We regularly hear from financial institutions how much they appreciate information we share about the latest banking fraud activities. Towards that end, this post pulls together recent news stories across the spectrum of banking fraud developments.
We also distribute this as a monthly Fraud Factor email. If you’d like to be added to the distribution list, please go to our Contact Us page.
Hackers Prove FBI Breach, While New IRS Security Solution is Itself Breached
Hackers made good on a threat and published contact information for 20,000 FBI employees, just one day after posting similar data on almost 10,000 DHS employees. The information contained names, titles, phone numbers and email addresses. After the hackers published the DHS data, they tweeted, “Well folks, it looks like @TheJusticeDept has finally realized their computer has been breached after 1 week.”
To protect the victims of the IRS data breach from further harm, the agency provided them with “Identity Protection PINs.” The PINs are secret codes those taxpayers now have to put on all of their tax returns, or the IRS won’t accept them. However, if someone loses their PIN, they can retrieve it from the IRS website. And, ironically, that login process is secured by the same technology that hackers broke through in the original data breach.
Earlier this year, it was reported that Wendy’s, America’s third-largest burger chain, was investigating a possible data breach impacting locations in the Midwest and on the East Coast. Now, it seems that credit unions are experiencing a high level of debit card fraud, as well as major losses, due to the fast food chain’s breach.
ATO Insights, New BEC Variation, and Payday Loans Scam Lead New Attack Headlines
Organized crime rings are amassing bot armies for password-cracking attacks on personal accounts in retail, financial, gaming, and other consumer-facing services. What makes ATO attacks so dangerous is that they target accounts that are created by real users and contain valuable information such as financial data. Based on the number of data breaches that took place in 2015, it’s likely that the stolen credentials will be used heavily toward ATO attacks in 2016.
There’s a new twist on a tax scam that puts filers’ information at risk: fraudsters pretending to be a company’s CEO. In a variation on the much-discussed Business Email Compromise (BEC) scam (see next article), fraudsters are targeting workers in human resources or accounting, sending email posing as their CEO and asking for the company employees’ W2 forms, which provide everything the fraudster needs to file a fraudulent tax return.
The FBI has revised its estimates of the impact of the Business Email Compromise (BEC) scam. It now reports a total of $2B lost worldwide from over 12,000 businesses. (see our BEC Scam Detection Kit for best practices for businesses and FIs to detect this scam.)
This newly-uncovered scheme involves fraudsters posing as payday lenders, promoting their services online. Part of a new client getting approved for the loan is to show “good faith,” which ends up involving laundering money from fraudulent checks deposited using RDC.
NCR is warning about skimming attacks that involve keypad overlays, hidden cameras, and skimming devices plugged into the ATM network cables to intercept customer card data. The company has received reliable reports of NCR and Diebold ATMs being attacked through the use of external skimming devices that hijack the cash machine’s phone or Internet jack.
Malware Back in the News
Leading banking Trojans are expanding their targets, taking aim at industries outside banking to compromise financial accounts and other information. Some of these malware strains also have shifted their focus from targeting big bank brands to smaller financial institutions. And the botnets are proving difficult for law enforcement officials to take down.
The Dridex banking Trojan was built to harvest banking credentials. Symantec has found that recent spam campaigns spreading Dridex malware are operating on a vast scale, with millions of new emails being sent out on a daily basis. The attackers are disciplined and professional. They operate on a standard working week, continually refine the malware, and put significant effort into disguising their spam campaigns as legitimate emails. The result: Dridex is now one of the most dangerous pieces of financial malware in circulation.
The recently discovered Metel crimeware package contains more than 30 separate modules that can be tailored to the computer it’s infecting. One of the most powerful components automatically rolls back ATM transactions shortly after they’re made. As a result, people with payment cards from a compromised bank can withdraw nearly unlimited sums of money from ATMs belonging to another bank.