A monthly Information Security publication for the WPI community.

Welcome to this month's newsletter about FINANCIAL & BANK FRAUD

As our digital world keeps changing, so do the tricks of those looking to exploit it. In the online space, financial scams are a real thing—I've seen institutions fall victim firsthand. Let's unite as a community, be in the know, and stay on our toes. If something seems off, like a sudden request to change a bank account number, double-check it. Being aware is our best bet. Protect your money by staying in the loop, questioning surprises, and flagging anything fishy. Together, we've got what it takes to build a strong community that faces digital challenges head-on!

In this issue:

  • Financial & Banking Fraud
  • MFA Secures Finances
  • Online Banking Safety
  • Learning with Laughter
  • Information Security on WPI Hub
  • Meet a Financial Scammer
  • Videos, In the News, By the Numbers
  • Diversity in Cybersecurity
  • WPI Hub Resources
  • Coming Next Month...

Financial & Banking Fraud

People and organizations intentionally deceive victims with the end goal of monetary gain. While schemes to steal valuables have been around for thousands of years, today scammers use a mix of both high and low tech tactics to convince victims to divulge the information they need in order to profit.

Guard your card! Fraudsters skim the magnetic strips and scan using an RFID reader, or they can even be looking over your shoulder at an ATM. Cards may be intercepted in the mail, so if you are expecting one and it is not received within the expected time frame, contact your institution right away.

Check a Requested Change! Fraudsters call and email urging you to make an account change, move money, or provide account details under the guise of resetting a compromised account. Don't reply. Use the contact information on your card or a past statement to check on the request. If a request comes to you as an employee to change or reveal financial data, do not comply. Please contact your supervisor and Information Security.

Pay Attention to Payments! Authorized Push Payment (APP) scammers inform you of a change or breach putting your money at risk, and of course, they claim to need your password or PIN to assist. Review statements to ensure checks paid on your account are not counterfeit. Scrutinize  invoices and policies to ensure they are legitimate before paying.

Additional details about these scenarios and more are here:

Types of Banking FraudTypes of Financial Fraud

Direct Deposit Scams

Real World Example from WPI CISO:

  

In a real-world payroll direct deposit scam that I investigated (not at WPI), cybercriminals utilized social engineering tactics to manipulate unsuspecting payroll staff. Posing as a legitimate employee of the organization, the adversary contacted the payroll department by phone, persuading them to change direct deposit information. When the payroll staff realized they did not have the necessary permissions, the payroll staff member, deceived by the caller's urgency, opened a ticket requesting the required access.

How a Direct Deposit Scam Works

  1. A phishing email is used to steal an employee's login credentials.
  2. The scammer uses the stolen credentials to contact the Payroll staff and ask how to change their direct deposit information. 
  3. Direct deposit is changed to the scammer's account.
  4. After 1-2 pay cycles, the employee notifies the employer that they have not been paid.

How to Prevent Direct Deposit Scams

  • Use secondary factors to verify change requests
  • Know how to spot a phishing email
Direct Deposit Email Scam (BrainStomp.com)Direct Deposit Scams: Don’t Get Fooled! (Social-Engineer.com)

MFA Secures Finances!

When it comes to keeping financial accounts safe, did you know...

  • Multi-factor authentication (MFA) reduces the risk of security breaches from occurring.
  • Passwords alone don't provide enough security because they can be stolen.
  • According to Microsoft, MFA can “prevent 99.9 percent of attacks on your accounts.”
Use Two-factor Authentication to Protect Your Accounts (FTC.gov)8 Benefits of MFA (Ping Identity)

How WPI Keeps Financial Data Safe

  • WPI accounts and access to financial systems require MFA. If your MFA is still using text or mobile phone, update to the Microsoft Authenticator app with number matching for better security.
  • Workday enables you to securely add and edit direct deposit criteria yourself.
  • WPI Hub instructions about changing your financial data require Hub sign-in to view.
Update MFA 

Online Banking Safety Tips

  • Choose trustworthy financial apps. Never use person-to-person payment apps to pay bills. 
  • Set strong and unique passwords
  • Enable two-factor authentication
  • Don't conduct banking on public Wi-Fi
  • Sign up for banking alerts
  • Be wary of phishing scams; email that claims to be from your bank or payment app could be fraudulent.
How To Protect Your Online Banking Information (Forbes.com)

Learning with Laughter

Portrait of Willy Wonka. Text says, "Oh you're from an official government agency and you need me to pay you with gift cards? Tell me more about how that's definitely not a scam."
Chef Gordon Ramsey shouting. Text says, "Never send money to someone you have never met..it will always be a scam."

Information Security Is on the WPI Hub!

Here you can find the latest phishing and cybersecurity news, and links to helpful articles.

InfoSec's Hub Page

Meet a Financial Scammer

These traits could be signs you are dealing with a scammer:

- The interaction begins with unsolicited contact.

- They portray an air of authority, such as saying they are from your bank or the IRS.

- There is heightened emotion in the conversation - crying, anger, or fear.

- They insist you act immediately.

Social Engineering Principles explains more about how scammers operate.

Social Engineering Principles

Financial Fraud News & Videos

In this news segment from Detroit, someone requested a new ATM card without the account owner's knowledge.

Bank Account Takeover Scams (3:47)

Two  customers fell victim to wire transfer fraud in Los Angeles news.

Protecting Yourself From Wire Transfer Scams (3:48)

Cyber crooks use the year-end rush to impersonate the fraud departments of banks and credit unions.

Scammers Impersonate Banks to Drain Savings (USA Today)

As higher education expands online learning offerings, bots have more opportunity to target institutions.

How Higher Education Became The Target Of Bots, Fake Accounts And Online Fraud (Forbes)

Financial Fraud by the Numbers

According to the Federal Trade Commission...

- Nearly $8.8 billion was lost to fraud in 2022.

- 30% increase in money lost to fraud from 2021 - 2022.

- 2.4 million people filed fraud reports with the FTC in 2022. 

Infographic from FTC about fraud in 2022. Right click to open in new tab.
FTC Data for 2022 

Diversity in Cybersecurity

Dr. Aleise McGowan, Assistant Professor of Cybersecurity at The University of Southern Mississippi

Aleise is smiling and there is an out of focus park background.
Dr. Aleise McGowan

WPI Hub Resources 

Online Banking SecurityKeeping Your Identity Safe

Coming Next Month...

Compromised Vendors 

  

Is there a cybersecurity topic that you would like to know more about? Please contact WPI Information Security using Get Support below.