From Advanced Threats

Year in Review: Top Fraud Stories

Share Button

Top Fraud StoriesWhile many are looking ahead at 2015, with both relief and some anxiety, we believe its worth taking a look back at the biggest security and fraud stories of 2014, to serve as a reminder of how the fraud landscape has evolved over the last twelve months and what you should be doing to protect your business when, not if, the next security event happens. Read more

Phishing Attacks Rise Again During the Holidays – Even for DMARC Protected Brands

Share Button

It is no secret that phishing attacks are growing in scope and the reason is quite simple: they are still effective. For the past several years, we have seen a marked increase in the number of email driven phishing scams that coincide with the holidays. Below you’ll find an email-driven phishing scam which shows a notification from FedEx—we’ve seen this with other brand-recognized delivery couriers like UPS and DHL. You can view the US-CERT advisory here. In this instance, the notification indicates that FedEx was unable to deliver a package because there was nobody available to sign for it. Once the recipient clicks on the invoice, the phishing attack is launched. With this kind of attack, the company purported to be sending the message is also a victim as the brands themselves become associated with fraudulent activities. Read more

2015 Fraud Outlook – Mobile Heats Up, EMV Not the Promised Land

Share Button

2015 Fraud Outlook Most of us in the business of fighting fraud understand it is and will be an ever-changing challenge. And we expect 2015 to be no different, unfortunately. One of the most difficult expectations placed on fraud organizations is the anticipation of where fraud will occur and how often. In an effort to help you understand what the fraud landscape might look like in the year ahead, I have outlined some considerations that should be understood along with suggestions on how they should be addressed. Read more

Business Partners Beware – Man in the Middle Becomes Man in Your Bank Account

Share Button

We have recently become aware of a new scheme targeting businesses through some of the partners they trust and are closest to – their vendors and third-party providers. We are seeing evidence of these schemes popping up in the Deep Web – the black markets where criminals often sell the credentials or information they have to offer to other criminals eager to act on that information. In this emerging man in the middle scheme, fraudsters convince businesses that their vendors’ bank account information has changed, thereby funneling legitimate payments into illegitimate accounts.

Read more

Webinar Replay: The Fraud Economy

Share Button

Fraud Economy WebinarAlmost every day we hear of a new retailer that has experienced a data breach, frustrating financial institutions that must then deal with the fall-out. According to the recent Faces of Fraud survey, conducted by ISMG, over 70% of financial institutions were impacted by the Target breach last December alone. But how does the fraud economy work? What exactly happens to all this data that is stolen? How is it sold, and what is it worth?

Read more

Apple Pay Secure? Not so Fast…Overlooked Security Concerns and Predictions

Share Button

Apple PayApple Pay went live yesterday. And while there has been much talk about how it's going to disrupt the payment system, and how easy it will be to use, security is once again being overlooked in the urgency for speed and convenience above all else. Read more

Phishing Attack Advisory: Watch Out for Ebola-Based Scams

Share Button

ebolaEvery major world crisis represents a new opportunity for fraudsters to take advantage of our good faith and the Ebola virus is no different. Different advisories have been issued cautioning banks and other organizations to reemphasize their customers the necessary skepticism with opening, clicking, or answering Ebola-based notifications. Read more

Bash Cheat Sheet by American Banker

Share Button

American BankerUnsurprisingly, Bash has been dominating countless new sites over the past week. I recently spoke to Penny Crosman with American Banker and she wrote a story on what bankers need to know about Bash – it’s a must read.

Here’s the full article: http://www.americanbanker.com/issues/179_187/cheat-sheet-what-bankers-need-to-know-about-bash-software-bug-1070254-1.html

Shellshock - BASH Exploitation Likely to Affect Large Hosting Providers and Sites, Be Used to Create Botnets

Share Button
BASH
Shellshoch Bash

The new Shellshock vulnerability that affects the bash shell is one of the kind of vulnerabilities that makes old infosec guys chuckle. The bash vulnerability and its exploitation is not a marvel of complexity.  We'll get into the specifics of how it works shortly. But first, let's address who's at risk. Read more

Home Depot Breach: Time to Value of Black Market Cards Changes as Banks and Retailers Improve Detection

Share Button

home depot teaching kids to buildWith the latest retail breach at Home Depot, attention has again turned to credit card black markets, the clearinghouses that sell these stolen cards to the highest bidder. These are no fly-by-night operation. In fact, the largest of these markets have some sophisticated features that any e-commerce site would tout, including:
• integrated Bitcoin funding
• good customer support
• good commerce features

 

 

Read more