It will be impossible to completely stop scams from happening. While technology and better alertness will help to lower the number of successful incidents, some will inevitably slip through under the radar.
A recent study from Lloyds Bank las year claimed that an increasing number of millennials are falling for scams, with there being a four-fold increase in the number of 18 to 34-year olds being caught by impersonation scams in the past 12 months. This is causing a lot of financial losses for consumers, with the average victim in this age range losing £2,630 to scams. Regulators have been encouraging more action be taken in preventing these scams.
The FCA reminded investors to be more vigilant of scams after a combined total of £197m was lost to scams in 2018. A March 2020 deadline has also been issued by the UK’s Payment Systems Regulator for the six biggest British banks to implement a confirmation of payee scheme which aims to reduce push payment scams.
Importance on cybersecurity measures to prevent these types of attacks has been acknowledged by companies. A study from The Conference Board stated 70% of CEOs globally are increasing their cybersecurity budgets, despite online threats only ranking as their seventh biggest concern.
Even though the world is becoming more aware of online dangers, here are three scams which should probably have been averted or discovered a little quicker.
Canadian banks hit with two-year phishing campaign
Late last year, Check Point uncovered a phishing campaign which impersonated the Royal Bank of Canada (RBC) to trick consumers handing over their details.
The attack, which looked to go undetected for two-years, worked by sending a legitimate-looking email which contain a PDF document to various organizations and victims across Canada. The email bore the Royal Bank’s logo and contained an authorization code which consumers needed to renew to continue using RBC’s online banking service.
When a victim clicked the URLs in the document, they were sent to a phishing page which asked them to enter their RBC express credentials.
The criminals had replicated the RBC website by screenshotting the official website and adding invisible textboxes on top of the input fields to steal the user credentials. Once the victim ‘logs in’ they were taken to a registration page to enter the authorization code sent via the phishing email. Afterwards, they wait for a digital certificate claiming to register them for the online banking.
Check Point was able to uncover older documents dating back to 2017 using the same method. It also found over 300 look-alike domains which hosted phishing websites for banks including Wells Fargo, BMO Bank of Montreal, Desjardins Bank, Interac, Scotiabank and more.
In an announcement on its findings, Checkpoint said, “Looking into the detected artefacts revealed an ongoing phishing attack that has been going after customers of Canadian banks for at least two years. By sending highly convincing e-mails to their targets, constantly registering look-alike domains for popular banking services in Canada and crafting tailor-made documents, the attackers behind this were able to run a large-scale operation and remain under the radar for a long time.”
Scammers steal $1m by replicating websites
A group of hackers were able to steal $1m from an unnamed Chinese venture capital firm and an Israeli startup after they simply registered two web domains.
The alleged attack began a few months before an investment was due to be made from the investor to the startup. The scammers initially managed to compromise the Israeli startup’s email, enabling them to get details on the deal.
Following this, they registered two web domains, one pretending to be the VC and the other for the startup. For each fake website they simply added an s on the legitimate one.
The hackers then began sending each party an email pretending to be the other participant. This enabled them to alter details in whatever email they received and send it onto the other party. After 32 emails, the hackers had replaced the bank account information which was sent to the investors.
Unwittingly, the VC sent the seed investment funds to the fraudsters.
German bank OLB loses $1.65m following cloned debit cards
Oldenburgische Landesbank (OLB) was the victim of a fake-card fraud scam last year, where Brazilian criminals cloned customer credit cards and cashed out a total of $1.65m.
The reported incident took place in August 2019 and involved around 2,000 Mastercard debit cards issued by the bank.
It is not clear how the criminals in Brazil were able to obtain the information of the cards, which would be needed to complete the payments. The incident was even able to happen despite the cards being protected by chip-and-pin.
Mastercard came out with a statement confirming its network or EMV technology had not been compromised and no account of card data had been hacked.
Customers of the incident were refunded.
Copyright © 2018 RegTech Analyst
