With more and more financial transactions being conducted online, it is no surprise that scammers are creating and distributing resources to dupe users and banks. Financial institutions and instruments are especially attractive targets for cyber attacks. The multiple avenues of the financial sector contribute to a wider threat landscape and provide threat actors leeway to monetize the impacts of cybercrime.
We use common search engines to look up everything, from e-commerce sites to bank login pages. For this reason, scammers/ hackers have resorted to indexing bogus web pages on search engines such as Google or using the digital fingerprints of banking customers to evade anti-fraud mechanisms that are in place. Threat actors also install malicious software programs like keyloggers or leverage tools such as ATM skimmers to gain unauthorized access to your personal information or credit/ debit card details. More frequently, cyber mercenaries also bait banking customers using phishing emails to deceive them into giving up valuable information.
Web pages that target banks usually contain fake bank branches and customer care numbers. They also create fake Twitter handles and Facebook accounts to share the fake customer care numbers. They make sure their results are at the top of search engine result pages. So when users search for customer care contact details, they end up with fake customer care numbers.
When customers call the fake customer care number they will be greeted by closely mimicked bank caller tunes, hold tunes, and follow standard operating procedures, that lend it an air of legitimacy. Often, the customer care representatives slip questions about CVV (Card Verification Value) or ask for OTP (One-Time Password) under the pretence of validating the caller’s identity. They even advise callers to download and install remote desktop sharing apps or open links, hence giving the scammers control of their devices.
Alternatively, threat actors avail the digital fingerprint that customers leave behind, such as the unique characteristics of their devices (IP addresses, geolocation, OS version, web browser plugins, etc.) or behavioural analysis which includes customers’ keystroke patterns, or their interactions with the browser. Such fingerprints are stolen and sold on the dark web which allows threat actors to impersonate the customers.
Keyloggers are ubiquitous components of a virus or malicious software that are capable of recording keystrokes generated by an infected keyboard while ATM skimmers are card readers that collect card numbers, PINs, etc. through assembled attachments that resemble parts of the ATM. Cybercrooks use such tools and software programs to steal information with hopes to make easy money.
Our clients engage XVigil in the process of identifying such criminal activities that may pose a threat to their operations and the safety of their customers.
CloudSEK tunes XVigil to monitor social media, surface web pages, dark web, discussion forums, and messengers such as Telegram. XVigil’s crawlers scour these sources to detect the instances of fake customer care numbers and the associated details, relevant data dumps that contain leaked customer data. XVigil’s AI-powered engine processes raw data to discard duplicates and false positives. The threats are then analyzed, rated based on the threat levels, and taken down promptly, to ensure users are not affected.
Banks and other financial institutions are built on the trust that businesses and consumers have in it. With XVigil, clients from this sector are able to detect the presence of fake customer care numbers, leaked data pertaining to the institution and/ or its customers across web sources including social media and the deep web. In such situations, time is of the essence. So, with XVigil’s AI-powered engine, they receive real-time alerts, giving such institutions enough time to take action before the risk can manifest as an incident.