The Computer Emergency Response Coordination Center (MAHER), affiliated to the Telecoms Ministry, has identified and blocked 950 suspicious payment gateways since the beginning of the current calendar year in March.
The center says it has used special anti-phishing applications to block the suspicious gateways.
Citing data from cyber police, IBENA reported that illegal withdrawal of money from banks accounts for 65% of cybercrimes in Iran.
Widespread phishing has become a crisis for the domestic banking system in recent months. The Central Bank of Iran Governor Abdolnasser Hemmati on Wednesday pointed to the myriad of complaints from bank customers to cyber police, saying that most of the complaints are related to abuse of non-card transactions.
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message or text message.
With phishing activity taking a toll on the banking system, insurance companies recently announced their readiness to insure bank accounts.
In November, head of the Central Insurance company of Iran Gholamreza Soleymani spoke about a plan to protect insurance policyholders against phishing scams, saying that it could be approved before the current fiscal year is out next March.
Phishing activity has prompted banking officials to make one-time passwords obligatory for online payment.
The central bank announced in November a deadline based on which using the OTP would be obligatory for all non-card transactions from Dec. 22 and static passwords will be deactivated.
The one-time password, developed to address shortcomings of static passwords, is a code valid for a single login or online transaction on a computer system or other digital devices that gets discarded in 60 seconds.
This means that a potential intruder, who manages to record an OTP that was already used to log into a service or make a transaction, will not be able to abuse it because it will no longer be valid.
The crucial role of OTPs is that unlike static passwords, they are not vulnerable to replay attacks. An OTP is more secure than a static password, especially a user-created password, which may be weak or reused across multiple accounts.
Setting up OTP services is expected to significantly improve the safety of daily bank transactions.
“By launching the OTP service the number of phishing attacks is expected to be done away with,” Hemmati was quoted as saying by IRNA.
Worldwide Fraud
Fraud losses worldwide reached $27.85 billion in 2018 and are projected to rise to $35.67 billion in five years and $40.63 billion in 10 years according to The Nilson Report, the leading global card and mobile payments trade publication.
Fraud losses are incurred by payment card issuers, merchants, acquirers of card transactions from merchants, and acquirers of card transactions at ATMs on all credit, debit, and prepaid general purpose and private label payment cards issued around the globe. Losses of $27.85 billion in 2018 were up from $23.97 billion the year before.
The United States accounted for $9.47 billion in fraud losses in 2018. Even though cardholders in the US generated only 21.54% of $40.582 trillion in global card volume in 2018, US companies incurred 33.99% of total card fraud losses worldwide.
