High street banks are losing the battle against fraud as criminals switch tactics to directly target customers . Efforts by lenders to bolster their IT defences against hackers have simply encouraged fraudsters to bombard individual customers with scams , according to Financial Fraud Action UK . Despite investing millions in tackling fraud , losses from fraud rose last year as banks became less effective at preventing scams . Financial Fraud Action UK said this was ‘ largely due to criminals shifting their methods away from using malware attacks on online banking systems , which bank security processes identified ’ . Increasingly , it said , fraudsters are focussing on targeting individuals directly , which is harder for banks to stop . The report said the main ploy used by criminals is the ‘ impersonation and deception scam ’ whereby they pretend to be Attack.Phishing from a ‘ legitimate and trusted organisation ’ such as a bank , the police , a utility company or a government department . These scams typically involve the fraudster contacting Attack.Phishing the customer through a phone call , text message or email . Often the fraudster will claim Attack.Phishing there has been suspicious activity on an account , ask the individual to verify or update their account details , or claim Attack.Phishing they are due a refund . The criminal then attempts to trick Attack.Phishing the target into giving away their personal or financial information , such as passwords , payment card details or bank account information . Financial Fraud Action UK – which represents banks - said its intelligence suggests criminals have also recently increased their focus on ‘ phishing ’ emails claiming to be Attack.Phishing from major online retailers and internet companies . It warned these emails are an ‘ increasingly sophisticated ’ attempt to trick Attack.Phishing recipients into giving away personal and financial details , or into downloading malware software which hacks into their computers . Several banks have been targeted by high profile cyber attacks that have attempted to exploit weaknesses in their IT systems . Last November criminals launched an online attack against Tesco Bank that resulted in the loss of £2.5million from 9,000 accounts . Others to have been targeted include Royal Bank of Scotland and NatWest , Lloyds and HSBC . The threat to Britain ’ s financial infrastructure from persistent cyber-attacks prompted chancellor Philip Hammond to commit an extra £1.9billion in the autumn statement to boost Britain ’ s defences against the growing online threat .

Cybersecurity experts and companies on Long Island are looking for ways to shore up the weakest link on company computer networks : the employee . Local cybersecurity professionals are creating interactive comic books , testing employees with simulated phishing emails — tailored messages that seek to obtain key information , such as passwords — and seeking to convince top executives that the threat of business disruption from hacking requires their attention . “ The biggest problem is not the technology ; it ’ s the people , ” said Laurin Buchanan , principal investigator at Secure Decisions , a division of Northport software developer Applied Visions Inc. Sixty percent of cyber-assaults on businesses can be traced to insiders ’ actions , either inadvertent or malicious , according to a 2016 study by IBM Security . The average cost of a data breach Attack.Databreach for U.S. companies is $ 7.4 million , or $ 225 per lost or stolen record , a June 2017 study by IBM and the Ponemon Institute , a Traverse City , Michigan , researcher , found . Costs related to data breaches Attack.Databreach can include the investigation , legal costs to defend against and settle class-action lawsuits , credit monitoring for affected customers , and coverage of fraud losses . Harder to gauge is the cost to a company ’ s reputation . One of the largest hacks Attack.Databreach ever was disclosed this month , when credit reporting company Equifax Inc. revealed that sensitive data from 143 million consumers , including Social Security numbers and birth dates , was exposed Attack.Databreach . A stock analyst from Stifel Financial Corp. estimated that the attack will cost Equifax about $ 300 million in direct expenses . Investors seem to think the incident will have a much greater impact on At a seminar in Garden City this month , Henry Prince , chief security officer at Shellproof Security in Greenvale , explained how in a ransomware attack Attack.Ransom — one of many types — cybercriminals can buy specialized tools such as those used to send Attack.Phishing phishing emails . The easy availability of that software means that hackers require “ no programming experience , ” Prince said . Phishing emails can be blocked by company email filters , firewalls and anti-virus software . But if one gets through Attack.Phishing and an employee clicks on the link in the phishing email , the business ’ network is compromised . Hackers can then encrypt files , preventing access to them by the company and crippling the business , Prince said at the seminar . Hackers then can demand payment Attack.Ransom , typically in an untraceable cryptocurrency like Bitcoin — a digital asset that uses encryption — before agreeing to decrypt the files . “ Ransomware is a business to these people , ” Prince said . “ Ninety-nine percent of the time , ransomware requires user interaction to infect. ” Della Ragione echoed that sentiment : “ The greatest risk at a company is the employees . Training employees is one of the best steps in shoring up your defenses. ” In response , many local experts and companies focus on teaching employees how to resist hackers ’ tricks . Secure Decisions has developed interactive comics to teach employees ways of detecting “ phishing ” emails and other hacking attempts . The company has gotten more than $ 1 million for research related to the interactive comic project , known as Comic-BEE , from the Department of Homeland Security , as well as a grant for $ 162,262 from the National Science Foundation . The comics , inspired by children ’ s “ Choose Your Own Adventure ” books , feature different plots depending on the reader ’ s choices . “ If you can give people the opportunity to role-play , some of the exhortations by the experts will make more sense , ” Buchanan said . The comics are being field-tested at several companies and Stony Brook University . They were featured in July at a DHS cybersecurity workshop in Washington , D.C. Radu Sion , a computer science professor at Stony Brook and director of its National Security Institute , which studies how to secure digital communications , acknowledged that security is far from a priority for most users . “ Ultimately , the average Joe doesn ’ t care , ” he said . “ You [ should ] treat the vast majority of your users as easily hackable. ” Northwell Health , the New Hyde Park-based health care system that is the largest private employer in New York State , is trying to find and get the attention of those inattentive employees . Kathy Hughes , Northwell vice president and chief information security officer , sends out “ phishing simulations ” to the workforce . The emails are designed to mimic Attack.Phishing a real phishing campaign Attack.Phishing that seeks passwords and personal information . In April , for instance , Northwell sent out Attack.Phishing phishing emails with a tax theme . Hughes collects reports on which employees take the bait Attack.Phishing by user , department and job function . “ We present them with a teachable moment , ” she said . “ We point out things in the email that they should have looked at more carefully. ” The emails are supplemented with newsletters , screen savers and digital signage reminding users that hackers are lurking . Another tool : Non-Northwell emails have an “ external ” notation in the subject line , making it harder for outsiders to pretend to be Attack.Phishing a colleague . “ We let [ the employees ] know that they are part of the security team , ” she said . “ Everybody has a responsibility for security. ” One of the most important constituencies for security is top executives . Drew Walker , a cybersecurity expert at Vector Solutions in Tampa , Florida , said many executives would rather not know about vulnerabilities to their computer systems , because knowledge of a hole makes them legally vulnerable and casts them in a bad light . “ Nine times out of 10 , they don ’ t want to hear it , ” he said . “ It makes them look bad. ” Richard Frankel , a former FBI special agent who is of counsel at Ruskin Moscou , said that company tests of cybersecurity readiness often snare CEOs who weren ’ t paying attention to training . But attorney Della Ragione said high-profile attacks are getting notice from executives . “ Everyone ’ s consciousness is being raised , ” she said . Data leaks Attack.Databreach at Long Island companies have caused executives to heighten security . In 2014 , Farmingdale-based supermarket chain Uncle Giuseppe ’ s Marketplace said that foreign hackers had breached Attack.Databreach the credit card database of three stores . Joseph Neglia , director of information technology at Uncle Giuseppe ’ s , said that after the data breach Attack.Databreach , which affected about 100 customers , the company began scheduling “ monthly vulnerability scans ” and upgraded its monitoring and security systems . For businesses , Stony Brook ’ s Sion said , the cybersecurity threat is real and immediate . “ I need one second with your machine to compromise it forever and ever , ” he said . “ It ’ s an uphill battle . ”

Cybercriminals prey on naivety , and a new scam campaign that attempts to trick Attack.Phishing people into providing bank details to pay for a fake WhatsApp subscription does just that . WhatsApp did once charge a subscription fee of $ 0.99/£0.99 , but stopped the practice in January 2016 . However , the fraudsters behind this latest scam are looking to take advantage of the fact WhatsApp -- which has over a billion users -- did once rely on a subscription service to dupe Attack.Phishing victims into handing over their banking information . The UK 's fraud and cybercrime centre Action Fraud and the City of London police have issued a warning about the campaign . Emails purporting to be Attack.Phishing from 'The WhatsApp Team ' claim that `` your subscription will be ending soon '' and that in order to continue to use the service , you need to update your payment information . Victims are encouraged to sign into a 'customer portal ' with their number and to enter payment information . Naturally , this is a scam -- with spelling errors in the text a huge giveaway -- and all the victims are doing is providing criminals with their financial details . Criminals could use these to simply make purchases or as a basis for further fraud . Scammers have also been known to use text messages in an effort to dupe Attack.Phishing victims into paying for a fake subscription . Those who receive Attack.Phishing the email are urged not to click on any of the links , but to instead report it to the police . Action Fraud also offers advice to those who have already fallen for the scam , telling victims to `` run antivirus software to ensure your device has not been infected with malware '' . Scammers often attempt to lure Attack.Phishing victims into handing over their credit card information -- or installing malware onto their machines -- often with authentic-looking phishing emails claiming to be from Attack.Phishing real companies . Previously , Action Fraud has warned about scammers attempting to steal Attack.Databreach credentials from university staff with fake emails about a pay rise , while police have also issued a warning about cybercriminals attempting to infect people with banking malware using emails that pretend to be Attack.Phishing from a charity .

One needs to be always aware of Tax Scams , including tax refund scams , which are carried out by scamsters who pretend to be Attack.Phishing from the IRS of USA , HMRC of UK , CRA of Canada , Income Tax Department of India and such . Scamsters contact Attack.Phishing you via fake emails , phone calls , recorded message , SMS , etc , and either scare you with the possibility of some legal action or entice Attack.Phishing you with a tax refund ! Every tax season , Tax Scams start doing the rounds . Emails , Phone calls , or recorded messages by cybercriminals impersonating Attack.Phishing authentic tax agents have become an order of the day and continue to remain a major threat to taxpayers . The scam artists use sinister designs that threaten police arrest , deportation , and even license revocation . With the increases in its popularity , fraudsters are also busy finding more ways to increase efficiency . Earlier , the major targets were elderly people and immigrant population . Slowly , the focus has shifted to methods that rely on auto-dialers , robocalling , and voice mail messages to hit as many taxpayers as possible . The story begins with an automated call . It plays a recorded message warning you that it ’ s “ the final notice ” from the tax agency such as the Internal Revenue Service , Indian Income Tax Department , HM Revenue and Customs , or the Tax department of your country . Or it could begin with an email . In any case , the recorded voice or email purports to be Attack.Phishing from tax inspector and goes on to specify about the course of action , the agency is likely to follow against you like , planning a lawsuit against you , and if you don ’ t return this call , you could land up in jail , soon . Attacks , such as these use fear as bait Attack.Phishing or the lure Attack.Phishing of a tax refund on the other hand . They rely on social engineering tactics . One such message tells recipients that there ’ s a pending law enforcement action against them as they have evaded tax . It is mainly used to target U.S. taxpayers . The scam pretends to contain information about a subpoena . It could contain a web link which it wants you to click . The link could take you to a fraudulent website . Or the email could include an attachment . The file is a “ document file ” that Microsoft Word opens in Protected View . It contains an instruction to Enable Editing . If the Enable Editing button is clicked , malicious Macros in the ‘ document ’ downloads a malware . So one needs to always exercise utmost caution in either of the cases .

Flipkart has recently posted a story to make people aware of fake Flipkart websites . The e-commerce giant on its blog 'Flipkart stories ' said that people need to be beware of email , call , SMS , WhatsApp message or any social media message which claims to be Attack.Phishing offering unbelievable discounts and offers from Flipkart . Flipkart said : “ Be warned that these messages are not sent Attack.Phishing by official Flipkart channels , but by fraudsters and scammers who intend to deceive Attack.Phishing you . If you are not careful , you may be at the receiving end of fraud . Fraudsters intend to make a fast buck by misappropriating the familiar Attack.Phishing and trustworthy name of Flipkart . You are advised not to trust these fraudulent individuals or agencies with your money , or your personal and financial information . Always check with authentic and original Flipkart sources first. ” The content of the fake messages or calls sent Attack.Phishing by the fraudulent may include references to tempting deals , discounts and offers on Flipkart . The fake messages may closely resemble Attack.Phishing the Flipkart ’ s official logos , typefaces and brand colour while some may also contain the word ‘ Flipkart ’ in the URL . Then how can you catch them ? 1 ) Fake websites : The websites such as ‘ flipkart.dhamaka-offers.com , flipkart-bigbillion-sale.com ’ contain the name of the company in their URL . Such websites pretend to be Attack.Phishing associated with Flipkart by using similar-looking and similar-sounding names . However , they are not authorised by Flipkart . 2 ) WhatsApp , Facebook Messenger and/or other social messaging platforms : Fraudsters may try to send Attack.Phishing the customers messages via social messaging platforms and many have also reported the same . These imposters will ask for your personal details or will be asked to share these fraudulent messages with friends and family members to win prizes . Apart from these customers might also be offered products at ‘ unbelievable ’ prices such as a 32 GB pen drive for Rs 25 . Customers will be asked to make payments via online wallets , bank transfer or other means to avail free gifts . To this , Flipkart has directed the customers to not reply to these messages or click any of the links the fake messages contain without verifying it with the company . “ Flipkart has no connection with these fraudulent senders , and we have no control over any information that you share with them . Any details that you share with these fraudulent senders that impersonate Flipkart can compromise your personal and financial information . Payments once made to these accounts can not be retrieved or reversed , and you may be cheated of your hard-earned money , ” the e-commerce website said . 3 ) Fake Calls or SMS to customers : Sometimes , customers may also receive calls from an unknown number . The may speak in any language such as English , Hindi among others . The person might lure Attack.Phishing customers by offering free gifts or by saying that your mobile number has been selected via a lucky draw , etc . To avail these gifts , the imposter will ask you for your personal details and access to bank account numbers among other things . They may also lure Attack.Phishing you to a website appearing very similar to Flipkart or send Attack.Phishing you a fake fabricated certificate . They may also claim to be Attack.Phishing Flipkart employees or partners and may display fake identifiation as proof . “ It is easy to fabricate such documents in order to make you believe that they are genuine . You may also be asked to transfer money to certain digital wallets to claim prizes or gifts . Note that these accounts are not managed by Flipkart , but by fraudsters who want to cheat you , ” Flipkart said . 4 ) Phishing ( Fake Emails ) : Phishing Attack.Phishing is a fraudulent attempt to obtain sensitive information such as usernames , passwords , and credit card details for malicious reasons by disguising as Attack.Phishing a trustworthy entity in an electronic communication . Phishing emails are sent Attack.Phishing by fraudsters . The emails may ask you to visit malicious links through which your personal and/or financial information can be obtained and be used without your consent to carry out fraudulent transactions . You may lose money , personal and sensitive information and your systems — desktop computers , laptops or mobile phones — can get potentially compromised by malware/viruses upon opening or clicking on links in such emails . 5 ) Online games/websites ( discount coupons/gift vouchers/offers/online games ) : Online scams of this type reach out to customers , asking them to play games such as ‘ spin the wheel , ’ which promise free gifts , cash prizes , and other tempting bait . The players are often asked to share the game with their contacts to be able to avail the prize , which , of course , never materializes . 6 ) From Marketplace Sellers : While you may have received an order placed on Flipkart , you may receive a pamphlet or inserts , asking you to make future purchases on some other online shopping site or portal to avail higher discounts . Similarly , sellers/callers posing as sellers may ask you to place an order directly with them and may ask for payment to be made directly . Often , they may ask you to cancel your Flipkart order . Once you agree to any such deal with these fraudulent sellers , Flipkart will not have any control over any information you might share with them . You are at risk of fraud if you accept such offers .

After almost an almost non-existent presence in 2017 and a few weeks off , according to Malwarebytes security researcher S ! Ri , Locky is back with a fresh wave of SPAM emails containing malicious docs . While it is not known what caused Locky's hiatus , if they plan on pushing the ransomware like they previously did , then we all need to pay close attention . This current wave of SPAM comes in the form of emails that pretend to be Attack.Phishing payment receipts with various subjects . According to an article by My Online Security , the email subjects include Receipt 435 , Payment Receipt 2724 , Payment-2677 , Payment Receipt_739 , and Payment # 229 , where the numbers change . These emails include a PDF attachment with a name like P72732.pdf . When these PDFs are opened , the target will be prompted to open an embedded Word document as shown below . If a user opens the file , the Word document will open and the target will be greeted with the typical Malicious word document prompt . That is the prompting to enable the macros by clicking on Enable Content in order to properly see the document . When the macros are enabled , the macros are currently downloading an encrypted Locky binary from http : //uwdesign.com.br/9yg65 , decrypting the file , saving it to % Temp % \redchip2.exe , and then executing the file to begin the encryption process . Redchip2.exe currently has a 7/55 detection on VirusTotal . Just like previous variants , Locky deletes Shadow Volume Copies using a Scheduled Task and appends the .OSIRIS extension to encrypted files . While encrypting files it will routinely send status updates to the Command & Control servers located at 188.120.239.230/checkupdate and 80.85.158.212/checkupdate . When done it will display Attack.Ransom the ransom note to let the victim know that they have been infected . Unfortunately , at this time there is still no way to decrypt files encrypted by Locky . One of my client is infected by the original locky which the file extension name is .locky in March , 2017 . That means locky never disappears . Are you sure it is the real Locky ? Lots of spoofs , honestly have not seen the original extension distributed in a super long time . ID Ransomware can detect between the real and the fakes . True , it was the spam campaign that stopped . Some old locky files are still hosted on hacked server .

Save the Children Foundation has revealed that the charity was targeted by fraudsters last year , leading to the loss of $ 1 million . Speaking to the Boston Globe , the US arm of the non-profit , which supports children worldwide , said that con artists managed to compromise Attack.Databreach an employee 's email account in order to masquerade as Attack.Phishing the staff member in question . Once access was gained Attack.Databreach to the account , the hackers behind the scam created Attack.Phishing a number of false invoices and related documents which described a need to purchase solar panels for health centers located in Pakistan . The Connecticut-based charity organization fell for the ruse Attack.Phishing , conducted in May 2017 , and approved the transfer of close to $ 1 million to an entity in Japan which was used as a front to rake in the proceeds . By the time the foundation realized the invoice was false , it was too late and the money was gone . The publication says that Save the Children possessed insurance which covered close to all of the lost funds , and in the end , the charity only lost $ 112,000 . `` We have improved our security measures to help ensure this does not happen again , '' Stacy Brandom , the chief financial officer of Save the Children told the Globe . `` Fortunately , through insurance , we were ultimately reimbursed for most of the funds . '' The scammers targeting the charity appeared to follow the rules of Business Email Compromise (BEC) attacks Attack.Phishing almost to the letter . These campaigns have a number of steps , compromise Attack.Databreach a business email account via brute-force hacking or social engineering ; pretend to be Attack.Phishing a legitimate staff member , and lure Attack.Phishing another individual to approve false invoices or fraudulent payments . The FBI has previously warned that December 2016 and May 2018 , there was a 136 percent increase in BEC scams Attack.Phishing , reported across 150 countries , Ill-gotten funds are often sent to entities in Asia and billions of dollars have been lost . In February , IBM said a single BEC scam Attack.Phishing originating in Nigeria led to the loss of millions of dollars belonging to Fortune 500 companies . These types of scams are incredibly common and it can be difficult to track down the fraudsters responsible , who may be located in any country in the world . However , on rare occasion , a BEC scam artist is taken to task for their actions . In September , a man from Nigeria was ordered to pay $ 2.5 million and serve five years in prison for conducting a variety of BEC scams Attack.Phishing against enterprise companies . Prosecutors estimate that the con artist defrauded victims out of hundreds of millions of dollars .

UK police are warning that fraudsters are posing as Attack.Phishing Department of Education officials in order trick Attack.Phishing schools into installing ransomware . An Action Fraud notice claimed that the fraudsters have been cold calling education institutions pretending to be Attack.Phishing government officials and socially engineering the victim into giving them the email address of the head teacher , in order to send across “ sensitive information ” . The resulting email contains a .zip attachment loaded with ransomware that will apparently demand Attack.Ransom up to £8000 to recover the files . Action Fraud claimed similar cases have been noted where the fraudsters pretend to be Attack.Phishing calling from the Department for Work and Pensions , or even telecom providers . The newly reported incidents Attack.Phishing represent an escalation in tactics designed to get ransomware on the networks of targets presumably selected because they may be relatively poorly secured , and be willing to pay a high penalty Attack.Ransom to gain access back to their data . “ Once again , hackers have preyed on the weakest link in security – the end-user – but this is not where the fault lies . It ’ s unfair to expect busy teachers to be able to tell the difference between an email from the Department of Education and these sophisticated mimics , ” argued Fraser Kyne , EMEA CTO at Bromium . “ Hackers are clever and convincing con artists , yet the industry continues to try and convince us that they can be defeated through detection tools and user education . As we can see from the rise in such attacks , this approach is neither realistic nor effective ” . In related news , new tactics Attack.Phishing designed to deliver the Petya variant GoldenEye have been discovered using fake job application emails . The new campaign Attack.Phishing is designed to target HR staff , with the ransomware hidden in a malicious attachment masquerading as Attack.Phishing a CV , according to Check Point . The emails also contain a harmless PDF as covering letter in order to lull Attack.Phishing the recipient into a false sense of security , the vendor claimed