Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

Cofense finds sustained increase in phishing lures targeting UK users imitating HMRC, Lloyds Bank and HSBC – details on malware and motivation included

Cofense finds sustained increase in phishing lures targeting UK users imitating HMRC, Lloyds Bank and HSBC – details on malware and motivation included

Since this April, Cofense Intelligence™ has observed a sustained increase in the financially motivated targeting of UK-based users with phishing lures imitating HMRC, Lloyds Bank, and HSBC.

The most common final payloads delivered by these campaigns are designed to compromise victims’ financial accounts and provide illicit access to financial information.

This surge in targeting almost certainly represents a stage in the “whack-a-mole” strategy long employed by threat actors: expand campaigns against a segment of the vast vulnerable attack surface until those users catch on to the threat, then move to the next target.

Trickbot, Pony, and Loki Bot comprised the majority of final payloads delivered in the distinct campaigns analysed. While the appearance of authenticity of the phishing emails differs among the campaigns, indicating that different groups of threat actor, these types of malware are almost certainly leveraged for similar objectives — to provide threat actors with financial information and access to accounts to facilitate theft.

Full blog with detail on malware and screenshots here: https://cofense.com/targeting-uk-user-financial-accounts-surged-past-two-months/

Aaron Higbee, CTO and cofounder at Cofense comments:

“Financially themed phishing scams give threat actors a number advantages when it comes to compromising security. Internet users pay attention because banks and tax authorities play an official role in our day-to-day lives and their services often incur costs.  What’s more, the type of information these institutions need can be sensitive, from username and passwords to information regarding an account, it feels much more acceptable for a financial institution to be requesting such information than another type of company.  By adding additional, local relevance – for example the UK tax authority and two of the most prominent banks in the country – malicious emails can easily be mistaken for legitimate correspondence. In these cases, threat actors are using social engineering within phishing attacks to still target a very large number of potential victims.

“With many of the phishing campaigns targeting corporate accounts, businesses need to equip their employees to be as resilient as possible to this type of attack.  Encouraging employees to report suspicious emails, to think twice about if an email is unsolicited and be extra cautious where financial details are concerned, is the first step to reducing susceptibility and building resiliency. What’s more, by reporting emails, the IT team is also quickly able to gather threat intelligence and begin the response process. As multiple threat actors continue to use similar techniques to deliver a multitude of malware variations, no technology can guarantee prevention. However, by making employees as security savvy as possible, companies have a constantly improving threat detector within their cybersecurity infrastructure.”

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post