Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Banking. Show all posts
Malware Campaign
Banking Cyber Scammers Cybersecurity Discord Illegal Porn malware Malware Campaign

Malware Campaign: Porn Viewers Should Hide Webcams

 

Any users who visit porn sites should be extra careful now. Porn viewers should hide their cameras. If users do not hide their webcams, they risk unpleasant recordings and extortion. Porn viewers should hide their webcams. 

According to a new blog post by security experts at Proofpoint, a new malware type is currently going viral. It is classified as an infostealer that reads various data and sends it in text form. However, there’s more to it. Another component of the new malware campaign specifically hacks the privacy of those impacted. 

Now, porn viewers should immediately protect their cameras. According to the report, the malicious software would immediately detect when someone opens an adult website on compromised browsers.  

Attack tactic 


The malware scans the page for keywords like “sex” or “porn”. In such incidents, it promptly captures a screenshot of the desktop and accesses the webcam to click an image of the person in front of it. 

These screen captures (sometimes nudes) are later used for extortion. Thus, it becomes crucial for porn viewers to at least cover their webcams to protect themselves from unsolicited recordings, from apps like Omegle. This is not the first time porn viewers have been targeted by scammers.  

While malware taking pictures is not a new tactic, it is still comparatively rare. Porn viewers should secure their cameras as much as possible. 

Potential for extensive data theft 


Researchers from Proofpoint explained that there can be extensive data theft, and the information can be disseminated through different platforms. The stolen data comprises: bank details, session cookies, session data, logins, email, access info, and system information keystrokes. The distribution takes place via platforms such as Telegram, SMTP, Discord, or file hosts. 

Phishing emails for malware 


The current malware is based on the open-source malware Stealerium; it is publicly accessible and has been active since 2022. Hackers can easily download and adjust it for their needs. 

Recently, there has been a surge in attacks despite the malware age. From May to August 2025, there was a spike in malware campaigns. The key distribution method of malware was phishing emails concerning legal or banking issues. Impacted users should be careful with messages from unknown senders and recognize phishing emails.  Even a single click could be hazardous.
Read more »
SMiShing
Android Android Trojans Banking Google Herodotus malware SMiShing

Herodotus Trojan Mimics Human Typing to Steal Banking Credentials

 



A newly discovered Android malware, Herodotus, is alarming cybersecurity experts due to its unique ability to imitate human typing. This advanced technique allows the malware to avoid fraud detection systems and secretly steal sensitive financial information from unsuspecting users.

According to researchers from Dutch cybersecurity firm ThreatFabric, Herodotus combines elements from older malware families like Brokewell with newly written code, creating a hybrid trojan that is both deceptive and technically refined. The malware’s capabilities include logging keystrokes, recording screen activity, capturing biometric data, and hijacking user inputs in real time.


How users get infected

Herodotus spreads mainly through side-loading, a process where users install applications from outside the official Google Play Store. Attackers are believed to use SMS phishing (smishing) campaigns that send malicious links disguised as legitimate messages. Clicking on these links downloads a small installer, also known as a dropper, that delivers the actual malware to the device.

Once installed, the malware prompts victims to enable Android Accessibility Services, claiming it is required for app functionality. However, this permission gives the attacker total control,  allowing them to read content on the screen, click buttons, swipe, and interact with any open application as if they were the device owner.


The attack mechanism

After the infection, Herodotus collects a list of all installed apps and sends it to its command-and-control (C2) server. Based on this data, the operator pushes overlay pages, fake screens designed to look identical to genuine banking or cryptocurrency apps. When users open their actual financial apps, these overlays appear on top, tricking victims into entering login details, card numbers, and PINs.

The malware can also intercept one-time passwords (OTPs) sent via SMS, record keystrokes, and even stream live footage of the victim’s screen. With these capabilities, attackers can execute full-scale device takeover attacks, giving them unrestricted access to the user’s financial accounts.


The human-like typing trick

What sets Herodotus apart is its behavioral deception technique. To appear human during remote-control sessions, the malware adds random time delays between keystrokes, ranging from 0.3 to 3 seconds. This mimics natural human typing speed instead of the instant input patterns of automated tools.

Fraud detection systems that rely solely on input timing often fail to recognize these attacks because the malware’s simulated typing appears authentic. Analysts warn that as Herodotus continues to evolve, it may become even harder for traditional detection tools to identify.


Active regions and underground sale

ThreatFabric reports that the malware has already been used in Italy and Brazil, disguising itself as apps named “Banca Sicura” and “Modulo Seguranca Stone.” Researchers also found fake login pages imitating popular banking and cryptocurrency platforms in the United States, United Kingdom, Turkey, and Poland.

The malware’s developer, who goes by the alias “K1R0” on underground forums, began offering Herodotus as a Malware-as-a-Service (MaaS) product in September. This means other cybercriminals can rent or purchase it for use in their own campaigns, further increasing the likelihood of global spread.

Google confirmed that Play Protect already blocks known versions of Herodotus. Users can stay protected by avoiding unofficial downloads, ignoring links in unexpected text messages, and keeping Play Protect active. It is also crucial to avoid granting Accessibility permissions unless an app’s legitimacy is verified.

Security professionals advise enabling stronger authentication methods, such as app-based verification instead of SMS-based codes, and keeping both system and app software regularly updated.


Read more »
User Privacy
Banking Cyber Fraud hack Muzaffarpur RemoteApp User Privacy

Muzaffarpur Man Loses ₹3.5 Lakh in Remote Access App Bank Fraud

 

A resident of Muzaffarpur, Bihar fell victim to a sophisticated remote access application scam that resulted in the loss of ₹3.5 lakh from his bank account. The cybercrime incident occurred when the victim was searching online for courier service assistance and discovered what appeared to be a legitimate customer support contact number through Google search results. 

Scam operation 

The fraudsters posed as courier service agents and initiated contact with the unsuspecting victim. During the conversation, the criminals convinced the man to download and install a remote access application on his mobile device, claiming it would help resolve his delivery-related issues. Once the victim granted remote access permissions to the application, the cybercriminals gained complete control over his smartphone and banking applications . 

Financial impact  

Within minutes of installing the malicious remote access software, the fraudsters executed multiple unauthorized transactions from the victim's bank account. The scammers managed to conduct seven separate high-value financial transfers, draining a total amount of ₹3.5 lakh from the man's banking accounts. The transactions were processed rapidly, taking advantage of the victim's digital banking credentials that were accessible through the compromised device . 

Broader criminal network 

Local police investigations have revealed that this incident is part of a larger interstate fraud syndicate operating across multiple states. The cyber crime cell has traced the fraudulent transactions to various bank accounts, suggesting a well-organized criminal network. Law enforcement agencies suspect that the scammers strategically place fake customer service numbers on internet search platforms, impersonating official service providers to target unsuspecting consumers.

Rising threat 

This case represents an alarming trend in cybercrime where fraudsters exploit remote desktop applications like AnyDesk and TeamViewer to gain unauthorized access to victims' devices. The scammers often target individuals seeking customer support for various services, including courier deliveries, utility bills, and other common consumer needs. These social engineering attacks have become increasingly sophisticated, with criminals creating convincing scenarios to pressure victims into installing malicious software. 

Prevention and safety measures 

Cybersecurity experts emphasize the importance of digital awareness and caution when dealing with unsolicited support calls or online search results. Users should verify customer service numbers directly from official websites rather than relying on search engine results. 

Additionally, individuals should never install remote access applications unless they are completely certain about the legitimacy of the requesting party. Financial institutions and telecom providers are working to implement enhanced fraud detection systems to identify and prevent such scams in real-time .
Read more »
Telecom
Banking Cyber Fraud Ghaziabad OTP phishing Telecom

Ghaziabad eSIM Fraud: Woman Loses ₹18.5 Lakh in Sophisticated SIM Swap Scam

 

A 54-year-old resident of Shipra Suncity, Indirapuram, Ghaziabad, fell victim to a sophisticated eSIM fraud that resulted in the loss of ₹18.48 lakh from her bank accounts. Arti Kaul was targeted by cybercriminals who posed as Airtel customer service representatives to execute an elaborate SIM swap scam. 

Fraudulent call 

On August 29, 2025, at approximately 1:00 PM, Kaul received a phone call from fraudsters claiming to be Airtel representatives. The callers convinced her that she needed to upgrade her SIM card from 4G to 5G as per company policy, presenting the upgrade as mandatory. Unaware of the deceptive nature of the call, Kaul stayed on the line with the fraudsters throughout the process.

Technical manipulation

At 1:10 PM, Kaul received an SMS from Airtel containing an OTP for eSIM card activation. Following this, she received a long numerical message on WhatsApp, along with subsequent SIM card update-related messages and additional calls from both the fraudsters and legitimate Airtel representatives. The victim shared the OTP with the callers, inadvertently giving them access to activate an eSIM on their own device, effectively hijacking her phone number. 

Once the fraudsters gained control of Kaul's phone number through the eSIM activation, they systematically drained her bank accounts. The theft occurred through more than 50 separate transactions between August 31 and September 1, 2025, targeting both her Axis Bank and HDFC Bank accounts. The total amount stolen reached ₹18.48 lakh. 

Discovery and legal action

Kaul discovered the fraud when her SIM card became inactive and she stopped receiving messages. Upon visiting her banks, employees informed her about the unauthorized transactions that had occurred over the previous days. She subsequently filed a complaint with the cyber crime police station, and an investigation has been launched.

This incident highlights the growing threat of eSIM-based fraud in India, where criminals exploit the convenience of digital SIM technology to rapidly hijack mobile numbers and access victims' financial accounts through intercepted OTPs. 

Safety tips 

Never share OTPs or activation codes: Avoid sharing one-time passwords (OTPs), eSIM activation codes, or QR codes with anyone, even if they claim to be from your telecom provider. No legitimate company will request these details over phone or SMS. 

Use only official channels: Always request eSIM conversions or upgrades directly through official carrier apps, websites, or physical stores. Do not click on unknown links, and never proceed with eSIM activation from unsolicited messages or calls . 

Act fast on signal loss: If your phone unexpectedly loses network signal or displays “No Service,” immediately report the issue to your mobile operator and notify your bank. This could indicate that your number has been hijacked.

Stay alert for phishing attempts: Be wary of calls, emails, or texts asking for personal, banking, or SIM-related information. Always verify the identity of the sender by reaching out through the provider’s verified customer care number. 

Monitor account activity: Regularly review bank and mobile account activity for unauthorized transactions or account changes. Set up alerts where available for any transaction or SIM change activity.

Following these safety steps drastically reduces the risk of eSIM-based fraud and helps in swift detection of account compromise.
Read more »
Technology
AI Banking Deepfake Finance KYC Technology

How AI Impacts KYC and Financial Security

How AI Impacts KYC and Financial Security

Finance has become a top target for deepfake-enabled fraud in the KYC process, undermining the integrity of identity-verification frameworks that help counter-terrorism financing (CTF) and anti-money laundering (AML) systems.

Experts have found a rise in suspicious activity using AI-generated media, highlighting that threat actors exploit GenAI to “defraud… financial institutions and their customers.”

Wall Street’s FINRA has warned that deepfake audio and video scams can cause losses of $40 billion by 2027 in the finance sector.

Biometric safety measures do not work anymore. A 2024 Regula research revealed that 49% businesses throughout industries such as fintech and banking have faced fraud attacks using deepfakes, with average losses of $450,000 per incident. 

As these numbers rise, it becomes important to understand how deepfake invasion can be prevented to protect customers and the financial industry globally. 

More than 1,100 deepfake attacks in Indonesia

Last year, an Indonesian bank reported over 1,100 attempts to escape its digital KYC loan-application process within 3 months, cybersecurity firm Group-IB reports.

Threat actors teamed AI-powered face-swapping with virtual-camera tools to imitate the bank’s  liveness-detection controls, despite the bank’s “robust, multi-layered security measures." According to Forbes, the estimated losses “from these intrusions have been estimated at $138.5 million in Indonesia alone.”

The AI-driven face-swapping tools allowed actors to replace the target’s facial features with those of another person, allowing them to exploit “virtual camera software to manipulate biometric data, deceiving institutions into approving fraudulent transactions,” Group-IB reports.

How does the deepfake KYC fraud work

Scammers gather personal data via malware, the dark web, social networking sites, or phishing scams. The date is used to mimic identities. 

After data acquisition, scammers use deepfake technology to change identity documents, swapping photos, modifying details, and re-creating entire ID to escape KYC checks.

Threat actors then use virtual cameras and prerecorded deepfake videos, helping them avoid security checks by simulating real-time interactions. 

This highlights that traditional mechanisms are proving to be inadequate against advanced AI scams. A study revealed that every 5 minutes, one deepfake attempt was made. Only 0.1 of people could spot deepfakes. 

Read more »
Security
AI Banking Biometrics Cyber Crime Fintech Fraud identity Payments Scams Security

Account Takeover Fraud Surges as Cybercriminals Outpace Traditional Bank Defenses

 

As financial institutions bolster their fraud prevention systems, scammers are shifting tactics—favoring account takeover (ATO) fraud over traditional scams. Instead of manipulating victims into making transactions themselves, fraudsters are bypassing them entirely, taking control of their digital identities and draining funds directly.

Account takeover fraud involves unauthorized access to an individual's account to conduct fraudulent transactions. This form of cybercrime has seen a sharp uptick in recent years as attackers use increasingly advanced techniques—such as phishing, credential stuffing, and malware—to compromise online banking platforms. Conventional fraud detection tools, which rely on static behavior analysis, often fall short as bad actors now mimic legitimate user actions with alarming accuracy.

According to NICE Actimize's 2025 Fraud Insights U.S. Retail Payments report, the share of account takeover incidents has increased in terms of the total value of fraud attempts between 2023 and 2024. Nevertheless, scams continue to dominate, making up 57% of all attempted fraud transactions.

Global financial institutions witnessed a significant spike in ATO-related incidents in 2024. Veriff's Identity Fraud Report recorded a 13% year-over-year rise in ATO fraud. FinCEN data further supports this trend, revealing that U.S. banks submitted more than 178,000 suspicious activity reports tied to ATO—a 36% increase from the previous year. AARP and Javelin Strategy & Research estimated that ATO fraud was responsible for $15.6 billion in losses in 2024.

Experts emphasize the need to embrace AI-powered behavioral biometrics, which offer real-time identity verification by continuously assessing how users interact with their devices. This shift from single-point login checks to ongoing authentication enables better threat detection while enhancing user experience. These systems adapt to variables such as device type, location, and time of access, supporting the NIST-recommended zero trust framework.

"The most sophisticated measurement approaches now employ AI analytics to establish dynamic baselines for these metrics, enabling continuous ROI assessment as both threats and solutions evolve over time," said Jeremy London, director of engineering for AI and threat analytics at Keeper Security.

Emerging Fraud Patterns
The growth of ATO fraud is part of a larger evolution in cybercrime tactics. Cross-border payments are increasingly targeted. Although international wire transfers declined by 6% in 2024, the dollar value of fraud attempts surged by 40%. Fraudsters are now focusing on high-value, low-volume transactions.

One particularly vulnerable stage is payee onboarding. Research shows that 67% of fraud incidents were linked to just 7% of transactions—those made to newly added payees. This finding suggests that cybercriminals are exploiting the early stages of payment relationships as a critical vulnerability.

Looking ahead, integrating multi-modal behavioral signals with AI-trained models to detect sophisticated threats will be key. This hybrid approach is vital for identifying both human-driven and synthetic fraud attempts in real-time.
Read more »
Terrorism
Banking CERT-In Cybe Security Cyberattack DDoS defacement Digital Finance India Infrastructure Misinformation Pahalgam SocialMedia surveillance Terrorism

India Strengthens Cybersecurity Measures Amid Rising Threats Post-Pahalgam Attack

 

In response to a surge in cyberattacks targeting Indian digital infrastructure following the Pahalgam terror incident, the Indian government has directed financial institutions and critical infrastructure sectors to enhance their cybersecurity protocols. These instructions were issued by the Computer Emergency Response Team (CERT-In), according to a source familiar with the development, Moneycontrol reported.

The precautionary push isn’t limited to government networks — private sector entities are also actively reinforcing their systems against potential cyber threats. “We have been extra alert right from the Pahalgam attack, in terms of ensuring cyber security speedily not just by government agencies but also by the private sector,” the source stated.

CERT-In, India’s central agency for cyber defense, has released advisories to banking institutions and other essential sectors, urging them to tighten their digital safeguards. In addition, the government has engaged with organizations like NASSCOM to facilitate a collaborative cyber alert framework.

Recent attacks primarily involved DDoS, or distributed denial-of-service incidents, which overwhelm servers with excessive traffic, rendering websites inaccessible and potentially causing financial damage. Attempts to deface websites — typically for political messaging — were also reported.

This intensified focus on digital defense follows India’s military action against terrorist hideouts in Pakistan, occurring nearly two weeks after the Pahalgam incident, which resulted in the deaths of Indian tourists in Kashmir.

Moneycontrol previously highlighted that cyber surveillance across India's vital digital infrastructure is being ramped up following the Pahalgam attack and the subsequent Operation Sindoor. Critical sectors and strategic installations are under strict scrutiny to ensure adherence to robust cybersecurity practices.

Amid these developments, misinformation remains a parallel concern. Daily takedown requests under Section 69A of the IT Act have surpassed 1,000, as the government works with social media platforms to curb the spread of fake news, the source noted.
Read more »
tokenization
Banking Biometrics contactless Cyber Security Fintech Fraud mobile wallet Payments Security tokenization

Mastercard to Eliminate 16-Digit Card Numbers by 2030 for Enhanced Security

 

In a strategic move to combat identity theft and fraud, Mastercard has announced plans to remove the traditional 16-digit card number from credit and debit cards by 2030. Instead, the company will implement tokenization and biometric authentication to enhance security.

Mastercard has been integrating biometric authentication into its payment ecosystem since 2022, allowing transactions to be completed with a smile or a hand wave. Now, the next phase involves replacing card numbers with tokens, which transform the 16-digit identifier into a unique digital code stored on devices. This ensures that card details are never exposed during online or contactless transactions.

The initial rollout of these numberless cards will be in collaboration with AMP Bank, with additional financial institutions expected to adopt the technology in the coming year.

Receiving a suspicious transaction alert from the bank can be alarming, and for good reason—payment fraud has been on the rise. In Australia, fraudulent card transactions amounted to A$868 million in 2023-24, up from A$677.5 million the previous year.

Data breaches continue to expose sensitive financial information, with major incidents involving Marriott, Starwood Hotels, and Ticketmaster affecting hundreds of millions of customers worldwide. In Australia, card-not-present fraud—where transactions occur without the physical card—accounts for 92% of all card fraud, increasing by 29% in the last financial year.

Although the Card Verification Value (CVV) was introduced to verify physical card possession, its effectiveness has diminished over time.

By removing the card number, Mastercard aims to reduce unauthorized transactions and minimize risks associated with data breaches. Without stored payment details, compromised databases will no longer expose customers’ financial information.

This move aligns with broader industry concerns about data storage and privacy, highlighted by incidents such as the 2022 Optus data breach, which leaked historical customer data. Eliminating stored card details prevents future attacks from leveraging outdated information.

Challenges in Adopting the New System

While digital banking users may find the transition seamless, concerns arise regarding accessibility. Elderly consumers and individuals with disabilities who rely on traditional banking methods might struggle with the shift to mobile authentication.

Additionally, shifting security reliance from physical cards to mobile devices introduces new risks. SIM swapping and impersonation scams already enable criminals to take over victims' phone accounts, and these tactics could escalate as digital payment systems evolve.

Biometric authentication presents another challenge—unlike credit card details, biometric data is immutable. If compromised, it cannot be changed, increasing the stakes of potential identity theft. Previous breaches, such as the BioStar 2 security lapse and Australia’s Outabox facial recognition exposure, highlight the risks of biometric data leaks.

As contactless payments continue to grow, physical cards may soon become unnecessary. In 2023, mobile wallet transactions in Australia surged 58%, reaching $146.9 billion. By October 2024, nearly 44% of transactions were conducted via mobile devices.

Retail innovations like Amazon’s Just Walk Out technology are accelerating this trend. Currently deployed across 70 Amazon-owned stores and 85 third-party locations, the system uses AI-powered cameras and weight sensors to enable checkout-free shopping. Companies like Trigo, Cognizant, and Grabango are also developing similar smart retail solutions, with trials underway in major supermarket chains like Tesco and ALDI.

However, even in frictionless shopping experiences, consumers must initially enter card details into payment apps. To eliminate the need for cards and numbers entirely, biometric payments—such as facial recognition transactions—are gaining traction as the next frontier in secure digital commerce.
Read more »
IT risks
Banking Cyber Security Cyber Technology Cyberattacks CyberCrime Cyberthreats Digital Supply IT risks

EU Mandates Tougher Cybersecurity for Banking Sector

 


European Banks Strengthen Cybersecurity Amid Strict Regulations

European banks are being compelled to enhance their cybersecurity systems to comply with stringent regulations aimed at safeguarding critical infrastructure against cyber threats. The rise of digital tools in the financial sector has brought with it an urgent need for robust data protection systems and comprehensive cybersecurity measures.

Cyber risks remain a persistent challenge in the banking industry, with no signs of abatement. According to industry projections by Cybersecurity Ventures, global cybercrime costs are expected to escalate to a staggering $10.5 trillion annually by 2025. While these figures highlight the gravity of the issue, financial institutions have an opportunity to protect themselves from financial and reputational harm through the strategic implementation of dependable cybersecurity frameworks.

The Digital Operational Resilience Act (DORA)

On January 17, after a two-year implementation period, the Digital Operational Resilience Act (DORA) was signed into law. This legislation mandates financial services firms and their technology providers to enhance their resilience against cyberattacks and operational disruptions.

Under the new rules, financial institutions must:

  • Implement proactive risk management systems to identify and mitigate operational disruptions.
  • Establish rapid-response protocols to address technological challenges.
  • Conduct regular resilience tests to strengthen their digital defenses.
  • Continuously monitor and assess third-party IT risks across the supply chain.

The act affects over 22,000 institutions, including banks, digital banks, and cryptocurrency service providers. Non-compliance can result in fines of up to 2% of annual global revenue, with managers personally liable for breaches, facing penalties of up to €1 million.

Compliance with European cybersecurity regulations remains complex. Harvey Jang, Chief Privacy Officer and Deputy General Counsel at Cisco, notes that the financial sector operates under multiple overlapping regulations. These include the Network and Information Systems Directive (NIS), which focuses on critical infrastructure security, and the General Data Protection Regulation (GDPR), which standardizes data protection across the EU.

Each regulation introduces unique requirements, and national implementation adds further fragmentation. For instance:

  • The NIS Directive mandates member states to ensure high-security standards for critical infrastructure.
  • The GDPR emphasizes privacy, security, and breach management, significantly impacting financial institutions that control and process vast amounts of data.

DORA and NIS2: Strengthening EU Cybersecurity

DORA complements the updated NIS2 Directive, introduced in 2023 to address evolving cyber threats. Together, these regulations aim to bolster resilience across EU member states, ensuring financial institutions are prepared for the complexities of modern cyber threats.

However, a survey by Orange Cyberdefense revealed that 43% of UK financial institutions are still not fully compliant with DORA. Despite the UK’s departure from the EU, DORA applies to any financial institution operating within the EU, including those without an EU office.

Rising Awareness and Proactive Measures

Recent incidents, such as the 2024 Microsoft/CrowdStrike outage, have underscored the importance of proactive cybersecurity measures. These events have prompted organizations to allocate larger budgets to risk management teams and adopt a crisis-preparedness mindset.

"Forward-thinking organizations understand that it’s better to be prepared for crises when they occur, rather than if they occur," states the Boyle report. This shift in mindset has empowered companies to focus on readiness in an increasingly complex threat landscape.

The Role of High-Security Solutions

Companies like Salt, a Belfast-based cybersecurity firm, are addressing the growing need for high-security solutions. Salt serves industries such as finance, defense, and law enforcement in over 50 countries, including clients like BAE Systems and Mishcon de Reya.

Salt’s approach prioritizes customized, high-security communication systems that offer clients absolute control and exclusivity. “Our high-security clients demand systems that are independent and inaccessible once deployed — even to us,” explains Boyle. This assurance gives clients confidence and peace of mind in today’s complex threat environment.

As the financial sector navigates an increasingly digital and interconnected world, the importance of robust and proactive cybersecurity strategies cannot be overstated. Compliance with evolving regulations like DORA and NIS2 is critical to safeguarding financial institutions and maintaining trust in the industry.

Read more »
UPI
Banking Digital Arrest Jumped Deposit Scam SBI Scam Technology UPI

Banking Fraud: Jumped Deposit Scam Targets UPI Users


Users of the unified payments interface (UPI) are the victims of a recent cyber fraud known as the "jumped deposit scam." First, scammers persuade victims by making a modest, unsolicited deposit into their bank accounts. 

How does it operate? 

A scammer uses UPI to transfer a tiny sum to the victim's bank account. After that, they ask for a larger withdrawal right away. The victim might quickly verify their bank account amount due to this sudden deposit. The victim must input their personal identification number (PIN) to access their bank details, and the stolen withdrawal is authorized. The difference money is stolen by fraudsters.

The Hindu reports, “Scammers exploit the recipient’s curiosity over an unsolicited deposit to access their funds.”

The public was previously warned by the Tamil Nadu Cyber Crime Police to exercise caution when dealing with such unforeseen deposits. It noted that the latest scam was the subject of numerous complaints to the National Cyber Crime Reporting Portal.

What to do?

There are two methods UPI customers can use to guard against jumped deposit scams. 

Since withdrawal requests expire after a certain amount of time, wait 15 to 30 minutes after noticing an unexpected transaction in your bank account before checking your balance. Try carefully entering an incorrect PIN number to reject the prior transaction if you don't have time to wait a few minutes. 

Additionally, to confirm the legitimacy, notify your bank if you discover an unexpected or sudden credit in your account. Scam victims need to file a complaint with the cybercrime portal or the closest police station.

Banking attacks on the rise

The State Bank of India recently highlighted several cybercrimes, including digital arrests and fake customs claims, in light of the rise in cybercrimes. To safeguard themselves, the bank advised its clients to report shady calls and confirm any unexpected financial requests. 

It explained scams like "digital arrests," where scammers pretend to be law enforcement officers and threaten to question you about fictitious criminal conduct. For easy chores, some scammers may offer large quantities of money as payment. After that, they might request a security deposit.
Read more »
Transaction Security
Banco Santander Banking Cyberattacks CyberCrime Data Breach Digital Security Malicious Incident Transaction Security

Banco Santander Reports Data Breach, Reaffirms Transaction Security

 


There was a malicious incident reported by Bank Santander that involved an individual who had accessed the data of one of its service providers. The malicious incident resulted in a data breach, which affected the bank's customers and posed a threat to their digital identities. One of the biggest banking institutions in the world, Banco Santander, recently reported that it was accessed by an unauthorized party in a database that contained highly sensitive customer information from Chile, Spain, and Uruguay, resulting in a significant cybersecurity incident. 

Digital security in the banking sector is facing growing challenges as a result of this recent breach, which has been brought to the attention of the Spanish stock market supervisor. Approximately a year ago, Santander announced a data breach that involved a third-party database hosted by a third-party provider. It contained information about Santander's clients in three countries, as well as information regarding all Santander employees. 

People have been assured by the bank that there was no transactional data contained in the compromised database nor that login credentials or passwords could be accessed directly to the bank's banking systems. An attack on a third-party supplier may have compromised the privacy of customers and employees of Santander across Spain, Chile and Uruguay. The bank notified them of the threat. 

According to the Spanish National Securities Market Commission (CNMV), which is the second largest bank in the world by market value, the bank reported on Tuesday that "unauthorized access to a database" caused the incident. Except for German federal government employees, it was reported that this database contained data belonging to "all employees and some former employees of the group". This may mean that as many as 200,000 Santander employees around the world were affected by the exposure. 

Among the largest and most important banks in the world, Banco Santander, whose presence is mainly in Spain, the United Kingdom, Brazil, Mexico, and the United States, has over 140 million customers and is known for offering an extensive array of financial products and services. A data breach incident involving customers and employees of the bank in Spain, Chile, and Uruguay has been announced by the bank in a statement published this week. 

According to the bank, there have been no details provided about the types of data that were exposed, however, it is noted that online banking credentials as well as transaction information were not affected. According to Santander, this incident has not affected its presence in any other markets where it operates and has not affected existing financial products. Although no further details regarding the details of the exposed data have yet been released by the bank, they have assured everyone that the affected dataset does not include transaction data or the passwords for online banking accounts. 

Furthermore, the financial institution went on to inform its customers that none of its other markets were affected by this incident. Further, neither the bank's systems nor its operations in the previously mentioned nations have been affected by this incident. It is because of this that clients will be able to continue to use all services freely and without any concerns. It is the bank's policy on the other hand to contact all its customers and employees in the affected areas immediately after the data breach occurs and seek its assistance from law enforcement agencies in addressing the problem. 

The bank refuses to reveal the identity of the third-party service provider affected, how many of its clients were affected as well as what type of data was exposed. The security breach operators could indeed use the impacted data in other illegal activities, within the countries allegedly compromised by the attack, for example, conducting phishing campaigns. 

As a result, customers and employees within the countries allegedly compromised by the attack should be cautious about their digital presence. There are serious concerns regarding the stability of the financial and banking sectors as an increasing number of cyber threats or the exposure of third-party databases, as was the case with the Santander data breach. Several incidents can erode confidence in the financial system, cause critical services to be disrupted, or have spillover effects on other institutions, as noted in a blog post by the International Monetary Fund last month. 

In March, the European Central Bank issued instructions to banks within the European Union region to be prepared for cyberattacks by taking stronger measures. Earlier, the European Central Bank (ECB) announced its intention to conduct a resilience test on a minimum of 109 of its directly supervised banks in 2024. This initiative arises from heightened concerns about the security of European banking institutions. 

In the previous year, data from Deutsche Bank AG, Commerzbank AG, and ING Group NV were compromised following an exploit by the CL0P ransomware group. This breach exploited a security vulnerability in the MOVEit file transfer tool. The European Central Bank’s official website elaborates that its banking supervisors depend on stress tests to collect vital information and evaluate the banks' ability to withstand, respond to, and recover from cyberattacks, rather than solely focusing on their capability to prevent such attacks. 

These assessments of response and recovery encompass the activation of emergency procedures, the implementation of contingency plans, and the restoration of normal operations. The website further details that the results of these tests will be utilized by supervisors to identify vulnerabilities. These identified weaknesses will then form the basis for discussions with the respective banks, aiming to enhance their overall cybersecurity resilience. The ECB’s proactive approach underscores its commitment to ensuring the robustness and reliability of the European banking sector in the face of evolving cyber threats.
Read more »
Privacy
Banking Cash Cyberattacks CyberCrime Cyberhackers Cybersecurity Privacy

Advocating for the Persistence of Cash to Counteract Intrusive Banking Practices

 


The Bank of England released news this week that the value of notes in circulation has increased by nearly 16 percent since last year as it announced the opening of a new exhibition on the future of money (who could resist a tour through the history of payment methods?) 

A curator at the Bank of England Museum, Jennifer Adam, stated that even though many people are making more use of digital payments regularly, many people may still be using cash regularly. She also added that if users are physically handing over cash in shops to keep track of their finances, it will be much easier for them to keep track of their finances. 

There is also a theory that the spike in cash can also be attributed to “the turmoil caused by the pandemic and a rise in living costs”. In today's world, users are sick and tired of Big Brother, the state that is grabbing our data with its tentacles. 

Big Brother isn't the only problem. The government is utilizing its catalogue of scapegoats to avoid addressing the current economic hardship that families are facing to avoid addressing the election looming ahead. To whip up divisive and xenophobic, anti-immigrant sentiment, there is no better example than Rishi Sunak’s ongoing struggle to implement an illegal flagship Rwanda policy which is the best example of this principle. 

During the last week, Sunak accepted (then backed out of) a £1000 bet with TalkTV host Piers Morgan that he would get planes in the air before the next general election, which exemplifies the government’s distancing from asylum seekers most affected by this policy, highlighting how the government has become increasingly indifferent to the misfortunes of asylum seekers.  

In light of the passage of the second reading in the House of Lords of the Data Protection and Digital Information Bill (DPDI), amendments to the bill will likely have a greater impact on benefits recipients regarding savings accounts, overseas travel, and other benefits. Additionally, several cruel pieces of legislation have been passed to weaken the welfare system in a misguided attempt to help people find work and to 'crackdown' on fraudulent welfare claimants by debilitating the system. 

This government seems determined to fight workers and benefits recipients against one another for votes, as evidenced by Sunak's promise of cutting disability benefits to reduce taxes. As a result of the DPDI Bill, a bill introduced by the Secretary for Work and Pensions, Mel Stride, the DWP will be able to spy on welfare recipients' bank accounts to improve the welfare system. 

Accordingly, nearly 9 million people and anyone connecting them to the claimant could be involved in surveillance. This can include previous and current partners, children, and even landlords, who may be linked to the claimant. The government is, however, facing mounting pressure against the bill, which is being backed by the private sector.

Over 80,000 signatures have been collected so far in favour of a petition asking that the government stop scrutinizing bank accounts, and to preserve benefits claimants' dignity and privacy. There have also been concerns voiced by politicians regarding privacy and surveillance. 

According to a senior government official, the government is making an Orwellian "nightmare" come true, as the House of Lords is considering a bill that would allow officials to snoop on the bank accounts of benefit claimants. For the Department for Work and Pensions (DWP) to be able to track fraud and errors among those claiming benefits, the Data Protection and Digital Information Bill would compel banks to provide the Department with data to assist in finding fraud and errors. 

In the House of Lords, it has now passed its second reading, which means it has passed its second reading in parliament. In his speech, Sir Prem Sikka told the House of Lords that George Orwell's iconic novel 1984, first published in 1949, proclaimed Big Brother to be the spectre of the future. 

A newly elected Conservative government has now given shape to this nightmare by allegedly rolling back many of the policies and programs of the state. As a result of the government's actions, the right of people to protest and withdraw their labour has already been undermined. The sick, disabled, elderly, poor, unfortunate, and everyone else there is on the streets are now subjected to snooping and 24/7 surveillance of their bank accounts, building societies, and other accounts without a court order.

Cash is resurging as a means of sending a reassuring message to those who have fled data to ensure that users are not alone in our flight. After the Facebook generation began to realise that posting photos of themselves getting sloshed on the internet was a mistake in an attempt to make their future bosses rethink their claims of loving nothing more than a quiet night in front of the TV, they soon stopped posting photos of themselves getting sloshed on the internet. The convenience and ease of buying everything on the go with a phone are now being less attractive for Millennials as they begin to realize that banks are watching their every move.
Read more »
data security
Bank Security Banking CSI Cyber Security CyberCrime data security

Bankers Worried About Data Security, CSI Research Suggests

Research published by Consumer Services (CSI) reveals increasing threats among bank executives in hiring new talent and facing cybercrime threats as a challenge. The survey received 279 executive responses from the banking sector nationwide, bankers listed cybersecurity dangers (26%) and hiring employees (21%) as the top problems in 2022. 

The survey results, suggesting respondents from different bank asset sizes, provide an alternate look into how these organizations tackle concerning issues like compliance, technological innovations, and customer expectations. 

For example, to improve user experience and increase market shares, banks are promoting the use of digital tools, like account opening (51% responses), customer relationship management (43% responses), and digital loans (36% respondents). 

CSI is a leading fintech, regtech, and cybersecurity solutions partner operating at the intersection of innovation and service. It excels at driving the business forward with a unique blend of cutting-edge technology, effortless integration, and a commitment to authentic partnerships defined by our customer-first culture. 

Customers have raised the bar in expectations from banks, and the latter should respond accordingly, says David Culbertson, CSI president, and CEO. The data is paired with banks' aspirations to improve digital tools, the banking industry is moving towards a digital-first mindset and aiming for digital advancement. Interestingly, bank leaders also aspire to open banking for growth, particularly for digital progress. 

The latest research suggests how banking institutes measure their personal growth in the rising digital landscape scenario. "For example, although executives on average rated their institutions a healthy 4/5 on compliance readiness, regulatory changes remain top of mind, with 14% of respondents naming it their primary concern.," reports HelpNet Security. 

Keeping the new administration in mind, bankers have mentioned "data privacy" (39% responses) and CECL (20% responses) as the most needed measures for banking institutions. "The continuation of remote work will make this a critical component, along with new asset types such as cryptocurrencies being adopted, and increasing privacy regulations. 

On the other hand, ransomware is expected to remain a challenge alongside a bigger looming threat from quantum computing, which holds the potential to defeat modern encryption systems," reports HelpNet Security.

Read more »
Trojan
Anubis Banking Banking Trojan Crypto Wallet Digital Banking Financial Data Hacking malware Orange Telecom Trojan

Anubis Trojan Targeted 400 Banks’ Customers

 

A malicious app disguised as the official account management portal for French telecom giant Orange S.A. is targeting customers of Chase, Wells Fargo, Bank of America, and Capital One, as well as almost 400 other financial institutions. 

According to researchers, this is only the beginning. Researchers at Lookout cautioned in a recent report that once downloaded, the malware - a version of banking trojan Anubis – collects the user's personal data and uses it to mislead them. And it's not just huge bank customers that are at risk, according to the researchers: Crypto wallets and virtual payment networks are also being targeted.

The Lookout report stated, “As a banking trojan malware, Anubis’ goal is to collect significant data about the victim from their mobile device for financial gain.”

“This is done by intercepting SMSs, keylogging, file exfiltration, screen monitoring, GPS data collection, and abuse of the device’s accessibility services.” 

The malicious version of the Orange Telecom account management software was uploaded to the Google Play store in July 2021 and then removed, but analysts believe this was only a test of Google's antivirus defences and that it could reappear shortly. 

The report added, “We found that obfuscation efforts were only partially implemented within the app and that there were additional developments still occurring with its command-and-control (C2) server. We expect more heavily obfuscated distributions will be submitted in the future.” 

New Anubis Tricks 

The malicious version of the Orange Telecom account management software was uploaded to the Google Play store in July 2021 and then removed, but analysts believe this was only a test of Google's antivirus defences and that it could reappear shortly. 

The banking trojan connects to the command-and-control (C2) server after being downloaded on the device and downloads another application to start the SOCKS5 proxy. 

“This proxy allows the attacker to enforce authentication for clients communicating with their server and mask communications between the client and C2. Once retrieved and decrypted, the APK is saved as ‘FR.apk’ in ‘/data/data/fr.orange.serviceapp/app_apk,'” the researchers stated.

The user is then prompted to disable Google Play Protect, giving the attacker complete control, according to the research. Banks, reloadable card businesses, and cryptocurrency wallets are among the 394 apps targeted by fr.orange.serviceapp, according to the researchers. 

The Anubis client was linked back to a half-completed crypto trading platform, according to the Lookout team. 

Anubis, which was first discovered in 2016, is freely available as open-source code on underground forums, along with instructions for budding banking trojan criminals, according to the research. 

According to Lookout, the basic banking trojan has added a credential stealer to the mix in this current edition of Anubis code, putting logins for cloud-based platforms like Microsoft 365 in danger. 

As per Kristina Balaam, a security researcher with Lookout, the Lookout team was unable to discover any successful attacks linked to the Orange S.A. campaign. 

“While we can’t be certain whether the app has been used in a successful attack, we do know they are targeting U.S. banks including Bank of America, U.S. Bank, Capital One, Chase, SunTrust and Wells Fargo,” Balaam stated.
Read more »
DDoS
Banking Cybersecurity DDoS

Hackers launch DDoS Attacks to Target Australian Banks


Hackers threatening banks in Monero to pay large amounts of money, and if the demands are not met, hackers have blackmailed to launch DDoS attacks against the banks. Since last week, bank corporations and different organizations in the financial sector in Australia have become the target of DDoS extortion campaigns.

A hackers group is blackmailing the victims to pay heavy amounts as a ransom. The attackers threaten to conduct a DDoS (Distributed Denial of Service) attack unless they are paid with XMR cryptocurrency in Monero. A security threat has been sent out by ACSC (Australian Cyber Security Centre) to inform the public about the attack. According to ACSC, none of the hackers have launched any attacks, nor has there been any news of DDoS attacks. The current evidence serves as proof of this claim.


DDoS Campaign Began in 2019 

 The Global Ransom Denial of Service (DDoS), a campaign that started in October 2019, is responsible for launching the attacks on Australian financial organizations. According to ZDNet, earlier ransom efforts targeted financial companies and the banking sector. But over time, these attacks expanded and reached out to other industries. The list of nations who were the victims of the ransom threat is the banking sector in South Africa and Singapore, the telecom sector in turkey, ISP providers in South Africa and gambling websites in South Asian countries.

The ransom demands kept going on, and the attackers systematically extended the campaigns to 10 different countries across the world. Some of the attacks were successful but not all of them, as it would have been near to impossible to launch an all-out DDoS resource attack against each party. According to claims of ZDNet, it confirms that numerous attacks launched against the parties as a part of the campaign were successful.

The Group keeps changing names 

 The group responsible for these attacks kept changing their identity to prevent being identified by the authorities. At first, they used Fancy Bear, the Russian hackers' group responsible for the 2014 White House Attack and 2016 DNC hack. After that, they used Cozy Bear, another Russian hacking group which is also infamous for the 2016 DNC attack.
Read more »
Trojan
Banking malware McDonald Trojan

A Trojan that Steals User's Banking Information via Fake McDonald Coupons


Spread via malvertising attacks, the banking trojan fools its victims through fake McDonald's coupons as a bait. This came into notice when banking details of Latin American buyers were tried to steal. The trojan discovered by experts at ESET is known as Mispadu, and it is similar to other trojans like Casbaneiro and Amavaldo that are found in Latin America. The trojan uses a remote crypto key for covering its original language. Mispadu targets users from Mexico and Brazil.


False McDonald’s tokens are used to lure the customers- 

 The process consists of using bogus McD offer tokens as bait. These discount vouchers are either sent through spam e-mails or facebook ads which when clicked, takes the user to the primary site of the coupon. When the user clicks the button to get the coupon, they are displayed with an MSI option. The hacker uses this MSI installer to start a command that deciphers and performs an initializing course which allows them to connect to a remote server. "The trojan was also detected when working on a harmful Chrome version. It's built to shield the Google Chrome network to instead affect its victims' devices through the support of JavaScript," confirms ESET's inquiry.

Loots banking and personal information- 

 Once the malware successfully invades a system, Mispadu uses false popup notifications to convince possible targets to share personal data. The primary aim of the trojan is to obtain critical system knowledge like- commonly used Latin American banking apps menu and downloaded safety products. The trojan also steals information from several network browsers and e-mail consumers. This includes Google Chrome, Mozilla Firefox, Outlook, Internet Explorer, and many more.

"Mispadu can also steal crypto funds like Bitcoins using a technique like a clipboard hijacking. But fortunately, no such case has appeared to date," says ESET. The elements of the Google Chrome expansion that the trojan uses for sharing can also collect users' transaction information and debit card data through various sites by scouring the information from data application lists. "For securing a backdoor entry in your device, Mispadu can automatically capture a screenshot, regulate your keyboard and mouse controls, and recover commands," say the experts.
Read more »
SCA checks
Banking Banking fraud Banking Phishing Customer Data customer privacy SCA checks

Banking customers are tricked by SCA checks

Online scammers are using changes to European banking rules around customer authentication to trick consumers into handing over their sensitive financial details, according to Which?

The consumer rights group warned that attackers are spoofing the emails being sent from banks, payment firms and e-commerce providers asking for up-to-date info, as part of new Strong Customer Authentication (SCA) requirements.

Firms across the EU are gearing up for the changes, part of PSD2, which will require a form of two-factor authentication on any online transactions over €30, although some exceptions apply.

Ironically, payments providers and e-commerce firms in the UK have been given a further 18 months to comply with the new rules, originally set for a September 14 deadline.

Yet that hasn’t stopped the scammers: Which? claimed it has already spotted phishing emails imitating emails from Santander, Royal Bank of Scotland (RBS) and HSBC.

Urging the recipient to update their banking information ahead of “new procedures,” they include links designed to take the victim to a legitimate-looking page designed to harvest banking details.

Which? argued that in many cases, legitimate brands are making it harder for consumers to spot phishing emails, by including links in their own emails, and by using multiple unusual domains for various landing pages.

The group claimed that 78% of its members think banks and other financial firms should never include links in emails, to make phishing attempts easier to spot.

Tripwire VP, Tim Erlin, agreed, arguing that companies can’t simultaneously tell customers not to follow links in emails but then continue to send them emails urging them to click through.

“As long as banks send legitimate emails as a means of communicating with customers, scammers will attempt the same with fake emails,” he added.

“Email as implemented today is a terrible system for conducting business. While attempts have been made to improve the technology, none of them have taken hold.”
Read more »
Loans
Banking China Cyber Security Jack Ma Loans

Chinese Banking Has A New Edge; Jack Ma Behind The Latest Developments!




Jack Ma is associated with one of the leading economies of the world.The risk management system employed by Jack Ma’s banking endeavors analyses over 3,000.

Per sources his company has lent around $290 billion to over 15 million small companies where the borrowing party could receive the cash almost immediately, with just a few taps.

The entire process requires no human forces and gets completed in around 3 minutes with a default rate of around 1%.

Earlier the small borrowers were rejected but thanks to MYbank and its associates the new form of payments is coming in real handy.

With the slow pace of China’s economy it gets imperative to keep a check on the risks and defaults.
Around two-third of the country’s small businesses couldn’t access loans, according to National Institution for Finance & Development.

But thanks to Jack Ma’s initiatives the lending and borrowing procedures of China are now seeing monumental growth.

Mybank’s lending app has created a real difference. By allowing the bank to access the store transaction data, some small loans have been covered.

Read more »
Subscribe to: Posts (Atom)