The PhishLabs Blog

Taking Fraud Protection on the Offensive

Posted by Jenny Dowd on May 5, '16

Cyber criminals use phishing to go after personal information such as an account number, password, username or social security number and use that information to take control of your account. Phishing attacks are cheap, easy to execute, and difficult to stop. In 2015, we analyzed more than one million confirmed malicious phishing sites that resided on over 130,000 domains, and we shut down more than 6,000 phishing attacks every month. But online fraud isn’t limited just to phishing. There are a multitude of other techniques cybercriminals also use to take over accounts and carry out fraud, including  phone scams, malicious mobile apps, text message scams, and – of course – malware.

Read More

Topics: ATO, Spear Phishing

FFIEC issues new guidance on mobile risks

Posted by Stacy Shelley on May 2, '16

This past Friday, the Federal Financial Institutions Examination Council (FFIEC) released new guidance to banks, credit unions, and other financial institutions regarding mobile financial services (MFS). These are the services that institutions provide to their customers through mobile devices, such as electronic payments, remote deposits, mobile apps, etc.

Read More

Topics: ATO, Mobile, Compliance, FFIEC

Malware Free Hackers, Bluetooth Skimming, Charity Website Targeting, and more | TWIC - September 18, 2015

Posted by Lindsey Havens on Sep 18, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, PhishLabs, Backdoors, Strategy, Hacker Tools, The Week in Cybercrime, ATO, Data Breach, Hacked

Health Insurance Hack, Firefox Bugs, Internet Satellite Hijacking, and more | TWIC - September 11, 2015

Posted by Lindsey Havens on Sep 11, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, PhishLabs, Hacker Tools, The Week in Cybercrime, ATO, Account Takeover, Data Breach, Hacked, Spear Phishing

Did FFIEC guidelines curb account takeover? Survey says…

Posted by Lindsey Havens on Sep 9, '15

In a recent study conducted by Info Security Media Group (ISMG), respondents indicated that, despite efforts to comply with updated authentication guidance set forth by the Federal Financial Institutions Examination Council (FFIEC), account takeover (ATO) has not decreased. In fact, 71 percent of respondents said that account takeover incidents either stayed the same or increased over the past year.

Read More

Topics: Fraud, ATO, Account Takeover

Drive-By Downloads, Zero-Day Exploitations, Personal Phishing Attacks, and more | TWIC - July 2, 2015

Posted by Lindsey Havens on Jul 2, '15

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, Adobe, Hacker Tools, The Week in Cybercrime, ATO, Hacked

Vawtrak Gains Momentum and Expands Targets


Vawtrak is the security industry's name for the latest version the 64-bit compatible Gozi Prinimalka Trojan, a family of malware first conceived in the mid-2000's. Recently, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) has uncovered new developments in the latest Vawtrak configurations that indicate it is a much more substantial threat than it was a few months ago.

What You Need to Know

Read More

Topics: Malware, Threat Analysis, Threat Intelligence, Trojan, ATO, Vawtrak

The 3 reasons why account takeover is still a big problem

Posted by Stacy Shelley on Jul 15, '14

There's been a lot of buzz in financial industry media and conference tracks lately about account takeover, or ATO. And financial institutions are rightly concerned. According to a study conducted last year, losses due to ATO fraud have grown 69% and account for more than $4.6 billion in losses (yes, that's billion with a B). 

The growth in ATO is counter-intuitive. Financial institutions have been beefing up online banking controls since the FFIEC issued their Supplement to Authentication in an Internet Banking Environment back in 2011. You would think those sector-wide improvements in authentication and other fraud prevention controls would have stemmed the ATO tide, but they clearly have not done so.

Which begs the question: Why is ATO still a huge problem for banks, credit unions, and their customers?

Read on to get some answers.

Read More

Topics: Strategy, ATO, Account Takeover

ATO|Prevent: A new approach to curbing account takeover fraud

Posted by John LaCour on Jul 10, '14

I'm very excited to announce that we've launched a new, comprehensive service for community banks and credit unions that goes beyond internal anti-fraud controls to stop account takeover. It's called ATO|Prevent, and we developed it because it's plainly evident that these defensive controls no longer pose a major barrier to cybercriminals seeking to takeover online banking accounts and carry out fraud. 

In fact, we believe that just playing defense against these attacks is a losing battle. The simple truth is that you aren't going to win many fights if you don't fight back. That's why we created ATO|Prevent -- to proactively fight on the behalf of banks and credit unions against the attacks that lead to account takeover fraud. 

Read More

Topics: Company News, ATO, Account Takeover

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all