We regularly hear from financial institutions how much they appreciate information we share about the latest banking fraud activities. Towards that end, this post pulls together recent news stories across the spectrum of banking fraud developments.
We also distribute this as a monthly Fraud Factor email. If you’d like to be added to the distribution list, please go to our Contact Us page.
Why Consumers Don’t View Banks As ‘Trusted Partners’
Every FI wants its customers to view it as a trusted partner. But it appears that goal is far from being met. According to a new study, only one quarter (27 percent) of U.S. consumers view their financial institutions as a “trusted partner.” Our customers, however, report that one of the best ways to build trust is to proactively contact account holders about the suspicious activity that FraudMAP detects, even if it turns out not to be fraudulent. Clients appreciate the FIs taking responsibility for the security of their accounts.
Wide-ranging Threats Span Mobile, Phishing, Social Engineering and Social Media
Financial Services Attacked 300 Percent More Frequently Than Other Industries
A new Websense research study reveals that: 1) the finance sector dwarfs the volume of attacks against other industries by a 3:1 ratio; 2) hackers are spending huge amounts on reconnaissance and lures; 3) credential stealing and data theft are criminals’ primary objectives; and 4) fraudsters switch-up campaigns frequently to outfox FIs’ security measures.
Critical Flaws in Apple, Samsung Devices
A zero-day bug in iOS and OS X allows the theft of both Keychain (Apple’s password management system) and app passwords. In addition, a serious vulnerability in a third-party keyboard app that is pre-installed on more than 600 million Samsung mobile devices allows attackers to remotely access resources like GPS, camera and microphone, secretly install malicious apps, eavesdrop on incoming and outgoing messages and voice calls, and access pictures and text messages.
Phishing Campaigns Harder to Mitigate
The emergence of top-level domains, such as .xyz, has fuelled an uptick in spoofed websites being used to wage targeted phishing attacks. While the new .bank domain has a privileged position with a very stringent vetting process, others, such as .cn, do not, and almost anyone can use them to register new domain names, including criminals.
Call Center Fraud Targets Processors
The massive number of retail point-of-sale breaches over the last two years has fueled an uptick in call center fraud that targets payments processors. Using stolen card details obtained in retail breaches, fraudsters call payments processors before the transactions are flagged as suspicious by the issuing institutions and convince the call-center staff that the transactions are legitimate.
The Rise Of Social Media Botnets
Cyber criminals use social media botnets to disseminate malicious links, collect intelligence on high profile targets, and spread influence. As opposed to traditional botnets, each social bot represents an automated social account rather than an infected computer. Bot herders leverage botnets to distribute phishing and malware links across social media. The lucrative part of the attack involves selling the phished information or the myriad ways malware is leveraged to extort money, be it data theft, ransomware, blackmail, or banking Trojans.
Federal Employees Top Data Breach News
U.S. Officials Report Massive Breach of Federal Personnel Data
Initially reported to affect 4 million federal employees, the breach is now understood to include all federal employees and retirees, as well as one million former federal employees. The personal information that was stolen includes Social Security numbers, addresses, birth dates, job and pay histories, health insurance, ages, gender, race, and more.
Where Has All the Stolen Data Gone?
In her latest blog post, Avivah Litan from Gartner explains the “dark web” and theorizes about who is buying the data and to what end. She explains that hidden dark web black data markets are very different than the black markets where stolen credit card data is sold. In the dark web data markets, only 4-5% of the information is exposed to initial site visitors. The rest is buried farther down in what’s known as the Deep Web, and access to this information requires that potential buyers pass intense background check and credentialing process. The buyers mine these vast troves of data to determine how to infiltrate their desired targets in unexpected ways and with unexpected motives.
Team GhostShell Hacking Group is Back
A group of hackers known as Team GhostShell claims to have hacked a multitude of organizations, including financial institutions, government agencies, political groups, law enforcement entities, and universities. They are dumping the data via Twitter, including emails, user names, addresses, telephone numbers, dates of birth, and other personally identifiable information.
Beware of Rogue Banking Apps, Malvertising, and the Malware Stepping in for Gameover
Cybersecurity Article Highlights Risk of Rogue Banking Apps
In a sample of 350,000 mobile banking applications analyzed by RiskIQ, 40,000 apps, or about one out of every nine, contained adware or malware. These neo bank robbers have been brazen in carrying out some of their scams. One bank began receiving calls from disgruntled customers about its Windows mobile banking application not working properly. The study’s author explains, “The help desk kept filing tickets for the calls until it found out the bank didn’t have a Windows mobile app. It was an app in the Windows mobile store for their bank that people were downloading and using, and all it was doing was capturing the user information and sending it to Russia.”
Massive Malvertising Campaign Hits Users with Angler Exploit Kit
This attack is focused on users browsing several well-trafficked sites in Europe and the US. The attack leads users to the Angler Exploit kit to infect users with the Bunitu Trojan turning the infected system into a zombie computer, allowing the computer’s network connection to be used for subsequent malicious activity.
Dyre’s Rise to Top Financial Malware Threat
Researchers are crediting Dyre malware with filling the void left by the Gameover ZeuS takedown last summer. The malware uses several different types of Man-In-the-Browser (MITB) attacks against the victim’s web browser to steal credentials. It targets all three major browsers (Internet Explorer, Firefox, and Chrome), and has been configured to target customers at more than 1,000 banks and other firms.