Tech Talk: SBA-spoofed phishing, safer banking, contactless cash withdrawals, and more!
- Phishing attacks spoof the SBA
- Criminals use legacy tech to bypass MFA
- RT scam alerts for bank staff
- Safer banking solution
- Contactless cash withdrawals
- A cloud-first bank collaboration
- Facebook launches financial group
- Cash App branches into lending
- More on the CBDC debate
- Spam, Scams & Breaches
- Updates, Patches & Alerts
- and on the lighter side...
Phishing attacks spoof the SBA
Since the COVID crisis began and government relief programs were launched, the Department of Justice and the Small Business Administration (SBA) have published warnings about fraudulent schemes using the pandemic and these programs as bait to trick innocent victims into giving up sensitive information. In yet another attack leveraging the COVID crisis, security firm Malwarebytes has discovered a new sophisticated phishing campaign that spoofs SBA loan applications in an attempt to steal banking credentials and other personal data. Because the scam contains a legitimate SBA email address and so closely duplicates the loan application, it can be difficult to detect. Tech Republic has the details.
Criminals use legacy tech to bypass MFA
Most banks, retailers, and other online sites now require multi-factor authentication (MFA) as an extra layer of security to verify users logging in to a website or app. Cybercriminals are finding ways to circumvent MFA by targeting legacy applications that don't support modern authentication. Email security platform Abnormal Security has reported that cybercriminals are zeroing in on mobile email clients and legacy email protocols, i.e., IMAP, SMTP, and POP, that aren't providing MFA protection. Threatpost has the details.
RT scam alerts for bank staff
Security firms have been issuing ongoing warnings about the increase in fraudulent activity and COVID-related scams. To help its branch employees detect and investigate potential scams, Australian-based Westpac Bank is adding an additional layer of security to monitor potentially fraudulent transactions. The bank is implementing real-time scam alerts that will help bank staff determine if a transaction is potentially high risk and allow them to pause or decline the transaction. Finextra has the details.
Safer banking solution
When deploying their nefarious schemes to steal victims' data and funds, criminals target the weakest link. In online retail banking, users' endpoints are generally most vulnerable to compromise. Cybersecurity company SentryBay is launching a white-label enterprise security solution that is highly effective in preventing online banking, identity-theft based, and card-not-present (CNP) fraud. With BankSafe, which fully meets the FFIEC's requirements for layered browser security with online banking, financial institutions can offer their customers a downloadable application with sophisticated anti-ransomware and advanced malware detection that protects against emerging threats. Business Wire has the details.
Contactless cash withdrawals
ATMs were originally designed to provide customers with convenient, anytime access to perform self-service transactions such as deposits and cash withdrawals. Amid the global pandemic, safety and hygiene protocols have become an essential consideration when using ATMs. Spanish bank BBVA is offering its customers safer zero-touch contactless cash withdrawals at ATMs. Using the bank's mobile app with integrated geolocation tech, the contactless ATM digital solution enables customers to find the closest NFC-enabled ATM, receive a code on their phone to complete a transaction, and use their smartphone to collect the cash without having to touch the ATM screen or keypad, reports Finextra.
A cloud-first bank collaboration
Britain's Standard Chartered Bank has entered into a three-year partnership with tech giant Microsoft that will accelerate the bank's digital transformation through a cloud-first strategy. Leveraging Microsoft's Azure platform, the bank will move a number of its core banking activities to the cloud. Subject to regulatory approvals, the bank anticipates that its new digital ventures, such as virtual banking and banking-as-a-service, will be cloud-based by 2025, reports Finextra.
Facebook launches financial group
Abandoning its plans for a digital coin after intense regulatory scrutiny, Facebook has unveiled a new financial group to oversee its payment and commerce efforts. The co-creator of its Libra cryptocurrency project is in charge of the initiative that gathers the social media giant's products and apps under one umbrella. The company's goal for Facebook Financial, dubbed F2 internally, is to drive payments via their four popular apps – Facebook, Messenger, Instagram, and WhatsApp – as an alternative to Apple Pay, Venmo, PayPal, or other digital currency platforms. Banking Dive has the details.
Cash App branches into lending
Fintech providers are increasingly branching out to offer additional financial services during the COVID crisis. With the impact the pandemic has had on the economy and the uncertainty surrounding additional stimulus relief, Square's mobile payment offering, Cash App, has launched a pilot program to offer its users small dollar, short-term loans. Initially testing the feature with a limited number of users, the loans are available for any amount between $20 and $200 with a 5 percent fee and must be paid back in four weeks to avoid additional fees, reports TechCrunch.
More on the CBDC debate
In a world where digital currency has moved beyond a trend to becoming the norm, the potential for creating central bank digital currencies (CBDC) has generated increased interest. In addition to transparency standards that would be required with CBDC to limit illicit activity, the digital currency would enhance financial inclusion for those who are unbanked. For those reasons and with an increased demand for contactless payments as a result of the coronavirus pandemic, the debate on CBDC has gained momentum. While there has been some question as to whether CBDCs should be "token-based" or "account-based," making that distinction is problematic since many digital currencies satisfy both definitions. New York Fed has the details.
Spams, Scams, and Breaches
- Threatpost: DDoS attacks cresting amid the pandemic
- Security Week: The U.N. reports 350% increase in phishing
- Help Net Security: Over 100,000 BEC attacks target thousands of companies
- The Hacker News: New ways that MS Windows users are vulnerable to hacking
- BankInfosecurity: Payment fraud BEC campaign targets executives' Office 365 accounts
- CIO Dive: Record-breaking number of cyber threats in the U.S. since the onset of the pandemic
Updates, Patches, and Alerts...
- US-CERT: Current Activity
- Threatpost: Samsung fixes critical Galaxy security flaws
- Krebs on Security: Microsoft Patch Tuesday, August 2020 Edition
- Security Week: Adobe patches 11 vulnerabilities in Acrobat and Reader
- Help Net Security: Intel, SAP, and Citrix release critical security updates
See what other current hot cyber and technology topics affecting financial institutions BOL users are discussing in the Technology Forum.
And on the lighter side...
While it may seem like time has stood still or moved slowly in the midst of the global pandemic, it is August and back-to-school season for most parts of the country. This year, stocking up on school supplies will include much more than pens, pencils, and backpacks as many schools turn to distance learning. To ease the stress of this "new normal," take a moment to enjoy this creative and funny distance learning parody.
First published on 08/14/2020