Security Tips

Security Tips on Financial Frauds, Scams, and Security Related Mattes Viz latest scams, fraud and security center.

Technology has become integral part of finance industry with the growing digitization concept. Simultaneously, digitization has detrimental effect which gives a rise to financial fraud, and scam and results in the damage of institution reputation, loss of finance, and loss of crucial information of organization, it’s associated vendor and customers.

Cybercrime is evolving and growing fast and has become sophisticated as cybercriminals can rely on online tools available in online criminal marketplace. In this scenario, the bank has decided to provide knowledge on recent cybercrimes and aware and prevent from falling victim and facing hazardous consequences.

Banking Trojan

With the growing people relying on banking online, a malware has been created to harvest banking credentials and other sensitive financial and personal information stored by remotely installing malicious software on a victim’s computer system. Mostly the entry point for the attacker is a text message or email with an embedded phishing link. When a computer is infected with a banking Trojan, the user does not know that their PC is compromised. Use of Google Play Store is on rise to deliver banking malware embedding Trojan in decent applications using a dropper.

Banking Trojan Uses:

1. To steal data from computers that are used to process credit card transactions
2. Once the application is downloaded attacker aims to have accessibility permission.

Spot Banking Trojan:

1. Failed login attempts the first time you attempt to log in despite the password being entered correctly
2. A fan that is constantly running or a hard drive that is always spinning
3. Unexpected pop-up window is a sign of infected system
4. Missing files or users
5. Email or other accounts are hijacked
6. Anti-virus stopped working and application are taking a long time to start or won’t work at all

Stop Banking Trojan:

1. Download apps and files only from trusted sources
2. Use all security features that banks offer
3. Before entering login credentials compare the login page and confirm that it’s authentic
4. Keep security, application, and utility software updated
5. Use two-factor authentication whenever that option is available

Phishing

Phishing attack is the most common cyber threat and occurs when an attacker masquerades themselves as a trusted entity and dupes a victim into opening an email. Mostly, the employees are compromised in order to bypass security perimeters, or to gain privileged access to secured data by gaining trust., The hacker then delivers a link that is loaded with malware that scrapes PC or mobile phones. Moreover, the hacker motive could be freezing the system as a part of ransomware attack or leakage of sensitive information.

Spot Phishing Scam:

1. Scammers pretending to be from well-known organization ask for personal or banking information
2. Scammers tend to play with your emotion, creates a sense of urgency, pressurize you to follow the instruction provided, or try to build a trust

Stop Phishing Scam:

1. Avoid all unsolicited emails, or SMS and contacting bank if in case you have share confidential information
2. Verify the legitimate sender/caller using https://www.nicasiabank.com/contact-us

Bank will never ask for confidential information such as account number, OTP code, transaction PIN via phone, SMS or email.

Vishing

Vishing is an attack that uses fraudulent phone numbers and voice-altering software to trick users into divulging sensitive information. The scammer usually starts with a message which contains a phone number to convince victim that they are calling from the government, tax department, police or the victim’s bank. Visher uses the computer-generated voice messages to remove accents and build trust.

Spot Vishing:

1. A message to trick users and prompts them to connect back to malicious actor or to open an attacker-controlled website
2. Use of the threats, pervasive language and forceful conversation to make victims realize that they have no other option but to provide the information being asked.
3. The caller, who purports to be a support agent instructs the individual to follow the instructions and gains extensive permissions.

Stop Vishing:

1. If you suspect that the call is a vishing scam at any point, hang up and block the number.
2. Everyone should visit the legitimate website and confirm the contact details.
3. Don’t provide your phone number to any emails or social media.

Bank will never ask for confidential information such as account number, OTP code, transaction PIN via phone, SMS or email.

Money Mules

Money mule is a person who receives money from third party in their bank account and transfer it to another one. They exist to help launder proceeds with online scams and frauds or crimes. Money muling is a type of money laundering. The illegal money often comes from criminal activities like phishing, malware attacks, online auction fraud, e-commerce fraud, business e-mail compromise (BEC) and CEO fraud.

Money mules are recruited through:

1. Legitimate job offers (e.g. ‘money transfer agents’) provide via online job forums, emails, social media or pop-up ads.
2. Direct message using instant messaging apps (e.g. WhatsApp, Viber, Telegram)
3. Directly in person

Money mule target those individuals:

1. Often newcomers in the country, unemployed people, students and those people who are having economic crisis.
2. Most of the time individuals of age 12 to 21 years or people under 35 are targeted.

Avoid Money Mules:

1. Never allow any unknown or third party to use your account.
2. Never share account bank details i.e. Internet Banking user name and/or Password, ATM card, PIN Number or TAC to a third party.
3. Never respond and click on the links from the suspicious email received and informing the cyber bureau.
4. Be alert to any job offers which promise easy money. Those accounts can be taken down by informing the platform provider.
5. Decline the offer received in person and informing the police.
6. Stop transfer of money immediately if have any suspect of you being caught in a money mule or money laundering scheme and report it to the bank or payment provider and eventually to the cyber bureau.

Social Engineering

Social engineering also called “human hacking” relies on human error rather than vulnerabilities in software and operating systems. SE tactics is increasing and these attacks are getting more frequent, more sophisticated and make up three-quarters of fraudulent transactions. A scammer poses as a trusted entity exploit the email, social media and even face-to-face interaction and trick into transferring money to a bank account under their control, expose valuable data, spread malware infection, and give access to restricted systems.

Social Engineering Procedure:

1. Sending a malware-laced attachment using legitimate process with an aim to compromise the victim system’s
2. Sending a link which will redirect to a bogus website or page under their control and tricks them into following instruction

Indicators of Social Engineering:

1. Sender often resemble the email address with the legitimate one but with some character missing or altered.
2. Most of the time they use a generic greeting like “Dear Valued Customer” or “Sir/Ma’am” and misses contact details in the closure of the email
3. Message with poor grammar and sentence structure, misspellings, inconsistent formatting

Avoid Social Engineering:

1. Use phone or computer in normal user mode rather than in administrator mode unless necessary
2. Use of different password for different accounts can prevent the likelihood of falling a victim
3. Be extra cautious about your digital footprint. Over-sharing personal information online triggers attackers.

Bank will never ask for confidential information such as account number, OTP code, transaction PIN via phone, SMS or email.