Although the global financial industry has made strides in protecting its data from malware, including Trojans, cyberthreats such as network intrusion, ransomware and criminal gang cooperation are presenting fresh challenges, according to the Carnegie Endowment for International Peace.
COVID-19 accelerated everything else digital; why not fraud, too? In this latest CEO/CISO panel, cybersecurity leaders talk frankly about the pace and scale of new fraud schemes from business email compromise to card not present to insider risk.
Attackers have been actively exploiting a flaw in Rackspace's hosted email service to send phishing emails, bearing legitimate and validated domain names, as part of business email compromise scams, warns IT security testing consultancy 7 Elements. Rackspace tells customers it plans to fix the problem soon.
Fraud in the interactive voice response channel was growing before the pandemic. Since? IVR fraud has become "a fraudsters' playground," says Mark Horne, CMO of Pindrop. He shares a new account-centric defensive solution.
Ransomware attacks remain the top cyber-enabled threat seen by law enforcement. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large, Europol warns in its latest Internet Organized Crime Threat Assessment.
From Friday through Monday, malicious JavaScript skimming code was injected into nearly 2,000 e-commerce sites that were running an older version of Adobe's Magento software, possibly resulting in the theft of payment card data, according to Sanguine Security.
So-called "cybersquatting" attacks are surging, with financial and e-commerce websites - including those of PayPal, Royal Bank of Canada, Bank of America and Amazon - among the most frequent targets, according to Palo Alto Networks' Unit 42.
A cybercriminal gang dubbed "UltraRank" that has planted malicious JavaScript code in hundreds of e-commerce websites around the world over the last five years to steal payment card data also takes the unusual step of selling the data on its own, the security firm Group-IB reports.
The operators behind the Qbot banking Trojan are deploying a new version of the malware that uses hijacked Outlook email threads to send personalized phishing emails, according to Check Point Research. This campaign has targeted over 100,000 victims worldwide.
Erika Dietrich of the payments system company ACI Worldwide analyzes statistics on how card-not-present transactions, fraud and chargebacks have changed this year, compared to last year.
When implementing a cybersecurity risk framework, enterprises should use a structured approach to identity and evaluate and manage the risks posed by increased digital transactions during the pandemic, says Dmitry Chernetsky, global presales expert, Kaspersky-APAC.
Card-not-present fraud is rising as fraudsters inject malware into e-commerce websites to harvest account information, says Gord Jamieson of Visa. But the artificial intelligence models used to detect this fraud need to be refined to better mitigate this threat, he says.
FINRA, a private organization that helps self-regulate brokerage firms and exchange markets, is warning that fraudsters have recently started creating spoofed websites and domains using members' real names and images in an attempt to steal personal information and credentials.
The fight against fraud requires more than using the right technologies; it requires understanding threat actors' techniques, says Robert Villanueva of Q6 Cyber.
Reddit had a very "Make America Great Again" weekend, as more than 70 subreddits were temporarily hijacked and used to post "MAGA" messages in support of U.S. President Donald Trump. Attackers claim they used social engineering and password stuffing to compromise the accounts.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.
