Tag Archives: fraud

Weekly Cyber Security Update: 17th August 2018

Posted by on August 17, 2018 0 Comment

This post is a weekly cyber security update for the 17th of August 2018. This post is part of the weekly news series on cybersecurity with content curated by the hackers & experts at Security Brigade.

Second Quarter 2018 Top-Clicked Phishing Email Subjects
The Top 10 Most-Clicked General Email Subject Lines Globally for Q2 2018 include:
1. Password Check Required Immediately (15%)
2. Security Alert (12%)
3. Change of Password Required Immediately (11%)
4. A Delivery Attempt  (10%)
5. Urgent Press Release to Employees (10%)

Top Social Media Email Subjects Phishing Security Brigade

Read More

Hackers Steal $13.5 Million from Indian Bank in ATM Scheme
The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.
According to the FBI alert: “Historical compromises have included small-to-medium size financial institutions, likely due to the less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities. The FBI expects the ubiquity of this activity to continue or possibly increase shortly.”
The FBI urged banks to review how they’re handling security, including password requirements and multi-factor authentication for local administrators and business-critical roles.
Read More

Sebi To Expand The Scope of Cybersecurity Initiatives For MIIs
Regulator Sebi is planning to broaden the scope of cybersecurity initiatives for the market infrastructure institutions (MIIs) and look into the operational modalities of their implementation to deal with the cyber challenges.
“Taking cognisance of the threat posed by technological developments in the Indian capital markets. With the rise of cyber threats in the financial domain across the globe, Sebi had laid down a detailed framework about cyber security and cyber resilience that stock exchanges, clearing corporations and depositories are required to adopt,” the regulator said in its annual report for 2017-2018.
Read More

Mamata Banerjee Unveils West Bengal’s IT Policy With a Focus On AI & Big Data Analytics
The new policy revolves around Cybersecurity, Internet-of-Things (IoT), 3D printing, big data analytics, animation and gaming besides, robotics, drones, fin tech, artificial intelligence, Industry 4.0, quantum computing and others.
“West Bengal has surged ahead economically and seeks to leverage IT for social welfare and economic development. The state’s vision is to become one of the leading states in India in the IT, ITeS, ICT (Information and Communication Technology) and ESDM (Electronic System Design and Manufacturing) sectors,” it said. “The policy strives to unlock the vast potential of the IT&E to design a paradigm shift in the sector, all the while fostering social welfare,” it said.
Read More

5 Steps to Avoid Phishing Scams in E-mail

Posted by on December 25, 2012 3 Comments

Anyone with an e-mail account, has at some point of time received phishing or scam e-mails. These range from Nigerian Princes to Local Banks requesting funds, assistance and so on. Some of these e-mails may be legitimate (sans the Nigerian prince), however most of these are a common technique known as phishing. Phishing scams are used by fraudulent scammers to get your personal information such as credit card details, username password, banking details and so on.

A friend of mine recently received an e-mail from his bank informing him that “his account was accessed from a blacklisted location and he should update his account information to avoid termination of services”. On opening the link, it presented him with an identical login form of the banks net-banking portal. Only this form asked for information such as Corporate ID, User ID, Login Password, Transaction Password, Mobile Number, Email Address and Email Password.

Phishing Evidence
Sample Phishing Page

Anytime you receive such e-mails, you should keep the following in mind:

  • Banks will never ask you to provide account or other personal identification information via email.
  • Banks will never ask you to click a link in-order to keep your account open.
  • Banks will never threaten to take immediate action unless you perform an act such as clicking a link etc.
  • Banks will never ask you to login with your e-mail account username & password.

Today, these sort of attacks commonly take place against e-mail accounts, social networking accounts and even targeted attacks against corporate users.

Here are 5 simple ways one can take to avoid becoming a victim to any such phishing attacks:

1. Avoid clicking links in phishing or scam mails and instead manually type them in a browser

Scammers often use links such as “baank.com” instead of the legitimate website “bank.com”. So it is recommended that you should manually type in the website link in the browser as opposed to clicking links in the email.

Fake-Link-300x108
Sample Phishing Mail – Fake Link

In the case where the e-mail seems urgent, you can always call the bank and confirm whether the e-mail was really sent by them.

2. Check the sender address in the phishing or scam mails

Scammers usually send phishing mails from addresses like “[email protected]” or “[email protected]”. So we can easily identify a phishing mail by making sure that the email received is from a legitimate sender.

Fake-Email
Sample Phishing Mail – Fake Email

You can refer to any previous e-mails sent by your bank and cross-reference the address in the suspicious e-mail.

3. Verify SSL (https://) authenticity on phishing or scam links

Generally, phishing links either have no SSL or use an invalid SSL certificate. This can be verified by simply viewing the link in the address bar of your browser and check if it starts with https:// instead of http://.

If the SSL certificate is not valid, then your browser will immediately show an error, in which case you need to stop browsing the link and report the e-mail to your bank.

Example of SSL certificate error in Firefox, Chrome and Internet Explorer are shown below:
SSL Certificate Error

4. Avoid replying with sensitive information to phishing or scam mails

Banks will never ask you to provide account or other personal identification information via email. Any email enforcing you to do so is most likely not legitimate and should be reported to your bank.

Banking details and login credentials should be communicate via telephone or through the legitimate website using proper SSL communication.

5. Keep your anti-virus up-to-date to detect and block phishing or scam mails

Most antivirus vendors have signatures that protects user against some common phishing attacks. Hence it is recommended that your anti-virus is kept up-to-date so that it would have the latest signatures and rule sets.

Also, it can prevent things such as a Trojan disguising your Web address bar or mimicking an https secure link. If your antivirus software is not up-to-date, you are usually more susceptible to attacks that can hijack your Web browser and put you at risk for phishing attacks.

For Windows users, we would recommend the free version of Microsoft Security Essentials available on the Microsoft website.

If you have or do come across any such phishing incident, you can report it to CERT-In (CERT-In (Cyber Emergency Response Team of India) at [email protected]