SpyEye has been observed trying to trick users into reassigning their cellphone numbers to receive one-time passwords (OTP) from their banks by SMS. The social engineering scam (assuming SpyEye has already infected the target PC) is found on fraudulent pages injected into a users online banking session that falsely claim they have been assigned a OTP.
The fraudsters can then receive all future SMS verification codes for the hijacked bank account via the mobile network. A fraudster can then use the OTP to redirect/transfer funds from a customers bank account.
- Hiep Nguyen
View all comments