Tech Talk: Fake financial websites, Experian breach (again), mitigating fraud, and more!
- FINRA alert: Fake financial websites
- Experian breached - again!
- Hack-for-hire group targets financial firms
- Vishing attack alert
- Combatting ATM deposit fraud
- Reducing bank fraud
- Brits to get Chase-branded digital bank
- Leveraging bank-fintech partnerships
- A CBDC analysis report
- Spam, Scams & Breaches
- Updates, Patches & Alerts
- and on the lighter side...
FINRA alert: Fake financial websites
Despite the global pandemic that sent shockwaves around the world and throughout the global economy, the U.S. stock market has been rebounding with a sense of euphoria. Just as the overzealous investors who are getting swept up in the momentum, opportunistic hackers are leveraging the market fervor to make a profit. In the latest massive wave of phishing campaigns that have been launched since the COVID crisis began, cybercriminals are masquerading as registered financial brokers and launching convincing phishing websites to pilfer personal data for illicit gain. The U.S. Financial Industry Regulatory Authority (FINRA) has issued a notice with steps member firms and registered representatives can take to identify and report the fake websites. FINRA has the details.
Experian breached - again!
As the proverb goes "fool me once, shame on you; fool me twice, shame on me," after being tricked once, one should learn from one's mistakes and avoid being tricked again. For a financial firm – or any company – being tricked by fraudsters once is bad enough. Credit reporting agency Experian has suffered a second major breach that has compromised the personal information of an estimated 24 million South African customers and nearly 800,000 businesses. The firm was tricked by an individual who fraudulently claimed to represent one of its clients and requested services from the firm that prompted the release of the data. Infosecurity has the details.
Hacking group targets financial firms
The financial sector always has been and always will be an attractive (and often lucrative) target for thieves and hackers. A hack-for-hire group dubbed DeathStalker has been targeting organizations in the financial sector since 2012. According to Kaspersky security researchers, the APT (advanced persistent threat) group is currently using tailored spear-phishing emails containing malicious files that, when downloaded, give the attackers access to infected machines to pilfer sensitive corporate data. Dark Reading has the details and a link to Kaspersky's detailed report.
Vishing attack alert
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint alert to warn about the growing threat from vishing (voice phishing) attacks targeting company employees. The attackers go phishing on social media and other public sites to harvest information on employees and use creative social engineering tactics to obtain targeted victims' credentials. Armed with those credentials, the attackers use it to access corporate tools to gather additional data or attempt to steal funds, reports Security Week.
Combatting ATM deposit fraud
Two major ATM manufacturers scrambled to deploy fixes for bugs that provided fraudsters with the ability to launch deposit forgery attacks – when fraudsters tamper with an ATM's software to modify the amount being deposited on a payment card and then quickly withdraw the cash before banks detect the errors. Diebold Nixdorf and NCR have released software updates to address the vulnerabilities. ATM Marketplace has the details.
Reducing bank fraud
Fraudsters are increasingly deploying new techniques ranging from phishing scams to identity theft to sophisticated botnets to steal money and get unauthorized access to sensitive data. More than $1 trillion is lost to financial crimes annually. In the third quarter of 2019, fraud increased by 30 percent, and, most notably, one in every five account openings were fraudulent. The key to mitigating account opening fraud is to leverage innovative technology to effectively authenticate customers and sniff out fraudsters who worm their way into bank systems. PYMNTS.com has the details.
Brits to get Chase-branded digital bank
In 2018 Goldman Sachs launched its Marcus digital bank (named after the bank's founder) in the U.K. and now boasts over 500,000 customers. Not to be outdone by their rival, American banking giant JPMorgan Chase is making plans to open a digital-only challenger bank across the pond in early 2021. Competing with other incumbent challengers, such as Monzo, Starling, and Revolut, the bank will launch under the Chase brand and will offer a range of loan products and open banking services. Banking Dive has the details.
Leveraging bank-fintech partnerships
Banks and fintechs that were once positioned as competitors have discovered the value of working together to increase access to innovative new products and services and expand their audiences. PYMNTS.com highlights some of these collaborations, from lending to cross-border B2B payments. In another fintech-bank partnership, Ally Financial has teamed up with Mastercard’s Vyze on a point-of-sale lending solution for merchants. Banking Dive has the details.
A CBDC analysis report
The interest in Central Bank Digital Currencies (CBDC) has increased amid the global pandemic with social distancing measures, people shying away from handling cash, and new fraud schemes targeting government relief payments. As central banks around the world explore developing their own digital currencies, a new report suggests that there is a huge variance in the approaches being taken. A working paper released by the Bank for International Settlements (BIS) highlights the drivers, approaches, and technologies behind the rise of the CBDCs. Finextra has the details and a link to the full paper.
Spams, Scams, and Breaches
- Sophos: Phishing scam targets Outlook users
- Sophos: Combatting BEC scams with CATBERT AI
- Threatpost: Lazarus Group targeting cryptocurrency firms on LinkedIn
- Forbes: Ransomware from the DarkSide demands millions from its victims
- Dark Reading: Phishing campaign uses legitimate file sharing platform to trick victims
- Security Week: Payment card data stolen from hundreds of websites using JS sniffers
Updates, Patches, and Alerts...
- US-CERT: Current Activity
- Security Week: Chrome 85 released with 20 security fixes
- Ghacks.net: Here is what is new and changed in Firefox 80.0
- Threatpost: Google fixes high-severity Chrome browser code execution bug
- Security Week: Microsoft Enables TLS 1.3 by Default in Windows 10 Insider Preview
See what other current hot cyber and technology topics affecting financial institutions BOL users are discussing in the Technology Forum.
And on the lighter side...
Do you remember what it was like when you had to dial-in to get online and wait patiently for pages to load? In today's fast-paced world and with the remarkable advances in technology, no-one should ever have to experience a slow internet connection.
First published on 08/28/2020