Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Fraud

Combat mobile phishing attacks targeting Financial Services with AI

Phishing attacks are a common attack vector for financial services organizations. Effective and simple to launch, phishing attacks challenge financial firms to protect their mobile workforce and harden their customer-facing apps. Mobile phishing, in particular, bypasses traditional perimeter defenses such as secure email gateways by targeting users via personal email, SMS and social messaging apps.

Phishers Using Fake Sharepoint Messages to Target Office 365 Details

Phishers leveraged fake automated messages from collaborative platform Sharepoint as a means to target users’ Office 365 credentials. Abnormal Security found that the phishing campaign began with an attack email that appeared to be an automated message from Sharepoint. To add legitimacy to this ruse, the attackers used spoofing techniques to disguise the sender as Sharepoint. They also didn’t address the email to a single employee but included multiple mentions of the targeted company.

Card Not Present Fraud - Protecting your rails to avoid the payment fraud train wreck

When it comes to card-not-present transactions, security is constantly a moving target. Between February and April, the peak period when COVID-19 was spreading across much of the US, cyber-attacks against the financial sector were reported to have risen by 238%. The exponential growth of digital payment transactions, combined with the increasing variety of customer-facing devices and payment applications, has many financial institutions re-evaluating their approaches to cybersecurity.

How to use Kibana effectively. Today: Detect possible frauds in your data

Kibana is quite powerful and versatile for visualizing data in Elasticsearch. The Elastic Stack can be used for a variety of use cases. One is the detection of frauds e.g. in Banking transaction like within Softbank Payment Service or bonus point accounts like within Miles and More. Other areas are insurance or tax return data.

The scammer who tried to launder over $500,000 through Business Email Compromise

A 64-year-old man has pleaded guilty in a Texan court to charges of money laundering after a series of attacks that defrauded companies out of hundreds of thousands of dollars. Kenenty Hwan Kim (who sometimes went by the name Myung Kim) took advantage of a simple trick that has proven highly effective to fraudsters in recent years. The method of tricking businesses into handing over large amounts of money is known as Business Email Compromise (BEC), and comes in a variety of flavours.

Online Sales Are Up! Ensure Your E-Commerce Platform is Not Being Used for Fraud

Even with tough economic times, e-commerce is up 25% since the beginning of March. But, fraud has increased as well; according to Malwarebytes online credit card skimming has increased by 26% in March alone. In our April “Staff Picks for Splunk Security Reading” blog post, I referenced a story about an e-commerce site getting hacked with a “virtual card skimmer” (thanks Matthew Joseff for sharing this with me).

FINRA: Phishing Emails Targeting Financial Companies

On Monday, May 4th, **FINRA (Financial Industry Regulatory Authority), issued a warning to financial companies stating that a new email phishing campaign was doing the rounds. According to the regulator, the campaign is ongoing, widespread, and made to look as though the emails are coming from FINRA itself.

Guarding Against Work-From-Home Phishing Threats

By this stage, everyone is familiar with the phrase ‘social distancing’ and what it means with regards to shopping trips and exercise outdoors. Social distancing, as we all know by now, was introduced to slow down or, more hopefully, stop the spread of Coronavirus. Many companies are taking steps to enable as many people as possible to work from home.

What is Your Data Worth in the Fight Against Fraud?

You don’t need us to tell you that fraud and financial crime is on the rise. A quick google search will give you endless stats to support this claim. Fraud losses are increasing as a percentage of revenue, and that direct impact on the bottom line isan area of laser focus for senior execs.

Phishers Increasingly Incorporating reCaptcha API into Campaigns

Security researchers observed that digital attackers are increasingly incorporating the reCaptcha API into their phishing campaigns. Barracuda Networks explained that malicious actors are starting to outfit their phishing attempts with reCaptcha walls so that they can shield their landing pages from automated URL analysis tools as well as add a sense of legitimacy to their operations. Some of these efforts have consisted of deploying a fake checkbox and form.