Fighting Coronavirus phishing and malware campaigns

Fighting Coronavirus phishing and malware campaigns

Will LaSala

Senior Director of Global Solutions, Security Evangelist, at OneSpan

Views 550

Fighting Coronavirus phishing and malware campaigns

20.03.2020 04:30 pm

It's not uncommon for cybercriminals to exploit surges in communications in order to lure consumers into unknowingly downloading malware or giving up sensitive, often financial, information. Last year hackers used heightened communications around new legislation like Strong Customer Authentication (SCA) and also annual events like Black Friday and Cyber Monday in order to obtain personal information which could then be used to commit fraud

We’re now seeing similar activity as cybercriminals exploit fears around the Coronavirus in an attempt to persuade victims into opening malicious attachments which they’re led to believe is information on how to stay safe from the outbreak.

There have been several cases already identified. A team of researchers at IBM X-Force identified a number of campaigns where opening attachments began silently installing an Emotet downloader. Likewise, Kaspersky announced they had found “malicious pdf, mp4 and docx files disguised as documents relating to the newly discovered Coronavirus. The file names imply that they include virus protection instructions, current threat developments, and even virus detection techniques.” Initially, these attachments were in Japanese, due to the country’s locality to the outbreak’s epicentre. However, as Coronavirus has spread around the globe, we’re seeing similar tactics used in other regions too.

 Its paramount that banks and financial institutions implement additional safety measures to protect both retail and enterprise banking customers from these coronavirus focused attacks.

Upgrade fraud detection systems

Banks and FIs should deploy machine learning-powered fraud detection systems in order to detect and block fraud attempts in real-time, without harming the customer experience.

Machine learning algorithms are capable of analysing vast amounts of data from a range of sources, such as device used, location, and transaction history. Additionally, machine learning algorithms can continuously monitor banking sessions and assess data points such as time of day, length of a session, and spending patterns. All of this information can be used to build up a detailed picture of an individual’s normal behaviour. Any abnormal behaviour that may be an attempt at fraud can be spotted in real-time, and additional security measures implemented.

Fraud detection systems powered by risk analytics and machine learning are also more adept at spotting early warning signs of phishing. The algorithms are able to determine the likelihood of the HTTP referrer being from a phishing page, which can be supplemented with expert rules put in place. These rules will dictate how the system should respond to phishing attacks taking place.

Expert fraud rules

In order to react to the rapid development and constantly shifting nature of fraud, FIs and banks need to adopt a dynamic approach to fighting fraud. This includes implementing expert fraud rules that can operate at different levels depending on the threat levels at the time. For example, right now, when there are likely to be an increased number of fraud attempts, fraud detection systems can be set to operate at lower levels of trust. The threshold for any fraud scoring models can also be adjusted so that it allows more false positives in an attempt to block more cases of fraud than let any slip through the net.

After the increased risk surrounding the coronavirus has diminished banks and FIs can readjust their systems back to their normal levels of fraud detection.

Beyond the coronavirus

Banks and FIs need to take precautions, not just during heightened threat periods. After the risk of attack has subsided, risk analytic technology can continue analyse individual transaction and better understand the fraud risk in real-time. The security mechanisms will improve their precision for detecting fraud as more data is collected, all of which is done without impact a user banking experience. For low transaction risk there is little to no friction, whereas additional necessary security steps are taken for transactions that are determined to be risky or abnormal.

Attackers always seek to launch phishing attacks that play on fear, like the ones we’ve seen recently. It is disconcerting that individuals or groups take advantage of these events, but the trend is unlikely to stop any time soon. That’s why it is imperative for fraud teams to have the most advanced capabilities and be able to respond effectively. This will allow them to stop phishing attacks, like these ones and others to come, in their tracks.

Latest blogs

Nish Kotecha Finboot and Bryan Foss, NED, Visiting Professor at Bristol Business School and member of the FRC Audit & Assurance Council

How Listed Companies Can Use Blockchain to Prevent Auditing and Reporting Malpractice and Avoid Scandal

Not too long ago, there was very little to link Wirecard, the disgraced payments platform in Aschheim, Germany, with Boohoo, the fast-fashion online retailer in Leicester, England, but both have recently been embroiled in high-profile scandals. Read more »

Leon Muis Yolt Technology Services

The Time for Financial Services to Become Truly Digital is Now

The financial services industry looks set to change dramatically over the next couple of years in response to COVID-19. The pandemic has certainly highlighted some inefficiencies and weak spots in current processes for many businesses, such as those Read more »

Granville Turner Turner Little

The Lockdown Money Revolution

Many Brits have found that lockdown has been beneficial for their money, having cut back on personal spending and managing to put away some extra cash. According to eToro, Brits with unspent discretionary income are set to accumulate £75.5bn in Read more »

Sandra Higgins Sysnet Global Solutions

Are You ‘Prescribing’ the Right Security Solution to Your Merchants?

When it comes to leading a healthy lifestyle, eating the right food, taking regular exercise, and maintaining a positive mindset are key. However, despite these best intentions and practices, you still might not get all the nutrients your body needs Read more »

Robert Flowers DivideBuy

It Doesn’t Have to Be the End – How Retailers Can Grow in Light of COVID-19

It’s no news that the retail industry has been flipped on its head by the COVID-19 pandemic. Due to the lockdown, most in-store operations have been shut down, and nationwide furloughs, reduced pay and steady streams of income at risk have fuelled a Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel