PREVENTING FRAUD: Hackers are taking advantage of COVID-19
We have all been affected by the COVID-19 outbreak in some way. Whether it’s unexpectedly switching to a work-from-home environment, canceling vacation plans or business trips, or having to relearn algebra, we’ve all experienced extraordinary changes in our daily lives.
However, our collective determination to endure circumstances such as these makes us stronger and helps us find creative new ways to deal with changes.
I hope that you and your families are doing well and that we can begin planning for a time when we get out of this situation and start to rebuild our businesses and family lives.
One thing that has become clear is that we have become even more dependant on the use of online transactions. Fraudsters and cyber-criminals are opportunists and they know that the confusion caused by this worldwide pandemic can be used to try to steal sensitive information from individuals and organizations alike.
Cyber-criminals have started to send text messages pretending to be organizations like banks, tax agencies, or even the Government and, by using a technique called spoofing, they can insert messages into a chain of texts alongside previous genuine SMS messages from that organization.
The fraudsters then attempt to trick people into giving away personal and financial information or money. Avoid clicking on any links contained within text messages and always log into your bank account by keying the website address or using a saved favourite link on your device to update information or make payments.
Here are some specific scams fraudsters are trying:
- Using the uncertainty around stock markets to advise transfers into higher-risk or alternate investments that are not legitimate
- Pretending to be from the claims departments of banks or insurance companies, promising to cover losses for a small fee
- Sending messages advising that your bank is in trouble and that you should send money to a new bank account that has been set up in your name
- Tricking people into making a small payment to set up payment deferrals on existing products/services such as mortgages
- Fake lockdown messages advising that you have been fined for leaving your home and must make a payment
For many, being away from the office means using personal devices or adopting new ways of working because normal processes have been disrupted by the outbreak.
Fraudsters can use the increases in businesses working from home to target individuals or employees to impersonate senior staff or executive management.
There has been an increase in Authorized Push Payment fraud across the banking industry. This is where individuals are tricked into sending money from their personal account or their business bank account to one belonging to a scammer. Businesses that are adopting new business processes and ways of paying are particularly vulnerable.
What can you do to minimize these types of security threats?
Individuals and businesses need to take appropriate security measures, including updated and patched software and secure network connections to prevent unauthorized access. Additional training to spot the signs of a fraudulent attack is also a good idea. In addition, any security software such as anti-virus and firewalls should be maintained to the latest release/patch.
The ability to verify a user’s claimed identity through various authentication factors has become crucial for NonStop systems, especially for users that will be logging-on to business-critical applications. Ineffective authentication comes with significant direct and indirect risks, including compliance penalties, data theft, loss of customer trust, and significant loss of revenue. There is an over-reliance on insecure forms of authentication, such as passwords and security questions, this can lead to security gaps that create opportunities for intruders.
By implementing additional security measures, such as strong passwords and the use of multi-factor authentication, users can prevent credentials from being compromised and avoid falling victim to these types of attacks.
Minimize security gaps with Multi-Factor Authentication
Modern authentication methods represent a more robust security structure, and also provide a better user experience when logging into applications. MFA also makes it easier for auditors to get answers to critical compliance questions; providing information such as which users are granted access to which system, and also how the access policy is being reliably enforced. Additionally, some of the modern MFA applications available today also include reporting capabilities, which ensure that compliance standards, such as PCI DSS, are being met.
CSP Authenticator+™ supports numerous authentication factors for NonStop. It provides a RESTful interface that supports multi-factor authenticated logins on NonStop systems. CSP Authenticator+ resides on the NonStop Platform and uses an OSS “bridge” to connect to the RESTful interface of the CSP Authenticator+ web server.
CSP Authenticator+™ Dashboard
CSP Authenticator+ can provide authentication services via Safeguard Authentication SEEP, or Pathway and Non-Pathway servers. Almost any application, including TACL, can now easily support multi-factor authentication (MFA).
Authentication methods such as RADIUS, RSA Cloud, Active Directory, and Open LDAP are supported. Additional authentication methods include RSA SecurID, Email, Text Message, and Google Authenticator. You can now enable MFA logins for different applications, making them more secure!
CSP Authenticator+ Key Features:
- Support for various authentication methods
- Browser-based user-friendly interface
- Standardized authentication across platforms
- Configurable for all or selected users
- Support for virtual addressing
CSP – Compliance at your Fingertips™
For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com
We Built the Wiki for NonStop Security ®
Regards,
The CSP Team