Fighting Card Fraud in a New Environment

Nick Holland • September 29, 2020

The COVID-19 pandemic has shifted the dynamic of card fraud in favor of the fraudsters due to the massive increase of online transactions, says Andrei Barysevich of the fraud intelligence company Gemini Advisory. And many fraudsters are using more sophisticated tools, including anti-fingerprinting technology.

COVID-19

Battling PPP Loan Fraud With Technology

Latest

Cyberwarfare / Nation-State Attacks

FBI, CISA Again Warn of Election Disinformation Campaigns

Prajeet Nair • September 29, 2020

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are warning that malicious actors are spreading disinformation - claiming to have hacked voter databases - in an attempt to manipulate public opinion, discredit the electoral process and undermine confidence in U.S. democratic institutions.

Cloud Security

Cybersecurity Firm McAfee Files for IPO

Mathew J. Schwartz • September 29, 2020

McAfee is set to become a public company once again, with the cybersecurity firm filing for an IPO with the U.S. Securities and Exchange Commission to trade under "MCFE" on the Nasdaq Stock Market. Separately, Ivanti announced that it would buy security firms MobileIron and Pulse Secure.

Card Not Present Fraud

How 'Virtual Cards' Could Mitigate Merchant Fraud Risk

Suparna Goswami • September 28, 2020

Virtual payment cards being tested in Europe and the United States could help mitigate the risk of merchant fraud, says Rui Carvalho of the nonprofit European Association for Secure Transactions.

Forensics

Warning: Attackers Exploiting Windows Server Vulnerability

Akshaya Asokan • September 25, 2020

Microsoft and the Cybersecurity and Infrastructure Security Agency have issued warnings that a critical vulnerability in Windows Server dubbed "Zerologon" is being actively exploited in the wild. They urge users to immediately apply an available partial patch.

Cyberwarfare / Nation-State Attacks

Facebook Removes More Accounts Linked to Russia

Chinmay Rautmare • September 25, 2020

Facebook is again cracking down on fake accounts and pages linked to a Russian IRA troll farm or the country's military intelligence units that were being used for disinformation campaigns. Meanwhile, the FBI issued a fresh warning that threat actors are attempting to target U.S. voting infrastructure.

Fraud Management & Cybercrime

GDPR Compliance Used as Phishing Lure

Chinmay Rautmare • September 25, 2020

A recently uncovered phishing campaign used the European Union's General Data Protection Regulation as a lure to steal login credentials. The campaign enticed victims with subject lines indicating their email security system was not in compliance with the law, according to Area 1 Security.

Breach Notification

Analysis: Are Darknet Markets Here to Stay?

Anna Delaney • September 25, 2020

The latest edition of the ISMG Security Report features an analysis on why criminals continue to use darknet markets, despite the risks. Also featured: Hackers target Virgin Mobile KSA; coping with COVID-19 stress.

Cybercrime

Why Encrypted Chat Apps Aren't Replacing Darknet Markets

Mathew J. Schwartz • September 25, 2020

With so many cybercrime markets continuing to disappear, why haven't encrypted messaging apps stepped in to fill the gap? They might seem to be the perfect solution to admins stealing buyers' and sellers' cryptocurrency - via an exit scam - or police infiltration. But encrypted apps have their own downsides.

Fraud Management & Cybercrime

How a Phishing Awareness Test Went Very Wrong

Jeremy Kirk • September 25, 2020

Training employees to resist phishing emails is key to preventing compromises. But an exercise run by Tribune Publishing Co. created a searing backlash after its phishing exercise tempted employees with bogus bonuses in a year in which they had already endured financial hardships.

Governance & Risk Management

NIST Unveils Updated Guide to Privacy, Security Controls

Akshaya Asokan • September 24, 2020

The U.S. National Institute of Standards and Technology this week released a long-awaited guidance update, Special Publication 800-53 Revision 5, describing "next-generation security and privacy controls" and how to use them.

Breach Notification

Blackbaud Ransomware Breach Victims, Lawsuits Pile Up

Marianne Kolbasuk McGee • September 24, 2020

As the tally of reported heath data breaches related to the May ransomware attack on Blackbaud continues to climb, so do the number of lawsuits filed against the cloud-based fundraising software vendor.

Account Takeover Fraud

Police Crack SMS Phishing Operation

Jeremy Kirk • September 24, 2020

Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials. It's a rare success in the fight against unsolicited text messages.