number (the SIM’s network identity number), authentication number (KI), and phone number as the original SIM. This technique became difficult from 3G onward, as the KI is difficult to recover. However, many IMSI KIs can be found for sale on dark websites, so if someone was unlucky, their IMSI might have been listed.

If a bank identifies that their app was used on a different type of device than usual, this suggests that SIM cloning or SIM swapping may have occurred. The bad actor using another phone can set up biometric authentication with the banking app that uses the bad actor’s biometrics. From the app’s point of view, the correct person is using the app since the app relies on the phone’s biometric system to confirm the identity of the user.

In SIM cloning, the bad actor would need some data from the original SIM, then write these to a new programmable SIM card. Then they have a phone with a SIM that pretends to be the victim’s phone. Both phones will work, but only one at once. The bad actor can send a text from another phone, pretending to be the cell network provider, instructing the victim to turn off their phone for a network update. Whilst their phone is off, the bad actor connects to the bank, transfers money, and then turns off the cloned phone. When the victim turns their phone back on, it reconnects to the network without any immediate indication of the attack.

From the bank's point of view, thefts are often due to customer errors, perhaps leaking too much personal information. The bank's systems are usually as robust as they can be (but still usable for most customers). Criminals rely on people’s carelessness, trust and naivety.

The lesson here is treating your phone and SIM as if they have the same value as all the money in your bank accounts. To enhance security, consider using dual SIM card phones and use one SIM only for things like financial transactions, and the other for less important activities. Be careful not to share the secure phone number and detailed personal information you use for financial transactions anywhere other than the bank. Exercise extreme caution when downloading apps, ensuring they come from legitimate sources. Additionally, contemplate the use of an additional phone with a separate SIM if you plan to use riskier applications.

Authentication poses a significant challenge across all internet activities, especially in financial transactions. Over the years, we have seen numerous advancements in authentication, alongside evolving criminal tactics. IT and cybersecurity programs at many universities in Vietnam equip students with the skills and knowledge about the strengths and weaknesses of current authentication systems. These students will be at the forefront of developing and implementing the next generation of technology.

Crime is never going to go away. Every lock we make or system we develop will have some weaknesses, especially if those using them are careless. The motivation to steal money is so strong that there will always be people who work out how to break into systems. But at its best, the digital world does bring many benefits and conveniences, just be careful and aware of what you share and the security of your devices.

From July 1, people in Vietnam transferring money over VND10 million ($393) must authenticate by face and fingerprint.

Comments (0)
  • Read More
Southern Vietnam province okays 2 FDI projects totaling $57 mln

Southern Vietnam province okays 2 FDI projects totaling $57 mln

Tay Ninh province on Friday granted investment registration certificates to two foreign projects worth a total of $57 million.

Industries - Sat, November 23, 2024 | 3:30 pm GMT+7

China’s Luxshare-ICT to up workforce in central Vietnam by 7 times

China’s Luxshare-ICT to up workforce in central Vietnam by 7 times

China’s Luxshare-ICT, a supplier of Apple, currently employs 11,600 people in Vietnam’s central province of Nghe An and is set to increase the workforce to 60,000-80,000 soon.

Industries - Sat, November 23, 2024 | 2:00 pm GMT+7

Japan’s plastics firm Riken opens 2nd plant in southern Vietnam

Japan’s plastics firm Riken opens 2nd plant in southern Vietnam

Riken Vietnam Co., Ltd. on Friday inaugurated its second plant in Vietnam in the southern province of Binh Duong after 10 years of operation in the country.

Industries - Sat, November 23, 2024 | 12:07 pm GMT+7

Indonesian gov't reveals investment strategy for 8% growth

Indonesian gov't reveals investment strategy for 8% growth

Indonesia’s National Development Planning Ministry has revealed its investment strategy for clocking 8% economic growth, including providing incentives and support tailored to each sector and region, for industrialization and downstreaming.

Southeast Asia - Sat, November 23, 2024 | 10:27 am GMT+7

Thai government plans to address bad debt

Thai government plans to address bad debt

The Thai government is planning to address public and small and medium-sized enterprise (SME) debt issues by deferring interest payments for three years on non-performing loans (NPLs) incurred after October 2023.

Southeast Asia - Sat, November 23, 2024 | 10:25 am GMT+7

Vietnam’s REE Corp undergoes leadership reshuffle as Singaporean fund raises holding

Vietnam’s REE Corp undergoes leadership reshuffle as Singaporean fund raises holding

Vietnam’s private utility firm REE Corp has announced changes in the board chair and CEO positions as Singaporean fund Platinum Victory Pte. Ltd. is seeking to lift its holding in the former to 42%.

Companies - Sat, November 23, 2024 | 10:20 am GMT+7

Indonesia, US seek to boost digital technology cooperation

Indonesia, US seek to boost digital technology cooperation

Indonesian Minister of Communication and Digital Affairs Meutya Hafid has met with U.S. Under Secretary of Commerce for International Trade Marisa Lago in Jakarta to discuss strengthening cooperation in digital technology.

Southeast Asia - Sat, November 23, 2024 | 10:06 am GMT+7

Philippines builds largest-ever solar farm

Philippines builds largest-ever solar farm

The Philippines has started building its largest single-site solar and battery energy storage facility, the Department of Energy announced on Thursday.

Southeast Asia - Sat, November 23, 2024 | 9:59 am GMT+7

Vietnamese women revive traditional vocations with modern innovations

Vietnamese women revive traditional vocations with modern innovations

Three Vietnamese women have made a mark for themselves and the nation’s agricultural sector by reviving traditional vocations using modern innovations and reaching out to the world with quality products.

Companies - Sat, November 23, 2024 | 7:35 am GMT+7

Sumitomo subsidiary acquires 49% stake in Vietnam’s top crop protection firm

Sumitomo subsidiary acquires 49% stake in Vietnam’s top crop protection firm

Summit Agro International Ltd., a member of Japanese conglomerate Sumitomo, has acquired a 49% stake in Hop Tri Investment Corporation, a leading crop protection firm in Vietnam.

Companies - Fri, November 22, 2024 | 8:25 pm GMT+7

E-wallets get thin as banking apps prosper in Vietnam

E-wallets get thin as banking apps prosper in Vietnam

E-wallets appear unable to compete strongly against online banking applications in Vietnam, several market observers say.

Banking - Fri, November 22, 2024 | 7:15 pm GMT+7

Use social media influencers in targeted manner for e-commerce success: Vietnam execs

Use social media influencers in targeted manner for e-commerce success: Vietnam execs

Vietnamese companies should use new generation influencers in a targeted manner, prioritizing specific market segments, standardizing quality and focusing on strong product categories to achieve e-commerce success, says Nguyen Ngoc Luan, CEO of Meet More Coffee.

Companies - Fri, November 22, 2024 | 4:26 pm GMT+7

VinFast’s parent, PV Power partner to speed up charging station expansion

VinFast’s parent, PV Power partner to speed up charging station expansion

Vietnamese private conglomerate Vingroup, the parent firm of electric vehicle manufacturer VinFast, and state-controlled PV Power have entered an agreement to develop charging stations across the country and promote rooftop solar installations.

Companies - Fri, November 22, 2024 | 4:11 pm GMT+7

Petrovietnam, Petronas to boost renewable energy cooperation

Petrovietnam, Petronas to boost renewable energy cooperation

Petrovietnam and Petronas, two state-owned oil & gas giants of Vietnam and Malaysia, will further cooperate in renewable energy, including exchange of information, knowledge, and experiences.

Energy - Fri, November 22, 2024 | 2:59 pm GMT+7

FTSE Vietnam ETF may heavily buy Vinhomes, sell Vingroup in upcoming reshuffle: broker

FTSE Vietnam ETF may heavily buy Vinhomes, sell Vingroup in upcoming reshuffle: broker

FTSE Vietnam ETF is forecast to strongly buy in several Vietnamese heavyweights such as Vinhomes, Hoa Phat, and Vietcombank in its upcoming portfolio reshuffle.

Finance - Fri, November 22, 2024 | 2:45 pm GMT+7

$681 mln central Vietnam urban area project eyed by Sun Group gets authorities' nod

$681 mln central Vietnam urban area project eyed by Sun Group gets authorities' nod

A VND17.3 trillion ($681 million) urban area project that is drawing the interest of major realty developer Sun Group has received an in-principle approval from Khanh Hoa province's administration.

Real Estate - Fri, November 22, 2024 | 1:53 pm GMT+7