While many are looking ahead at 2015, with both relief and some anxiety, we believe its worth taking a look back at the biggest security and fraud stories of 2014, to serve as a reminder of how the fraud landscape has evolved over the last twelve months and what you should be doing to protect your business when, not if, the next security event happens. Read more
It is no secret that phishing attacks are growing in scope and the reason is quite simple: they are still effective. For the past several years, we have seen a marked increase in the number of email driven phishing scams that coincide with the holidays. Below you’ll find an email-driven phishing scam which shows a notification from FedEx—we’ve seen this with other brand-recognized delivery couriers like UPS and DHL. You can view the US-CERT advisory here. In this instance, the notification indicates that FedEx was unable to deliver a package because there was nobody available to sign for it. Once the recipient clicks on the invoice, the phishing attack is launched. With this kind of attack, the company purported to be sending the message is also a victim as the brands themselves become associated with fraudulent activities. Read more
Most of us in the business of fighting fraud understand it is and will be an ever-changing challenge. And we expect 2015 to be no different, unfortunately. One of the most difficult expectations placed on fraud organizations is the anticipation of where fraud will occur and how often. In an effort to help you understand what the fraud landscape might look like in the year ahead, I have outlined some considerations that should be understood along with suggestions on how they should be addressed. Read more
We have recently become aware of a new scheme targeting businesses through some of the partners they trust and are closest to – their vendors and third-party providers. We are seeing evidence of these schemes popping up in the Deep Web – the black markets where criminals often sell the credentials or information they have to offer to other criminals eager to act on that information. In this emerging man in the middle scheme, fraudsters convince businesses that their vendors’ bank account information has changed, thereby funneling legitimate payments into illegitimate accounts.
Almost every day we hear of a new retailer that has experienced a data breach, frustrating financial institutions that must then deal with the fall-out. According to the recent Faces of Fraud survey, conducted by ISMG, over 70% of financial institutions were impacted by the Target breach last December alone. But how does the fraud economy work? What exactly happens to all this data that is stolen? How is it sold, and what is it worth?
Apple Pay went live yesterday. And while there has been much talk about how it's going to disrupt the payment system, and how easy it will be to use, security is once again being overlooked in the urgency for speed and convenience above all else. Read more
Every major world crisis represents a new opportunity for fraudsters to take advantage of our good faith and the Ebola virus is no different. Different advisories have been issued cautioning banks and other organizations to reemphasize their customers the necessary skepticism with opening, clicking, or answering Ebola-based notifications. Read more
Unsurprisingly, Bash has been dominating countless new sites over the past week. I recently spoke to Penny Crosman with American Banker and she wrote a story on what bankers need to know about Bash – it’s a must read.
Shellshock - BASH Exploitation Likely to Affect Large Hosting Providers and Sites, Be Used to Create Botnets
The new Shellshock vulnerability that affects the bash shell is one of the kind of vulnerabilities that makes old infosec guys chuckle. The bash vulnerability and its exploitation is not a marvel of complexity. We'll get into the specifics of how it works shortly. But first, let's address who's at risk. Read more
Home Depot Breach: Time to Value of Black Market Cards Changes as Banks and Retailers Improve Detection
With the latest retail breach at Home Depot, attention has again turned to credit card black markets, the clearinghouses that sell these stolen cards to the highest bidder. These are no fly-by-night operation. In fact, the largest of these markets have some sophisticated features that any e-commerce site would tout, including:
• integrated Bitcoin funding
• good customer support
• good commerce features