Krebs on Security

NOVEMBER 16, 2022

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode , an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. com — which was created to phish U.S.

Malware 330

Malware Banking Phishing DDOS 330

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.

Scams 361

Scams Banking Passwords Authentication 361

Dark Reading

DECEMBER 7, 2020

A well-organized email spoofing campaign has been seen targeting financial services, insurance, healthcare, manufacturing, utilities, and telecom.

Accountability 105

Accountability Financial Services Phishing Insurance 105

Hacker Combat

SEPTEMBER 6, 2021

Hackers took advantage of the mishap to gain unauthorized access to email accounts and lots of customer’s data was exposed. Investment Research Advisors and Investment Research from Cambridge Investment were affected, as well as KMS, a registered financial services provider based in Seattle. .

Accountability 125

Accountability Hacking Financial Services Data breaches 125

Security Affairs

APRIL 30, 2020

Group-IB uncovered a new sophisticated phishing campaign, tracked as PerSwaysion, against high-level executives of more than 150 companies worldwide. . ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups.

Phishing 136

Phishing Accountability Financial Services Cloud Migration 136

Heimadal Security

OCTOBER 25, 2023

Threat actors use EvilProxy phishing-as-a-service (PhaaS) toolkit to target senior executives in the U.S. in massive phishing campaigns. EvilProxy is an adversary-in-the-middle (AiTM) PhaaS designed to steal credentials and take over accounts.

Phishing 105

Phishing Financial Services Insurance Manufacturing 105

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.”

Passwords 342

Passwords Mobile Authentication Banking 342

SC Magazine

MAY 6, 2021

Researchers on Thursday reported that despite a 50% increase in mobile device management (MDM) adoption during the past year, average quarterly exposure to phishing attacks on mobile devices in the financial sector rose by 125% – and malware and app risk exposure increased by more than five times.

Mobile 126

Mobile Phishing Banking Financial Services 126

Webroot

APRIL 22, 2025

Financial services industry: Banks, insurance companies and other financial organizations offer a wealth of opportunity for hackers who can use stolen bank account and credit card information for their own financial gain. They can open accounts in your name, apply for loans, and even file false tax returns.

Data breaches 71

Data breaches Identity Theft Passwords eCommerce 71

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported. Ahead of the U.S.

Accountability 98

Accountability Phishing Financial Services Surveillance 98

Security Affairs

MAY 10, 2022

“Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online-services to steal customer data.

Phishing 101

Phishing Banking Retail Financial Services 101

Hot for Security

MARCH 22, 2021

Security researchers have identified a new Microsoft 365 spoofing campaign that targets specific people in companies, trying to compromise peoples’ accounts such as C-suite executives and other essential positions from the retail, insurance and financial services industries.

Phishing 128

Phishing Financial Services Retail Insurance 128

The Last Watchdog

JULY 7, 2021

Credential stuffing is a type of advanced brute force hacking that leverages software automation to insert stolen usernames and passwords into web page forms, at scale, until the attacker gains access to a targeted account. Some deep, structural flaws persist in the way we use our web browsers and mobile apps to access online accounts.

Accountability 257

Accountability Mobile Passwords Authentication 257

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.” com (Cloudflare’s Web3 services).

Phishing 98

Phishing Energy and Utilities Insurance Manufacturing 98

Thales Cloud Protection & Licensing

AUGUST 31, 2022

Financial services continue to lead in cybersecurity preparedness, but chinks appear in the armor. It highlights the leadership of financial services in cybersecurity relative to other industries, but it also uncovers some surprising chinks in their cybersecurity armor. Thu, 09/01/2022 - 05:15.

Financial Services 62

Financial Services Cybersecurity Computers and Electronics Banking 62

Cisco Security

MARCH 23, 2021

This is what we covered in part one of this Threat Trends release on DNS Security, using data from Cisco Umbrella , our cloud-native security service. For example, those in the financial services industry may see more activity around information stealers; others in manufacturing may be more likely to encounter ransomware.

DNS 143

DNS Financial Services Manufacturing Healthcare 143

Adam Levin

NOVEMBER 17, 2020

Credit cards offer markedly better fraud protections than debit cards , which connect directly to your bank account. Virtual credit cards similarly allow online shoppers to mask their financial accounts. Many financial institutions offer free transaction alerts that notify you when charges hit your account.

Scams 243

Scams Retail Banking Passwords 243

Thales Cloud Protection & Licensing

APRIL 22, 2025

As automated traffic accounts for more than half of all web activity, organizations face heightened risks from bad bots, which are becoming more prolific every day. Simple, high-volume attacks have soared, now accounting for 45% of all bot attacks, compared to only 40% in 2023.

Digital transformation 62

Digital transformation Accountability Internet Internet 62

The Last Watchdog

MAY 24, 2021

billion hitting financial services organizations — an increase of more than 45 percent year-over-year in that sector. billion web app attacks last year, with more than 736 million targeting financial services. billion web attacks globally; 736 million in the financial services sector. A: Everything.

Financial Services 178

Financial Services Passwords Media Accountability 178

SecureList

FEBRUARY 23, 2022

The research in this report is a continuation of our previous annual financial threat reports ( 2018 , 2019 and 2020 ), providing an overview of the latest trends and key events across the threat landscape. The term is also used to describe malware seeking access to financial organizations’ IT infrastructures. Financial Phishing.

Banking 140

Banking Phishing Cryptocurrency Malware 140

The Last Watchdog

DECEMBER 21, 2021

Some 11,800 computer software companies, 10,000 IT services vendors, 5,500 health care organizations and 3,200 financial services firms continue to maintain on-premises Exchange email servers, according to this report from Enlyft. Best practices a must. At the moment, ransomware attacks are front and center.

Marketing 222

Marketing Financial Services Ransomware Software 222

Security Affairs

AUGUST 7, 2019

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July.

Insurance 110

Insurance Data breaches Financial Services Passwords 110

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication 113

Authentication Social Engineering Phishing Banking 113

Duo's Security Blog

NOVEMBER 20, 2023

Security professionals agree that passwords are low hanging fruit for cybercriminals and can even be the keys to the kingdom when the compromised passwords belong to privileged accounts. Add to this, the risks of weak authentication factors such as SMS one-time passcodes and dormant or inactive accounts.

Threat Detection 138

Threat Detection Authentication Accountability Data breaches 138

Malwarebytes

AUGUST 21, 2024

” Toyota and Toyota Financial Services have suffered several breaches in the past, so it’s hard to tell where and when the information was obtained more precisely. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Passwords 128

Passwords Manufacturing Data breaches Phishing 128

Responsible Cyber

NOVEMBER 23, 2024

The healthcare sector has been particularly hard-hit, accounting for over 30% of the total breaches. Financial services have also faced significant incidents, with many institutions relying heavily on third-party technology partners to deliver essential services.

Risk 81

Risk Healthcare Education Cybersecurity 81

SecureList

NOVEMBER 23, 2022

In this research, we analyze various types of threats, such as financial malware and phishing pages mimicking the world’s biggest retail platforms, banking and payment systems, and discuss recent trends. Over the first ten months of 2022, Kaspersky prevented 38,596,555 financial phishing attacks. Methodology.

Phishing 125

Phishing Banking Scams Retail 125

Duo's Security Blog

DECEMBER 19, 2024

Phishing is still one of the most common attack vectors, and the holidays provide an especially appealing time to launch an attack thats been supercharged by modern natural language processing models and novel QR codes. No industry is spared this phishing season, though some are targeted more often than others.

Phishing 64

Phishing Authentication Social Engineering Passwords 64

Centraleyes

DECEMBER 16, 2024

Verizons Data Breach Investigations Report showed that 74% of security breaches involve a human element, with system administrators and developers accounting for most of these errors. Attackers are becoming more organized, with ransomware-as-a-service (RaaS) operations providing easy access to malicious tools for even novice cybercriminals.

Cybersecurity 98

Cybersecurity Insurance Cyber Insurance Technology 98

Adam Levin

AUGUST 21, 2019

Bob from accounting goes on vacation with his laptop, and the next thing you know, millions of customers get hacked. Tortoises have no finances and, taken as a genus, they rarely have names and social media accounts. When they do have names and Instagram accounts, there’s a hackable human somewhere nearby.

Phishing 138

Phishing Accountability Hacking Cybersecurity 138

Malwarebytes

JUNE 14, 2024

In 2020, Truist provided financial services to about 12 million consumer households. Bank Transactions: Data including customer names, account numbers, and balances. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Data breaches 118

Data breaches Banking Passwords Phishing 118

Security Affairs

MAY 28, 2020

The report includes recent findings on government-backed phishing, threats, and disinformation campaigns, as well as information about actions the tech giant has taken against accounts coordinated influence campaigns. . A first scaring trend reported by Google is the rising of hack-for-fire companies currently operating out of India.

Hacking 109

Hacking Advertising Healthcare Financial Services 109

SecureList

MARCH 31, 2021

Even though, in 2020, we have seen ever more sophisticated cyberattacks, the overall statistics look encouraging: the number of users hit by computer and mobile malware declines, so does financial phishing. In this research, by financial malware we mean several types of malevolent software. Financial phishing.

Banking 145

Banking Phishing Malware Mobile 145

Malwarebytes

JULY 19, 2024

Financial services had the most breaches, followed by healthcare. 80 supply chain attacks accounted for 446 affected entities and over 10 million victims. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. Take your time.

Data breaches 123

Data breaches Passwords Identity Theft Phishing 123

Security Affairs

JUNE 18, 2020

” The malware is distributed through phishing attacks that attempt to trick victims into visiting websites that use exploits to inject Qbot via a dropper. Below the typical Qbot infection chain: Qbot is loaded into the running explorer.exe memory from an executable introduced via phishing, an exploit’s dropper, or an open file share.

Banking 137

Banking Malware Advertising Financial Services 137

CyberSecurity Insiders

JANUARY 31, 2022

While claiming responsibility for the ransomware attack on Kaseya VSA that closed hundreds of supermarket stores for several days, the quarter saw the REvil/Sodinokibi family of ransomware continue to lead in its pervasiveness as it had in Q2, accounting for nearly half of Trellix’s ransomware detections. infrastructure. Sector Activity.

Financial Services 52

Financial Services Ransomware Retail Cyber threats 52

Centraleyes

MARCH 13, 2025

If you’re part of the financial services ecosystem hereor interact with businesses regulated by the New York State Department of Financial Servicesyouve likely come across the NYDFS Cybersecurity Regulation. phishing attacks), and their specific roles in protecting sensitive information.

Cybersecurity 52

Cybersecurity Financial Services Risk Encryption 52