Attackers are continuing to use concerns over COVID-19 to distribute ransomware and malware, including for smartphones. While the healthcare sector is perhaps at the greatest risk from these attacks, criminals are using the panic as a widespread opportunity. Attacks include the usual suspects: cybercrime operators looking to make a fast buck – for example, by demanding a ransom to unlock crypto-locked systems – as well as...

The SEC’s Office of Investor Education and Advocacy has issued an Investor Alert to warn investors about phony Certificates of Deposit promoted through internet advertising and “spoofed” websites – websites that mimic the actual sites of legitimate financial institutions. Investors should be extremely cautious when purchasing CDs from sites found only through internet searches. “Spoofed” websites – often using URL addresses similar to those of...

Attackers are increasingly hacking into banks’ networks to gain access to the IT infrastructure connected to their ATMs. They then push malware onto the ATMs that allows a low-level gang member to walk up and enter a preset numerical sequence into the ATM to make it dispense all of its money in what’s known as a “jackpotting” or “cashing out” attack. Such attacks also allow them to steal card data from ATM...

The business world continues to evolve and banking is no different. There are two new rule changes being implemented in September this year. Beginning September 15, 2017, Same Day ACH will be available for debit entries, enabling the same-day processing of virtually any ACH payment. The Rule enables the option for same-day ACH payments through additional ACH Network functionality, without affecting previously available ACH schedules and...

A just released update to the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool will should help make meeting regulators’ demands for “baseline” cybersecurity more attainable. The changes only impact Appendix A of the tool but those changes make a difference for smaller institutions. For example, many smaller institutions were not able to meet the tool’s requirement for having a...

Many businesses have benefitted from the proliferation of mobile devices and text messaging apps that facilitate quick, round-the-clock communications. However, these technologies can make it difficult to monitor and control the unauthorized distribution of confidential data. This is critically important in highly regulated industries like banking. To give you an idea of how messaging apps have caused headaches for banks, on March 30, UK...

Don’t pick up the phone to answer calls from unknown numbers. Instead, let them go to voicemail. While many of us do that anyway, that’s now the FCC’s advice to all Americans in response to an ongoing series of attacks designed to trick victims into uttering a single word. According to a March 27th alert, this scam centers on tricking victims into saying the word “yes,” which criminals record and later use to attempt to...

On March 6th, the Silicon Valley firm, Coupa, fell victim to a phishing attack that compromised the personal information of employees who worked for them in 2016. A scammer impersonated the company’s CEO and requested that payroll information (Form W-2) for the 2016 tax year be sent via email. Fraudsters continue to increase the number of W-2 phishing scams, also known as business email compromise – BEC – or CEO fraud attacks. These...

In 2016 the number of reported data breaches in the U.S. increased by 40% over 2015 levels. Worryingly, more than half of data breaches resulted in the exposure of Social Security numbers, increasing the risk of identity theft. 72 percent of breached records were exposed due to hacking, skimming or spear-phishing attacks. This continues a drastic increase in those type of attacks since 2009 when they first became the leading cause of breaches....

FICO Card Alert Service just released data that indicated ATM skimming increased 546 percent from 2014 to 2015. That increase represents the largest year-over-year increase that the service has seen in its more than 20 years of existence. The FICO research is based on the analysis of thousands of U.S. ATMs, and it shows that off-premises retail ATMs were most often targeted. These off-premise machines were attacked 10 times as often in 2015 compared to 2014.