A few weeks ago Seattle-based financial services and data management firm Automatic Funds Transfer Services (AFTS) suffered a serious ransomware attack. A gang called “Cuba” hacked and stole approximately 20 months’ worth of AFTS data, including financial documents, correspondence with bank employees, account movements, balance sheets, and tax documents. The compromised data then was offered for sale on the dark web.

Business Email Compromise (BEC) scammers, who have made rich returns in recent years tricking organisations into transferring funds into their accounts, have found a new tactic which attempts to swindle Wall Street firms out of significantly larger amounts of money. According to a newly published-report by Agari, scammers are seeking to defraud Wall Street businesses and their customers out of US $809,000 on average per incident.

Having closed brick-and-mortar operations on March 16, 2020 for safety reasons, the nearly overnight shift to a purely e-commerce revenue model brought uncertainty. However, a rapid uptick in online sales provided a sense of relief, albeit short-lived. Our client became concerned when a closer look at the online transactions revealed an unusually large volume of electronic gift card purchases made using their private label credit card.

According to the Association of Certified Fraud Examiners, the money lost by businesses to fraudsters amounts to over $3.5 trillion each year. The ACFE's 2016 Report to the Nations on Occupational Fraud and Abuse states that proactive data monitoring and analysis is among the most effective anti-fraud controls.

Credit card attacks typically target point of sale (PoS) terminals at retail locations such as stores, restaurants and hotels. In the early stages of the COVID-19 pandemic, in-person retail activity greatly diminished, forcing criminals to seek other targets and to virtualize their operations.

Cybercriminals have been well ahead of the curve when it comes to cybersecurity in the online retail industry. Specifically, criminals have been exploiting changes in purchasing behavior that favor online transactions and adapting their methods to take advantage of the authentication challenges arising when a card is not present (CNP) at the time of the transaction.

“Joker’s Stash”, the largest dark web marketplace for buying & selling stolen payment card data, announced on January 15, 2021 that it is shutting down. The last day of activity will be February 15, 2021.

It’s the time of year when many of us will be taking a well-deserved break, but unfortunately for consumers and organisations, cyber criminals don’t take holidays. A year of unprecedented alarm and uncertainty, coupled with the growing sophistication of cybercriminals, has nurtured the perfect breeding ground for online scams, which according to the Australian Competition and Consumer Commission (ACCC) have jumped a staggering 42% this year—with nearly AU$7 million lost.1