International Finance
Banking and Finance Magazine

Staying digitally safe from banking scams

IFM_ banking scams
Technology and banking scams are becoming increasingly sophisticated, and it's essential to be aware of the dangers and take steps to protect yourself

As technology advances, so do threat actors’ methods to target unsuspecting victims. As a result, banking scams are becoming increasingly common, and it’s essential to be aware of the dangers and take steps to protect oneself. This article will explore the most common types of 21st-century banking scams and provide tips on how to avoid these crimes.

Phishing scams
Phishing scams are one of the most common ones. Under this method, the threat actors send fraudulent emails, texts, or social media messages from a legitimate source, such as a bank, to get the victim to disclose personal information/login credentials. Once scammers have this information, they can steal money or commit identity theft.

It’s important to double-check the sender’s email address or social media handle to avoid falling victim to phishing scams. Keep this simple thing in your mind, legitimate banks and financial institutions never ask for personal information/login credentials over email/social media. If you have doubts about the legitimacy of such emails/messages, contact your bank immediately.

Attacks of this nature are now becoming more frequent and sophisticated. SlashNext, a messaging security company, conducted a study in October 2022, under which it examined billions of link-based URLs, natural language messages, and attachments sent over email, mobile devices, and web browsers over six months and discovered more than 255 million threat elements. That represents a 61% rise in phishing assaults since 2021.

The survey also found an increasing use of personal and mobile communication channels among cybercriminals. Fraud and credential theft topping the list, while the attacks on mobile devices increased by 50%.

According to Jess Burn, senior analyst at Forrester Research, “We’ve been seeing an increase in the use of voicemail and text as part of two-pronged phishing and BEC [business email compromise] campaigns.”

The attackers either give the sender more credibility or make the request seem more urgent by leaving a voicemail or sending a text regarding the email they sent.

Burn said the company is getting a lot of questions from clients concerning BEC (Business Email Compromise) assaults in general.

“Bad actors are turning to traditional fraud to make money because geopolitical unrest is disrupting ransomware gang activity, and cryptocurrency, the preferred method of ransom payment, is imploding recently,” he added. BEC is increasing, therefore.

Criminals launch phishing attacks during the sales and tax seasons. People should be cautious of spearphishing, a more specialized variation of phishing that frequently employs topical lures.

Luke McNamara, principal analyst at cyber security consulting firm Mandiant Consulting, said that the topics and themes “might evolve with global or even seasonal events.”

“For instance, given that it is the Christmas season, we can anticipate seeing more phishing lures relating to sales. Threat actors may similarly attempt to abuse users who are filing their taxes during regional tax seasons by sending phishing emails with tax-related subject lines,” the official commented.

According to McNamara, general phishing themes include emails purporting to be from technology vendors about account resets. In contrast, more targeted efforts by threat actors engaged in cyber espionage may use more particular phishing lures.

“More prolific criminal campaigns might leverage less specific themes,” he noted.

Recognizing phishing emails
Ask yourself the following questions:

Were you preparing for it? Before responding, clicking a link, or downloading any attached files, take a moment to consider your actions if the communication is from an unknown source.

Who is the message’s sender? Is this the email address you were hoping for? Cybercriminals may try to deceive you by using a similar email address. Please verify the email address’s spelling, the domain’s legitimacy, and whether it corresponds to the sender’s name.

Does it demand action from you? Phishing emails typically instruct you to click a link, download an attachment, or reply with personal information. They frequently aim to instil a sense of urgency to elicit a hasty and unreasonable response.

Instead of clicking on the links they provide, you should always verify the email’s legitimacy with information you can obtain independently. While conducting financial activities, avoid clicking on email links and instead log in to your bank account via the official website/app.

Ransomware & malware
Ransomware and malware are malicious programs that can infect your computer, phone, or other devices. This kind of software allows scammers access to your personal information/files, apart from locking you out of your device until you ransom the scammers.

The effects of ransomware attacks are becoming more significant for 21st-century businesses.

As ransomware-as-a-service (RaaS) grows increasingly common, even smaller businesses may now become cybercrime targets. RaaS has made launching software breaches simple and economical, even for inexperienced cyber criminals.

These medium and small businesses are particularly vulnerable as supply chain attacks increase by 663%. A cybercriminal may access the systems and clients’ data with a single malware attack. The scary part is that 70% of these malware attacks also involve ransomware, enabling cybercriminals to demand payments from the targeted companies and their customers.

Businesses must be 24*7 ready for ransomware attacks. Here is what business leaders need to know about protecting their organizations from ransomware in 2023.

Who is susceptible to a ransomware assault?
In the past, when cybercriminals launched a malware assault, they frequently had a particular target in mind.

Cybercriminals wanted to steal large quantities of personally identifiable information (PII) or data with a more excellent resale value, like medical records and financial information, as reselling PII was a significant factor in data breaches. As a result, skilled hackers usually preyed on huge companies with sizable databases containing priceless PII, such as banking and medical institutions in industrialized nations.

Cyberattacks are becoming more common and profitable because of ransomware’s advent. Threat actors can simply make money by encrypting a company’s data and extorting payment in exchange for its decryption. In addition, a new threat has emerged in the form of double extortion ransomware assaults, where cybercriminals get the ransom payment and then resell the targeted company’s confidential data on the dark web to increase their profits.

As RaaS gains popularity, the likelihood of a double extortion ransomware assault increases even further. Cybercriminals without technical expertise can now profit from ransomware attacks thanks to RaaS.

RaaS users are now targeting emerging markets rather than developed ones because cybercrime gangs frequently charge higher costs to attack businesses headquartered in wealthy nations.

It is understandable why thieves employ ransomware to steal 10 TB of data each month because of the potential for enormous payments.

Supply chains are rife with ransomware
A significant factor in the rising ransomware risk is the global supply chain.

Most businesses collaborate with hundreds, if not thousands, of outside vendors and service providers, including MSPs (Managed Service Providers) that handle their cybersecurity. However, a cybercriminal only needs one vulnerable endpoint to introduce malicious software into a network or application, placing the business and its customers at risk.

MSPs must safeguard their clients’ IT infrastructure from malware because they oversee their security. An attacker who gains unauthorized access to an MSP’s network can also readily access the IT infrastructures of the target’s clients. The MSP and its clients are then vulnerable to ransomware attacks.

A 2021 ransomware attack on the MSP software provider Kaseya sought a $70 million ransom payment to restore the data of as many as 70 of the business’s clients. However, because the software stored information on each MSP’s customers, the assault affected 1,500 companies in at least 17 nations.

Ransomware is widespread now
Anyone can rent professional ransomware tools, purchase instructional DIY kits to create and launch attacks or employ a criminal organization to deploy ransomware assaults, thanks to RaaS. Additionally, RaaS is accessible and economical for nascent cybercriminals because these malicious source codes are available for as little as $39.

To collect RaaS income, several cybercrime gangs are adopting a subscription affiliate model with profit sharing. A threat actor is now paying a monthly subscription to gain access to the ransomware tools, code, and deployment help. The gang automatically takes a portion of the ransom money each time a cybercriminal uses the gang’s harmful code to retrieve a ransom.

This strategy makes smaller businesses and organizations in developing nations more susceptible to ransomware. These businesses have become vulnerable targets for a new generation of cybercriminals trying to make a profit, even though attacks on these companies are typically not profitable for significant cybercrime gangs. These attacks are inexpensive to deploy, and their attacks are now costing businesses millions of dollars in ransom payments, clean-up expenses, compliance fines, and lost revenue.

How criminals disseminate ransomware
Cybercriminals frequently combine their methods when trying to gain access to IT infrastructure and introduce dangerous ransomware. Others utilize various techniques to locate flaws and obtain credentials to boost their chances of success. At the same time, some may use ransomware assaults in the hopes of discovering zero-day vulnerabilities.

Phishing assaults, undoubtedly the most popular means to steal passwords or spread malicious URLs, increased by 120% in Q3 of 2022. It is customary for cyber attackers to initiate phishing attempts and obtain access to an IT environment before spreading ransomware because stolen credentials are routinely the top cause of breaches.

Cybercriminals frequently target MSPs to access their clients’ systems and spread other ransomware because many MSPs manage access permissions for the methods of their clients.

Knowing cybersecurity trends is only half the battle won

Unfortunately, cybercriminals always seem to be one step ahead when exploiting weaknesses. To stay current, learning about cybersecurity trends like ransomware-as-a-service is essential, but being aware of them is just half the battle won.

ATM skimming
ATM skimming is when scammers place a device on an ATM to capture your card information and PIN as you use the machine. This information is then used to make fraudulent purchases/withdrawals from your account.

To avoid falling victim to ATM skimming, it’s important to always check the ATM for any signs of tampering, such as loose or extra attachments. Also, cover your hand as you enter your PIN to prevent scammers from visually capturing it.

Skimming is illegally installing equipment on petrol pumps, ATMs, and point-of-sale terminals to steal information, such as card numbers and PINs. With this data, fraudsters can create fake credit or debit cards. According to estimates, skimming results in more than $1 billion in annual financial losses.

Pump skimming for fuel
The typical location of fuel pump skimmers is in the machine’s internal wiring, out of the customer’s view. The gadgets used for data collection save information for subsequent wifi or download.

Guidelines to avoid pump skimming
Select a fuel pump closer to the store and in the attendant’s line of sight. Skimmers are less likely to target these pumps. Use a debit card instead of a credit card. Cover the keypad while entering your PIN. Instead of paying at the pump, think about performing the procedure in another secure premise with the attendant. Contact your bank immediately if you believe you’ve been a victim of skimming.

ATM and Point of Sale skimming
Devices for ATM skimmers often cover the original card reader. A few skimming gadgets are located near exposed cables, in the terminal, or in the card reader. ATMs with pinhole cameras capture a user entering their PIN. The placement of pinhole cameras varies greatly. When recording PINs, keypad overlays occasionally take the place of pinhole cameras. This is because Keypad overlays keep track of user keystrokes.

Skimming equipment stores information for eventual wireless transfer or download.

Tips to avoid falling prey to such crimes
Before using the cards, check the POS terminals, ATMs, and other card readers. Look for anything that is off-centre, bent, broken, or scraped. If you find anything strange, avoid using card readers. Before inputting your PIN, tug on the keypad’s edges. Cover the keypad after entering your PIN to prevent cameras from recording your entry. Use ATMs which are indoors, well-lit, and away from any threats. If you are using ATMs in tourist destinations, watch out for skimming devices. Use chip-enabled cards. Devices that steal chip data are less common than those that steal magnetic stripe data. Be cautious while using your debit card with linked accounts. Instead, use a credit card. Immediately contact your bank if the ATM doesn’t return your card after you cancel a transaction.

Impersonation scams
In this scenario, scammers pose as bank employees/another authority figure to gain your trust and access to your personal information. For example, they may call or email you, claiming to be from your bank, and ask for your personal information/login credentials.

Credit card fraud was one of the most widespread types of fraud in the United States in 2021, according to complaints received by the Federal Trade Commission (FTC). However, that statistic only provides a partial picture of the issue.

The Nilson Report, which tracks the payments sector, predicted that over the next ten years, losses in the United States from card fraud would reach $165.1 billion, affecting every age group. According to Insider Intelligence, only one sort of credit card fraud, card-not-present fraud involving online, over-the-phone, and mail-order transactions, will be responsible for an average estimated $5.72 billion in losses in the world’s largest economy in 2022 and beyond.

When someone uses a credit card to make an illicit purchase, such as purchasing goods on Amazon, this is known as credit card fraud. Other types of credit card fraud include identity theft, using stolen cards, and card-not-present fraud. While credit card fraud is a significant issue, there are precautions to avoid being one of the statistics.

Theft of identity
Identity theft occurs when fraud or another crime is conducted using your personal information, such as your credit card or Social Security number. The Federal Trade Commission received around 1.4 million reports of identity theft in 2021.

Technology and banking scams are becoming increasingly sophisticated, and it’s essential to be aware of the dangers and take steps to protect yourself. Always remember to be vigilant and never disclose your personal information or login credentials unless you’re confident you’re dealing with a legitimate source. Stay safe out there!

What's New

ROSHN: Shaping Saudi’s Urban Vision


Regulation around AI is needed: iQmetrix Senior VP of Revenue Jason Raymer

IFM Correspondent

The battle against SIM card theft

IFM Correspondent

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.