Cyber criminals use phishing to go after personal information such as an account number, password, username or social security number and use that information to take control of your account. Phishing attacks are cheap, easy to execute, and difficult to stop. In 2015, we analyzed more than one million confirmed malicious phishing sites that resided on over 130,000 domains, and we shut down more than 6,000 phishing attacks every month. But online fraud isn’t limited just to phishing. There are a multitude of other techniques cybercriminals also use to take over accounts and carry out fraud, including phone scams, malicious mobile apps, text message scams, and – of course – malware.
Taking Fraud Protection on the Offensive
Topics: ATO, Spear Phishing
FFIEC issues new guidance on mobile risks
This past Friday, the Federal Financial Institutions Examination Council (FFIEC) released new guidance to banks, credit unions, and other financial institutions regarding mobile financial services (MFS). These are the services that institutions provide to their customers through mobile devices, such as electronic payments, remote deposits, mobile apps, etc.
Topics: ATO, Mobile, Compliance, FFIEC
Malware Free Hackers, Bluetooth Skimming, Charity Website Targeting, and more | TWIC - September 18, 2015
Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Topics: Phishing, PhishLabs, Backdoors, Strategy, Hacker Tools, The Week in Cybercrime, ATO, Data Breach, Hacked
Health Insurance Hack, Firefox Bugs, Internet Satellite Hijacking, and more | TWIC - September 11, 2015
Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Topics: Phishing, PhishLabs, Hacker Tools, The Week in Cybercrime, ATO, Account Takeover, Data Breach, Hacked, Spear Phishing
Did FFIEC guidelines curb account takeover? Survey says…
In a recent study conducted by Info Security Media Group (ISMG), respondents indicated that, despite efforts to comply with updated authentication guidance set forth by the Federal Financial Institutions Examination Council (FFIEC), account takeover (ATO) has not decreased. In fact, 71 percent of respondents said that account takeover incidents either stayed the same or increased over the past year.
Topics: Fraud, ATO, Account Takeover
Drive-By Downloads, Zero-Day Exploitations, Personal Phishing Attacks, and more | TWIC - July 2, 2015
Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Topics: Phishing, Adobe, Hacker Tools, The Week in Cybercrime, ATO, Hacked
Vawtrak Gains Momentum and Expands Targets
Vawtrak is the security industry's name for the latest version the 64-bit compatible Gozi Prinimalka Trojan, a family of malware first conceived in the mid-2000's. Recently, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) has uncovered new developments in the latest Vawtrak configurations that indicate it is a much more substantial threat than it was a few months ago.
What You Need to Know
Topics: Malware, Threat Analysis, Threat Intelligence, Trojan, ATO, Vawtrak
The 3 reasons why account takeover is still a big problem
There's been a lot of buzz in financial industry media and conference tracks lately about account takeover, or ATO. And financial institutions are rightly concerned. According to a study conducted last year, losses due to ATO fraud have grown 69% and account for more than $4.6 billion in losses (yes, that's billion with a B).
The growth in ATO is counter-intuitive. Financial institutions have been beefing up online banking controls since the FFIEC issued their Supplement to Authentication in an Internet Banking Environment back in 2011. You would think those sector-wide improvements in authentication and other fraud prevention controls would have stemmed the ATO tide, but they clearly have not done so.
Which begs the question: Why is ATO still a huge problem for banks, credit unions, and their customers?
Read on to get some answers.
Topics: Strategy, ATO, Account Takeover
ATO|Prevent: A new approach to curbing account takeover fraud
I'm very excited to announce that we've launched a new, comprehensive service for community banks and credit unions that goes beyond internal anti-fraud controls to stop account takeover. It's called ATO|Prevent, and we developed it because it's plainly evident that these defensive controls no longer pose a major barrier to cybercriminals seeking to takeover online banking accounts and carry out fraud.
In fact, we believe that just playing defense against these attacks is a losing battle. The simple truth is that you aren't going to win many fights if you don't fight back. That's why we created ATO|Prevent -- to proactively fight on the behalf of banks and credit unions against the attacks that lead to account takeover fraud.
Topics: Company News, ATO, Account Takeover