A new malware has been identified that targets mobile banking applications. It is a highly dangerous and complex Trojan dubbed “Marcher". Marcher is an Android banking Trojan, first detected in 2013. This malware was designed to steal mobile application credentials from end users, becoming one of the most prevalent Android password-compromising pieces of malware on the threat landscape today. The malware is usually spread via malicious Android Application Packages that impersonate Adobe Flash Player. It has also been seen embedded in several banking applications and video games, such as Super Mario Run and others. For example:
It is important to note that in addition to the credentials, this malware allows the criminal to access SMS messages, which despite its vulnerabilities, it is still a popular form of authenticating users. If and when the bank sends the SMS One-Time-Password, the criminal is able to use it to bypass the second factor authentication feature the bank may have in place. More background information on Marcher can be found in a recent blog post from Easy Solutions, here. Customers should deploy multi-layered protection against electronic fraud and only download applications from the Google app store or the Apple Store. Do not use third party stores for downloads.
COMING SOON! Detect Safe Browsing, a complementary software download that adds an additional layer of protection while clients access accounts.
Business email compromise (BEC)—also called “wire transfer phishing,” “impostor phishing,” and “CEO phishing”—is a type of cyber attack comprising low-volume campaigns of highly targeted phishing emails. These campaigns focus on one or two people within an organization, asking the recipient to transfer funds or private information of value such as W2 forms directly to attackers.
Please CLICK HERE to review a diagram on how BEC works.
Tips to Prevent BEC
From a technical perspective, you need a secure email gateway that supports advanced options for flagging suspicious messages based on attributes (such as direction and Subject line) and email authentication techniques. At a minimum, configure your email gateway to block messages that spoof your domain(s); this function is built into most secure email gateways. Another best practice is automatically adding the [EXTERNAL] tag or a similar designation to the subject line of emails sent from outside your organization.
From a human resources perspective, train your staff and put the effective processes in place. Here are a few basic guidelines:
Adding safeguards that include out-of-band contact (personal interactions outside the back and forth of email conversations) can save organizations hundreds of thousands or even millions of dollars. Vigilant employees are the last line of defense against these threats. You should create a culture in which employees ask questions, think carefully, and understand their important role in security.
Your home has locks on the doors and windows to protect your family and prevent thieves from stealing cash, electronics, jewelry and other physical possessions. But do you have deterrents to prevent the loss or theft of your electronic assets, including bank account and other information in your personal computers, at home and when banking or shopping remotely online?
Please CLICK HERE to review a guide with great information on what you can do to help prevent online fraud and theft.
Identity theft is a growing problem in the world, but there are certain things you can do to avoid ID theft. Below are different ways to deter, detect, and defend yourself against ID theft.
The Federal Trade Commission wants you to help fight back against identity theft so for more information about ID theft, please visit their website at www.ftc.gov/idtheft.
Identity theft is a serious crime. It occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes. Identity theft can cost you time and money. It can destroy your credit and ruin your good name.
Deter identity thieves by safeguarding your information.
Detect suspicious activity by routinely monitoring your financial accounts and billing statements.
Be alert to signs that require immediate attention:
Defend against ID theft as soon as you suspect it.
Skilled identity thieves use a variety of methods to steal your personal information, including:
To learn more about ID theft and how to deter, detect, and defend against it, visit www.ftc.gov/idtheft. Or request copies of ID theft resources by writing to:
Consumer Response Center
Federal Trade Commission
600 Pennsylvania Ave., NW, H-130
Washington, DC 20580