• Visit Our Network:
  • gtnews
  • Corporate Treasurers Council
  • AFP Advisors Network
  • CIEBA
The Resource for the Global Finance Profession

AFP Fraudwatch: Banks Should Assume the Worst

  • By Andrew Deichler
  • Published: 2012-07-16

AFP compiles the most alarming—and informative—fraud news relevant to corporates in Fraudwatch. This column is part of AFP’s Payments Fraud Resource Center and is intended to keep you aware of the latest threats to your organization. Follow @AFPFraudwatch on Twitter for all the latest updates.

In this issue, banks should presume that their customers’ PCs are infected in the wake of the High Roller cyberattack, according to a warning by the European Union. Also, a security breach at Yahoo compromises nearly half a million users, a new report reveals that payments fraud in Australia rose $77.5 million last year, and Facebook introduces security checkpoints to help users combat malware.

EU: Assume All Bank Customers’ PCs are Compromised

Banks should presume that all of their customers’ PCs are infected, according to a report by the EU’s cybersecurity agency. The troubling news comes in response to a recent report by McAfee and Guardian Analytics on Operation High Roller, a devastating cyberattack that has stolen millions from corporate bank accounts.

The European Network and Information Security Agency (ENISA) noted that the High Roller attacks drew much attention for three key reasons. First, they were highly automated. Second, they were sophisticated and easily circumvented banks’ security measures, such as two-factor authentication and fraud detection. Lastly, only PCs from users with high balances were targeted.

Zeus, the virus used by High Roller attackers, has been around since 2007 and its detection rate is low. Banks should take the necessary precautions to deal with this threat, according to ENISA.

Most online banking systems work under the assumption that the user’s PC is not infected. Basic two-factor authentication will not prevent man-in-the-middle or man-in-the-browser attacks. ENISA recommends cross-checking the value and the destination of certain transactions with the user via a trusted channel (SMS, phonecall, etc.).

ENISA added that taking down High Roller’s global command centers will be a group effort. The cyberattack used command and control servers located across the globe, and cracking down on them can be incredibly difficult. “Therefore, strong global collaboration, both in terms of prevention and in terms of response is needed,” the agency said in a statement. “ENISA works on fostering closer ties and more information exchange between national Computer Emergency Response Teams (CERTs), law enforcements and between EU countries to improve incident response across borders.”

Half a Million Users Compromised in Yahoo Breach

Yahoo said last week that it had suffered a massive security breach that exposed more than 453,000 usernames and passwords. Accounts belonging to Yahoo, Gmail, Hotmail, AOL, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com users were compromised.

The D33D Company, a hacking group, reportedly got the passwords from Yahoo Voices, a crowd-sourced publishing platform that invites users to submit articles through the Yahoo Contributor Network. Most alarming is that the passwords and usernames were stored without encryption, in plain text, according to information security company TrustedSec.

According to Yahoo, only about 5 percent of the passwords were still valid. “We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying companies whose user accounts may have been compromised,” said Yahoo spokeswoman Dana Lengkeek.

However, Lengkeek added that Yahoo is still unsure whether the breach has been contained. She noted that users may need to change their passwords several times. “You should still go ahead and change it straight away, but you may have to change it for a second time if it turns out attackers are still entrenched in Yahoo’s systems,” she said.

Little is known about D33D, but the group took credit for the attack. D33D claimed to steal the unencrypted passwords using an SQL injection. The group described the hack as a “wake-up call” and not a threat. “There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure,” the group said. “Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

APCA: Payments Fraud in Australia Increases $77.5MM

Payments fraud in Australia increased by $77.5 million last year, according to new data released by the Australian Payments Clearing Association (APCA).

Total payments fraud rose from 11.4 cents to 16.2 cents in every $1,000 transacted in 2012, largely due to increases in scheme credit, debit and charge card fraud. The overall volume for this type of fraud has fallen 18 percent due to the roll-out of chip-enabled cards and chip readers. However, card-not-present fraud has risen significantly, and accounts for 71 percent of scheme credit/debit/charge fraud in Australia.

APCA CEO Chris Hamilton said in a statement that that thwarting CNP fraud “requires effort from everyone, from the retailer, through financial institutions and card schemes, and in the end from the consumer.” He added that the tools to combat these threats are readily available to Australians, but retailers and consumers alike must use these them to ensure safe online transactions.

The APCA is developing free online training for retailers to help them conduct safe business online. The association said it would be available in the coming months.

Facebook Helping Users Avoid Malware


Facebook has introduced a series of security “checkpoints” to keep users from spreading malware to one another. The social networking site is directing anyone who suspects that their computer might be infected to other sites with antivirus software.

In a statement, Facebook explained that it has been working for the past couple years to identify spam and other malicious content posted on the site by computers infected with malware. When a possible infection is identified, Facebook notifies the user and provides antivirus software that is capable of clearing the device. The new malware checkpoints allow users to be more proactive and access this antivirus software themselves, rather than wait for Facebook to notify them of a problem. Windows users are sent to Microsoft Security Essentials or McAfee Scan and Repair. Mac users are referred to the Apple Security Updates site.

Copyright © 2014 Association for Financial Professionals, Inc.
All rights reserved.

Copyright © 2014 Association for Financial Professionals, Inc. - All rights reserved.
AFP, 4520 East-West Highway, Suite 750, Bethesda, MD 20814, Phone 1.301.907.2862
Follow Us AFP on LinkedInAFP on TwitterAFP on YouTubeAFP Newsfeed