4 minute read
Staying digitally safe from banking scams
If Correspondent
As technology advances, so do threat actors' methods to target unsuspecting victims. As a result, banking scams are becoming increasingly common, and it's essential to be aware of the dangers and take steps to protect oneself. This article will explore the most common types of 21stcentury banking scams and provide tips on how to avoid these crimes.
Phishing scams
Phishing scams are one of the most common ones. Under this method, the threat actors send fraudulent emails, texts, or social media messages from a legitimate source, such as a bank, to get the victim to disclose personal information/login credentials. Once scammers have this information, they can steal money or commit identity theft.
It's important to double-check the sender's email address or social media handle to avoid falling victim to phishing scams. Keep this simple thing in your mind, legitimate banks and financial institutions never ask for personal information/login credentials over email/social media. If you have doubts about the legitimacy of such emails/messages, contact your bank immediately.
Attacks of this nature are now becoming more frequent and sophisticated. SlashNext, a messaging security company, conducted a study in October 2022, under which it examined billions of link-based URLs, natural language messages, and attachments sent over email, mobile devices, and web browsers over six months and discovered more than 255 million threat elements. That represents a 61% rise in phishing assaults since 2021.
The survey also found an increasing use of personal and mobile communication channels among cybercriminals. Fraud and credential theft topping the list, while the attacks on mobile devices increased by 50%
According to Jess Burn, senior analyst at Forrester Research, "We've been seeing an increase in the use of voicemail and text as part of two-pronged phishing and BEC (business email compromise) campaigns."
The attackers either give the sender more credibility or make the request seem more urgent by leaving a voicemail or sending a text regarding the email they sent.
Burn said the company is getting a lot of questions from clients concerning BEC (Business Email Compromise) assaults in general.
"Bad actors are turning to traditional fraud to make money because geopolitical unrest is disrupting ransomware gang activity, and cryptocurrency, the preferred method of ransom payment, is imploding recently," he added. BEC is increasing, therefore.
Criminals launch phishing attacks during the sales and tax seasons. People should be cautious of spearphishing, a more specialized variation of phishing that frequently employs topical lures.
Luke McNamara, principal analyst at cyber security consulting firm Mandiant Consulting, said that the topics and themes "might evolve with global or even seasonal events."
"For instance, given that it is the Christmas season, we can anticipate seeing more phishing lures relating to sales. Threat actors may similarly attempt to abuse users who are filing their taxes during regional tax seasons by sending phishing emails with tax-related subject lines,” the official commented.
According to McNamara, general phishing themes include emails purporting to be from technology vendors about account resets. In contrast, more targeted efforts by threat actors engaged in cyber espionage may use more particular phishing lures.
"More prolific criminal campaigns might leverage less specific themes," he noted.
Recognizing phishing emails
Ask yourself the following questions: Were you preparing for it? Before responding, clicking a link, or downloading any attached files, take a moment to consider your actions if the communication is from an unknown source. Who is the message's sender? Is this the email address you were hoping for? Cybercriminals may try to deceive you by using a similar email address. Please verify the email address's spelling, the domain's legitimacy, and whether it corresponds to the sender's name. Does it demand action from you Phishing emails typically instruct you to click a link, download an attachment, or reply with personal information. They frequently aim to instil a sense of urgency to elicit
Value of annual online banking fraud losses
a hasty and unreasonable response. Instead of clicking on the links they provide, you should always verify the email's legitimacy with information you can obtain independently. While conducting financial activities, avoid clicking on email links and instead log in to your bank account via the official website/app.
Ransomware & malware
Ransomware and malware are malicious programs that can infect your computer, phone, or other devices. This kind of software allows scammers access to your personal information/files, apart from locking you out of your device until you ransom the scammers.
The effects of ransomware attacks are becoming more significant for 21stcentury businesses.
As ransomware-as-a-service (RaaS) grows increasingly common, even smaller businesses may now become cybercrime targets. RaaS has made launching software breaches simple and economical, even for inexperienced cyber criminals.
These medium and small businesses are particularly vulnerable as supply chain attacks increase by 663%. A cybercriminal may access the systems and clients’ data with a single malware attack. The scary part is that 70% of these malware attacks also involve ransomware, enabling cybercriminals to demand payments from the targeted companies and their customers.
Businesses must be 24/7 ready for ransomware attacks. Here is what business leaders need to know about protecting their organizations from ransomware in 2023.
Who is susceptible to a ransomware assault?
In the past, when cybercriminals launched a malware assault, they frequently had a particular target in mind.
Cybercriminals wanted to steal large quantities of personally identifiable information (PII) or data with a more excellent resale value, like medical records and financial information, as reselling PII was a significant factor in data breaches. As a result, skilled hackers usually preyed on huge companies with sizable databases containing priceless PII, such as banking and medical institutions in industrialized nations.
Cyberattacks are becoming more common and profitable because of ransomware's advent. Threat actors can simply make money by encrypting a company's data and extorting payment in exchange for its decryption. In addition, a new threat has emerged in the form of double extortion ransomware assaults, where cybercriminals get the ransom payment and then resell the targeted company’s confidential data on the dark web to increase their profits.
As RaaS gains popularity, the likelihood of a double extortion ransomware assault increases even further. Cybercriminals without technical expertise can now profit from ransomware attacks thanks to RaaS.
RaaS users are now targeting emerging markets rather than developed ones because cybercrime gangs frequently charge higher costs to attack businesses headquartered in wealthy nations.
It is understandable why thieves employ ransomware to steal 10 TB of data each month because of the potential for enormous payments.
Supply chains are rife with ransomware
A significant factor in the rising ransomware risk is the global supply chain.
Most businesses collaborate with hundreds, if not thousands, of outside vendors and service providers, including MSPs (Managed Service Providers) that handle their cybersecurity. However, a cybercriminal only needs one vulnerable endpoint to introduce malicious software
