Compliance has often been a checkbox exercise, primarily seen as a defensive strategy in preventing financial penalties and PR embarrassments. However, some organizations have taken a different approach. They’ve used compliance on the offensive - to give a competitive edge, turning “compliance teams” into “innovation teams”. These companies have improved processes and increased customer experience. They’ve installed an elevator instead of fixing the ladder.
A friend contacted me the other day about a scam call purporting to come from Amazon’s customer support department. She wasn’t home at the time, so the scammer left a message stating that a charge of $749 appeared on her account. Of course, she didn’t actually order anything for that price, and, although she suspected it was a scam, something about it caught her attention, so she called the phone number displayed on her caller I.D.
Payment fraud is exploding. So are false positives, customer friction and investigation costs. Unfortunately, as customers continue to pull us down the river of rapid digital transformation, traditional fraud detection systems are being left in the sand.
A friend of mine received an interesting piece of snail mail the other day. It was one of those inheritance scam letters that usually arrive in E-Mail. In summary, the author, a high-ranking bank official, has an unclaimed inheritance that he is willing to split with the letter’s recipient if the recipient will accept the responsibility of being appointed as the heir to the deceased’s money, etcetera, etcetera. As you can see, it bears all the earmarks of the traditional scam message.
You can install the latest generation of security software to protect against evil hackers, but what is the use of it if your employees continue to follow phishing links? Several security companies conduct social and technical research of real-life phishing attacks aimed at different businesses and are impressed with the scale of the problem.
Phishing attacks are a common attack vector for financial services organizations. Effective and simple to launch, phishing attacks challenge financial firms to protect their mobile workforce and harden their customer-facing apps. Mobile phishing, in particular, bypasses traditional perimeter defenses such as secure email gateways by targeting users via personal email, SMS and social messaging apps.
Phishers leveraged fake automated messages from collaborative platform Sharepoint as a means to target users’ Office 365 credentials. Abnormal Security found that the phishing campaign began with an attack email that appeared to be an automated message from Sharepoint. To add legitimacy to this ruse, the attackers used spoofing techniques to disguise the sender as Sharepoint. They also didn’t address the email to a single employee but included multiple mentions of the targeted company.
When it comes to card-not-present transactions, security is constantly a moving target. Between February and April, the peak period when COVID-19 was spreading across much of the US, cyber-attacks against the financial sector were reported to have risen by 238%. The exponential growth of digital payment transactions, combined with the increasing variety of customer-facing devices and payment applications, has many financial institutions re-evaluating their approaches to cybersecurity.
Account takeovers (ATOs), also known as “account hijacking,” are a type of fraud that’s on the rise these days! This type of attack is attractive to hackers due to the financial return and the ease of such an attack: user account takeover is relatively low cost and has a high success rate. Additionally, there are many means to make money off an account that has been taken over, or in using it to perform more advanced attacks.
A 64-year-old man has pleaded guilty in a Texan court to charges of money laundering after a series of attacks that defrauded companies out of hundreds of thousands of dollars. Kenenty Hwan Kim (who sometimes went by the name Myung Kim) took advantage of a simple trick that has proven highly effective to fraudsters in recent years. The method of tricking businesses into handing over large amounts of money is known as Business Email Compromise (BEC), and comes in a variety of flavours.
