Popular Apps Too Susceptible to Hacking, Positive Technologies Warns. Given the number of banks that utilize white-labeled banking apps to provide online banking services to their clients, a recent report is extremely concerning. Researchers at Positive Technologies recently investigated 14 mobile banking apps that run on Android or iOS and found that 13 failed to prevent unauthorized access to user data. Although the specific apps were not...

The increase in working from home during the COVID-19 pandemic has led to an increase in mobile phishing campaigns. Attackers are targeting remote workers whose devices lack adequate security protections to steal users’ banking credentials. Mobile phishing attacks increased by 37% globally in the first quarter of 2020. According to research based on data collected from 200 million mobile devices worldwide, 22% of mobile enterprise users...

Attackers are continuing to use concerns over COVID-19 to distribute ransomware and malware, including for smartphones. While the healthcare sector is perhaps at the greatest risk from these attacks, criminals are using the panic as a widespread opportunity. Attacks include the usual suspects: cybercrime operators looking to make a fast buck – for example, by demanding a ransom to unlock crypto-locked systems – as well as...

The SEC’s Office of Investor Education and Advocacy has issued an Investor Alert to warn investors about phony Certificates of Deposit promoted through internet advertising and “spoofed” websites – websites that mimic the actual sites of legitimate financial institutions. Investors should be extremely cautious when purchasing CDs from sites found only through internet searches. “Spoofed” websites – often using URL addresses similar to those of...

Attackers are increasingly hacking into banks’ networks to gain access to the IT infrastructure connected to their ATMs. They then push malware onto the ATMs that allows a low-level gang member to walk up and enter a preset numerical sequence into the ATM to make it dispense all of its money in what’s known as a “jackpotting” or “cashing out” attack. Such attacks also allow them to steal card data from ATM...

The business world continues to evolve and banking is no different. There are two new rule changes being implemented in September this year. Beginning September 15, 2017, Same Day ACH will be available for debit entries, enabling the same-day processing of virtually any ACH payment. The Rule enables the option for same-day ACH payments through additional ACH Network functionality, without affecting previously available ACH schedules and...

A just released update to the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool will should help make meeting regulators’ demands for “baseline” cybersecurity more attainable. The changes only impact Appendix A of the tool but those changes make a difference for smaller institutions. For example, many smaller institutions were not able to meet the tool’s requirement for having a...

Many businesses have benefitted from the proliferation of mobile devices and text messaging apps that facilitate quick, round-the-clock communications. However, these technologies can make it difficult to monitor and control the unauthorized distribution of confidential data. This is critically important in highly regulated industries like banking. To give you an idea of how messaging apps have caused headaches for banks, on March 30, UK...

Don’t pick up the phone to answer calls from unknown numbers. Instead, let them go to voicemail. While many of us do that anyway, that’s now the FCC’s advice to all Americans in response to an ongoing series of attacks designed to trick victims into uttering a single word. According to a March 27th alert, this scam centers on tricking victims into saying the word “yes,” which criminals record and later use to attempt to...

On March 6th, the Silicon Valley firm, Coupa, fell victim to a phishing attack that compromised the personal information of employees who worked for them in 2016. A scammer impersonated the company’s CEO and requested that payroll information (Form W-2) for the 2016 tax year be sent via email. Fraudsters continue to increase the number of W-2 phishing scams, also known as business email compromise – BEC – or CEO fraud attacks. These...