News and Information

  • Phishing Fraud during COVID-19

    Financial organizations have seen an increase in phishing events during the COVID-19 pandemic. It is important that you understand phishing events and educate your cardholders. Phishing events are when a fraudster attempts to steal a person’s data, mainly login credentials, and card information. The fraudster then uses this information to process fraudulent card transactions or ATM withdrawals. Fraudsters often utilize social media or information bought on the Dark Web to initiate scams.

    An example of the recent Phishing Attack:

    • The fraudster gathers information from social media to make the scam more believable.
    • Cardholder receives a phone call from the fraudster posing as a financial institution employee.
      • Fraudsters often spoof phone numbers from the financial institution when contacting the victim, making it seem legitimate.
    • Fraudster advises cardholder that they have fraud attempts on their card and they will receive a text with a case number.
      • While on the phone, the fraudster will perform a transaction they know will generate a fraud alert.
      • When the cardholder receives the case number, the fraudster asks for the case number over the phone so the card can be permanently blocked.

                        - Instead the fraudster is using the case number to call into the SecurLOCK IVR and validate the activity as valid, so they can continue to use the card fraudulently.

    • The fraudster may suggest the cardholder transfer money into their checking account from savings to make it “safer,” thereby giving the fraudster access to more money.
    • The cardholder thinks the fraud was caught and stopped, while the fraudster is busy committing more fraudulent transactions and stealing more money.

    Educating cardholders is one of the best lines of defense in preventing phishing attacks. Advising cardholders on how your financial institution and FIS interacts with them will mitigate losses due to this type of activity.

    FIS will never contact the cardholder to ask for the following:

    • Account Number/Card Number
    • CVV
    • PIN
    • Passwords
    • Social Security Number
    • Online Banking Credentials

    FIS will never advise a cardholder to transfer money or withdraw money. If any information concerning suspicious activity is texted to the cardholder, FIS does not call and ask the cardholder for the information. When cardholders call into SecurLOCK to validate suspicious transactions, FIS will request the case number to authenticate them. The cardholder should always reply NO if they are unaware of the transactions in question received via a text or email, no matter what direction has been given to them.

     

  • Tech Tips

    Scam of the Week: Exploiting the Coronavirus: A Sneaky Pandemic Relief Scam

    A new phishing email—seemingly sent from your local government funding agency—is offering phony relief grants to those in need. What makes this scam especially sneaky is that the bad guys use a Dropbox link to disguise their malicious attachment. Dropbox is a legitimate and commonly-used file sharing service. Therefore, the email security filters that your organization has in place may not consider the link as a red flag–increasing the chances of this email landing in your inbox.

    The phishing email urges you to click a Dropbox link so you can download a file that supposedly contains information about your relief grant payment. The link even includes an expiration date for an added sense of urgency. If you click the link, then, download and open the phony file, you’re taken to a look-a-like Microsoft 365 login page. If you enter any information on this page it will be sent directly to the scammers.

    Remember these tips:

    • Never click a link or download an attachment from an email that you weren’t expecting. Even if the sender appears to be a legitimate organization, the email address could be spoofed.
    • Be cautious of unexpected deadlines. Scammers often create a sense of urgency to spark impulsive clicks.
    • Get confirmation before clicking a Dropbox link. If you feel the file could be a legitimate resource for your organization, reach out to the sender another way—like by phone—instead of trusting the email.


    Stop, Look, and Think. Don't be fooled.

     

    Scam of the Week: SpaceX YouTube Scam

    Scammers recently hijacked three YouTube channels and used them to collect nearly $150,000 in cryptocurrency. They used these stolen channels to impersonate the official SpaceX YouTube channel. The hijackers played fake live stream interviews with Elon Musk, founder and CEO of SpaceX, while promoting bogus cryptocurrency giveaways. These giveaways are based on an old-school scamming tactic in which cyber criminals ask for a small payment while promising a large payout for the so-called investment.

    This scam was successful for two main reasons: First, using existing YouTube channels gave the cybercriminals a large, trusting audience of subscribers. Second, the scammer’s “investment offer” appeared to be coming from the well-known, tech-savvy billionaire, Elon Musk–rather than from a random stranger–so it seemed to be more legitimate.

    Here’s what we can learn from this scam:

    • If something seems too good to be true–like an unbelievable investment opportunity–it probably is! Question everything.
    • Whether it’s a phony website, a disguised email address, or a hijacked YouTube channel, anyone and anything can be spoofed.
    • Experts speculate that the scammers gained access to these YouTube channels through a data breach of a different website. This is a great example of why you must use a different password for every login.


    Stop, Look, and Think. Don't be fooled.

     

    Scam of the Week: Exploiting the Coronavirus - Excel Attachment Phishing Campaign

    Microsoft has reported a massive phishing campaign that uses an Excel attachment as bait. The phishing email looks like it is from the Coronavirus Research Center of John Hopkins University–a well known medical organization in the US. The email includes an Excel attachment that is disguised as an updated list of Coronavirus-related deaths, but the file actually contains a hidden piece of malware.

    If you open the infected Excel file and click “Enable Content” when prompted, a program called NetSupport Manager will be automatically installed on to your computer. This program is a tool that allows someone to access your computer remotely. Cybercriminals are using NetSupport Manager to gain complete control over a victim’s system; allowing them to steal sensitive data, install more malicious software, and even use the machine for criminal activities. Don’t be a victim!

    Here are some ways to protect yourself from this scam:

    • Think before you click! The bad guys know that you want to stay up-to-date on the latest COVID-19 data so they use this as bait. They’re trying to trick you into impulsively clicking and downloading their malware.
    • Never download an attachment from an email that you weren’t expecting. Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed.
    • Always go to the source. Any time you receive an email that claims to have updated COVID-19 data, use your browser to visit the official website instead of opening an attachment or clicking a link.


    Stop, Look, and Think. Don't be fooled.

    Scam of the Week: Exploiting the Coronavirus: From Unemployed to Money Mule

    Due to the Coronavirus crisis, unemployment numbers have skyrocketed. As usual, the bad guys are quick to take advantage of these hard times and are sending out phony work-from-home opportunities. Typically, these phishing emails contain grammar mistakes and offer minimal details about the hiring company and the job requirements. But the scammers still manage to grab your attention because the job opportunity includes a great paycheck.

    Once accepted, these scammers ease the victim into their new "job", by asking them to complete basic errands, but eventually, they’re given the task of transferring funds from one account to another. Typically, these are stolen funds and the unsuspecting "employee" is being used as a money mule. Even though these victims are unaware of the crime they are committing, they can still face hefty fines and prison time.

    Remember these tips and share them with your friends and family who may be looking for work:

    • Be wary of emails with spelling or grammatical errors.
    • Never trust unusual requests or job offers. If something doesn't feel right, it probably isn't.
    • If you feel you have been solicited to be a money mule, contact your local authorities or report the situation to the appropriate federal agency.


    Stop, Look, and Think. Don't be fooled.

     

    Scam of the Week: Exploiting the Coronavirus: Netflix is More Popular Than Ever - Especially with Cybercriminals


    Long before the COVID-19 pandemic, bad guys were spoofing Netflix emails in an attempt to collect your sensitive information. With more and more people looking for at-home entertainment, Netflix has gained over 15 million new subscribers. Cybercriminals are happily taking advantage of this larger audience!

    Netflix themed phishing attacks can vary from phony email alerts accusing you of non-payment to offering you free streaming access during the pandemic. Both of these strategies include a link that takes you to a fake Netflix page designed to gather your information and deliver it to the bad guys.
     

    Use the following tips to stay safe:

    • These types of scams aren’t limited to Netflix. Other streaming services like Disney+ and Spotify are also being spoofed. Remember that if something seems too good to be true, it probably is.
    • Never click on a link that you weren’t expecting. Even if it appears to be from a company or service you recognize.
    • When an email asks you to log in to an account or online service, log in to your account through your browser - not by clicking the link in the email. This way, you can ensure you’re logging into the real website and not a phony look-alike.


    Stop, Look, and Think. Don't be fooled.

    ---

    Tech Tip - Scam of the Week - Exploiting the Coronavirus:  Re-opening your organization? The bad guys have a plan!

    Recently, some countries have chosen to lift restrictions that were originally put in place to control the spread of COVID-19. Beware! The bad guys are already taking advantage of this news. They have crafted a well-written phishing email that appears to come from the VP of Operations in your organization. The message claims that your organization has a plan for reopening, and it instructs you to click on a link to see this plan. Clicking the link opens what appears to be a login page for Office365, but don’t be fooled! If you enter your username and password on this page, you would actually send your sensitive credentials directly to the bad guys.

    Here’s how to protect yourself from this clever attack:

    • Never click on a link or an attachment that you weren’t expecting. Even if it appears to be from someone in your own organization, the sender’s email address could be spoofed. When in doubt, reach out to the sender by phone to confirm the legitimacy of the email before clicking.
    • When an email asks you to log in to an account, do not click the link in the email. Instead, go directly to the website through your browser. This ensures you are accessing the real page and keeping your credentials safe.
    • This attack tries to exploit the restlessness and uncertainty of life in quarantine. Don’t let the bad guys toy with your emotions. Think before you click!


    Stop, Look, and Think. Don't be fooled.

    ---

    Tech Tip - Scam of the Week - Exploiting the Coronavirus: Is the CDC Closing Your Facility?

    As the COVID-19 pandemic rages on, the bad guys find increasingly creative ways to weaken your defenses. The newest phishing trend is an email that appears to be from the CDC (Centers for Disease Control and Prevention). The email has an intense subject line: “NOTICE OF CLOSING YOUR FACILITY AND DISINFECT NG THE AREA - BY NCDC WH 20982 COV-19 Due To Recent Corona Virus COVID-19 Pandemic.”

    You’re instructed to download an attachment which is supposedly a letter from the CDC claiming that they will close your facility. If you download the file, you’d find that it is actually a malicious program designed to gain access to your company’s sensitive information. Don’t be tricked!

    How to beat the bad guys:

    • Think before you click. These malicious actors are playing with your emotions and this threat relies on panicked clicking.
    • Never click a link or download an attachment from an email you weren’t expecting. Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed.
    • If you receive a suspicious email that claims to be from an official organization such as the CDC or WHO (World Health Organization), report the email to the official organization through their website.


    Stop, Look, and Think. Don't be fooled.

  • ACH Newsletters