Phishing Fraud during COVID-19
Financial organizations have seen an increase in phishing events during the COVID-19 pandemic. It is important that you understand phishing events and educate your cardholders. Phishing events are when a fraudster attempts to steal a person’s data, mainly login credentials, and card information. The fraudster then uses this information to process fraudulent card transactions or ATM withdrawals. Fraudsters often utilize social media or information bought on the Dark Web to initiate scams.
An example of the recent Phishing Attack:
- The fraudster gathers information from social media to make the scam more believable.
- Cardholder receives a phone call from the fraudster posing as a financial institution employee.
- Fraudsters often spoof phone numbers from the financial institution when contacting the victim, making it seem legitimate.
- Fraudster advises cardholder that they have fraud attempts on their card and they will receive a text with a case number.
- While on the phone, the fraudster will perform a transaction they know will generate a fraud alert.
- When the cardholder receives the case number, the fraudster asks for the case number over the phone so the card can be permanently blocked.
- Instead the fraudster is using the case number to call into the SecurLOCK IVR and validate the activity as valid, so they can continue to use the card fraudulently.
- The fraudster may suggest the cardholder transfer money into their checking account from savings to make it “safer,” thereby giving the fraudster access to more money.
- The cardholder thinks the fraud was caught and stopped, while the fraudster is busy committing more fraudulent transactions and stealing more money.
Educating cardholders is one of the best lines of defense in preventing phishing attacks. Advising cardholders on how your financial institution and FIS interacts with them will mitigate losses due to this type of activity.
FIS will never contact the cardholder to ask for the following:
- Account Number/Card Number
- Social Security Number
- Online Banking Credentials
FIS will never advise a cardholder to transfer money or withdraw money. If any information concerning suspicious activity is texted to the cardholder, FIS does not call and ask the cardholder for the information. When cardholders call into SecurLOCK to validate suspicious transactions, FIS will request the case number to authenticate them. The cardholder should always reply NO if they are unaware of the transactions in question received via a text or email, no matter what direction has been given to them.
MFA Prompt Bombing
Multi-factor authentication (MFA) provides an extra layer of security for your accounts, but it’s important to think before you click. Cybercriminals can use an attack method called MFA prompt bombing to get around MFA protections and overwhelm you with prompts via email, text message, or phone call.
For example, cybercriminals may attempt to log in to an account using your credentials. Then, they'll request a phone call MFA verification, which is sent to the phone number you use for MFA. Cybercriminals will often request these verifications late at night when you're asleep and unprepared. If you accept the phone call and press the button to verify your identity, you may grant the cybercriminals access to your account. Once the cybercriminals bypass your MFA, they can use your account to achieve their malicious goals.
Don't let MFA give you a false sense of security. Follow the tips below to stay safe from MFA prompt bombing scams:
- Never approve an MFA notification you didn’t request. If you have a shared account, verify the MFA request with the other account holder before taking action.
- If you receive an MFA notification you didn’t request, immediately change your password for the associated account. You should also consider updating your passwords for any accounts that use the same credentials.
- Create unique, strong passwords for each of your accounts. Without your password, it’s difficult for cybercriminals to reach the MFA step of the login process.
Malicious Multi-Vector Attacks
You probably know that cybercriminals can use malicious emails and phone calls to steal your sensitive information. But did you know that cybercriminals can use multiple attack vectors simultaneously to make their attacks more effective? While it may be easy to spot a single suspicious email or phone call, multi-vector attacks can be difficult to catch.
According to a new IBM report, a standard email-only attack yielded a 17.8% click rate from its target audience. When cybercriminals paired the same email attack with a matching phone call campaign, the click rate increased to 53.2%. That's three times the email-only click rate! By using multiple attack vectors at once, cybercriminals can make their messages seem more credible and urgent.
Don't let e multi-vector attack trick you. Follow the tips below to keep your sensitive information safe:
- Verify that urgent messages are legitimate before taking action. Contact the person or organization directly using another line of communication.
- When you receive an email or phone call, watch our for red flags. Scams often use urgent deadlines and scare tactics to trick you into sharing sensitive information.
- Remember that even if you receive a message from more than one attack vector, that does not mean the message is legitimate. Always think before you click or reply.
What's Up with WhatsApp Scams?
WhatsApp is an application that allows you to message and call your friends and family worldwide. However, due to a new scam, the next WhatsApp message you receive may come from a cybercriminal instead of a trusted contact.
To start the scam, a cybercriminal will send you innocent WhatsApp messages to earn your trust. After you start talking to the cybercriminal, they will try to convince you to call them. The cybercriminal's phone number includes a specific prefix that prompts your mobile carrier to forward your personal phone number to the cybercriminal’s phone.
Then, the cybercriminal can use your phone number to get a temporary WhatsApp password, reset your existing password, and lock you out of your account. Once the cybercriminal has access to your WhatsApp account, they can impersonate you and convince your contacts to send them money.
Don’t fall for this scam! Follow the tips below to keep your WhatsApp account secure:
- Be cautious of who you call on WhatsApp. Only call phone numbers that belong to trusted contacts.
- Learn about common social engineering red flags. Educating yourself on common scam tactics can help you avoid social engineering attacks.
Watch Out for Celebrity Cryptocurrency Scams
Cryptocurrencies, such as bitcoin and non-fungible tokens (NFTs), continue to gain popularity with people all over the world. Celebrities are often hired to advertise cryptocurrency projects and investment opportunities. However, a star-powered endorsement doesn’t guarantee that you’ll get a good deal.
After building a cryptocurrency scam, cybercriminals boost the scam with fake endorsements. The cybercriminals usually impersonate public figures who have previously promoted cryptocurrency to make the endorsements seem legitimate. The endorsements are meant to influence you to invest in their cryptocurrency scam. If you fall for one of these scams, you will not see a return on your investment. Instead, you’ll put your money directly in the hands of a cybercriminal.
To protect yourself against cryptocurrency scams, use the following tips:
- Never trust a get-rich-quick scheme. If something seems too good to be true, it probably is.
- Cryptocurrency scams are usually recognized and shut down quickly. If you see a new cryptocurrency opportunity, wait before investing. If the cryptocurrency project is still active after several days, it is less likely to be a scam.
- Remember that celebrities get paid to endorse cryptocurrency. If you want to invest in cryptocurrency, do your own research instead of trusting a celebrity endorsement. Look for long-standing cryptocurrency projects that follow your country’s financial regulations.
Prime Time for Amazon Prime Day Scams
Amazon Prime Day 2022 is approaching, which means that you might be expecting some Amazon deliveries soon. While you may use Prime Day for awesome deals, cybercriminals use Prime Day for awful scams.
Cybercriminals may take advantage of Prime Day in different ways, but there are some common scam tactics that they typically use. For example, they may include the Amazon logo in their phishing emails to make their emails seem more legitimate. Their emails may also include links that send you to fake Amazon login pages.
If you enter your Amazon login credentials on one of the fake pages, cybercriminals can use these credentials to change your Amazon account password and log you out of your account. Then, they can make purchases using your saved payment information.
To keep your Amazon account secure, follow the tips below:
- If you receive an email from Amazon about an upcoming delivery or an account update, don’t click any links in the email. Instead, log in to your Amazon account directly from your browser to check on the issue.
- Enable multi-factor authentication (MFA) on your Amazon account. MFA adds an additional layer of security by requiring you to present two or more verification factors to log in to your account.
- Cybercriminals often use scare tactics to trick you into clicking links without thinking. If you receive an email that urges you to take immediate action, stop and evaluate the message before you click any links.
Your Next Notification Could Be a "Smishal" Delivery!
UK residents are targets of a recent smishing (SMS Phishing) scam. In this scam, cybercriminals impersonate the home delivery company, Evri through fake failed delivery test messages that include a link to reschedule the delivery.
The link included in these fake delivery notifications leads to a phony look-alike website. On the website, you're asked to provide your personal and financial information to reschedule the delivery. Unfortunately, if you fill out and submit this form, you won't be receiving any packages. Instead, you'll be delivering your sensitive information right to the cybercriminals.
Follow these tips to protect yourself from similar smishing attacks:
- Think before you tap. Are you expecting a package? Have you signed up for text notifications? Is this like notifications you've received before from this company?
- Never tap on a link in an email or text message that you were not expecting. Instead, open your browser and enter the official URL for the website you wish to visit.
- To verify the legitimacy of a delivery notification, contact the company by phone, email, or their official mobile app. Do not use the phone number or link sent in the text to contact the company.
Cybercriminals Use SEO to Target Your Online Search Results
Search Engine Optimization (SEO) is a technique that helps websites appear more often in search engine results, and rank higher than other websites. Legitimate websites use SEO such as easy-to-remember URLs and relevant keywords. Unfortunately, cybercriminals can also use SEO for their malicious websites.
Some of the ways cybercriminals use SEO is by adding tons of popular keywords to their website and creating multiple links that redirect you to their website. Cybercriminals can also pay third parties to visit their website, which makes the website appear more reputable and popular to search engines. If you visit one of these malicious websites, you may be tricked into downloading a malicious file or providing your personal information.
Follow these tips to keep yourself safe from malicious search results:
- Always hover your cursor over a link before you click, even when using a search engine. Look for spelling mistakes and overly long URLs that can hide a website's true domain.
- Avoid search results that include a long list of random or repeated words or phrases. That website could be using excessive keywords to draw in traffic.
- Visit trusted websites directly by entering the URL in your browser's address bar, instead of using a search engine to find the website.
Sophisticated Spear Phishing
Last month, researchers at Fortinet observed a sophisticated phishing email sent to a Hungarian diplomat. In the email, cybercriminals disguised themselves by using the first and last name of an employees in the diplomat's IT department. In this case, the diplomat believed that the email was suspicious and forwarded it to the actual employee in the IT department for investigation.
This case is a perfect example of a popular attack called spear phishing. Spear phishing attacks art targeted at a single person or department that has information that cybercriminals want. In these attacks, cybercriminals conduct research on the specific person or department and figure out who they talk to frequently. Then, the cybercriminals send a message to the person or department, pretending to be someone they know and trust. It's important to watch out for these attacks because they can happen to anyone, not just diplomats or executives.
Follow these tips to stay safe from spear phishing attacks:
- Don't open attachments or click on links in emails that you were not expecting.
- Check email headers to make sure you recognize the sender and any other recipients.
- Reach out to the person who allegedly sent the email by phone or in person. By reaching out to the alleged sender directly, you could save yourself and your organization from a potential spear phishing attack!
Cybercriminals and Credit Unions
Recently in the United States, the National Credit Union Administration (NCUA) warned of an increase in cyber attacks targeting credit unions. Credit Unions are typically small non-profit institutions with very loyal customers, which makes them the perfect target for cybercriminals.
In most credit union scams, cybercriminals send fake emails that appear to be from your credit union. The phishing emails vary from signature requests to incoming payment notifications, but each email directs you to click a link for more information. The link leads to a fake login page for your credit union. If you try to log in on this page, your username and password will be sent to the cybercriminals. Once they have access to your account, they can make unauthorized charges, empty your account, or send and receive illegal wire transfers.
Follow the tips below to stay safe from similar scams:
- Never click on a link in an email that you were not expecting.
- Any time you receive a notification email, ask yourself questions such as: Did I sign up for email notifications? Have I received alerts like this in the past?
- When you're asked to log in to your credit union, navigate to the official website and log in. That way, you can ensure you're logging in to the real site and not a phony look-a-like.
Spoofed SMTP Relay Services
Simple Mail Transfer Protocol (SMTP) is the standard method that mail servers use to send emails. Organizations typically use a SMTP replay service to send mass emails, such as marketing materials. Some organizations use Gmail as an SMTP relay service, but unfortunately, cybercriminals have found a vulnerability in the Gmail service.
Using this vulnerability, cybercriminals can spoof any organization that also uses Gmail as a relay service. For example, let's say that a legitimate organization owns the domain sign-doc[dot]com, and disguise the emails by spoofing the legitimate domain, sign-doc[dot]come. Since the spoofed domain is being relayed through Gmail, most email clients will consider the malicious email safe and allow it to pass through security filters.
Follow the tips below to stay safe from similar scams:
- This type of attack isn't limited to Gmail. Other SMTP relay services could have similar vulnerabilities. Even if an email seems to come from a legitimate sender, remain cautious.
- Never click on a link or download an attachment in an email that you were not expecting.
- If you need to verify that an email is legitimate, try reaching out to the sender directly through phone call or text message.
The Keep-It-Simple Scam
In a new scam, cybercriminals use short, simple phishing emails to try to sneak past security-aware employees. The scam itself is a typical credential-stealing phishing attack: You receive an email notification stating that some of your emails could not be delivered. To review these emails, you are directed to click a link. If you click the link, you are taken to a fake login page and any credentials that you enter on the page will go straight to the cybercriminals.
What makes this scam unique is the simple phishing email. The email looks like a plain text alert with only a few lines of information and no images or logos. With so few details to look at, it could be difficult to determine if the email is legitimate. To match the plain text design, the link in the email is a long URL instead of the usual "Click Here" type of link. Cybercriminals want you to trust the URL, but if you hover your mouse over the link, you'll find that the link does not lead to the URL shown in the email.
Follow the tips below to help you stay safe from similar, simple scams:
- Never click on a link in an email that you were not expecting, even if it appears to come from a program or application that you use.
- When you receive an alert email, ask yourself questions such as: Did I sign up for email notifications? Have I received alerts like this in the past?
- If you think the notification could be real, log in to the program or application directly instead of clicking the link in the email.
- Online Banking
- Checking Accounts
- Savings and Money Market
- CD Rates
- Credit Card
- Life Insurance Rates
- Telephone Banking
- Web Statements