I have taken the name of the blog from the article, recently published by PLUSWorld.ru (1).
As I have already mentioned in my previous blog (2), Financial Industry must think about what the next step will be done by criminals, looking for “free money”?

I found the opinion expressed in the article about what we can expect soon in regard to “social engineering” from fraudsters very important.

There are more and more cases of compromising the whole banking systems, using “social engineering” technology!

The phishing letter is one of the best examples.
As we can find from many articles, very often the biggest security breach have been started by sending phishing letter to the bank employees. Unfortunately, it is not only one tool in the criminals’ arsenal!

As is already mentioned in the article below, fraudsters are learning and are developing more sophisticated “personalized” tools.
Just yesterday I got a phishing letter, that has been masked as the PO. I would not pay any attention to this kind of phishing try (I get 2-3 such fake PO a day), if not the signature below the PO.

The letter was sent from the company (definitely a fake one!) located in the city where I have worked 10 years ago, even the registration number in the Registry of the company has been written along with the name of “the director”.
This means, fraudsters have found out (from LinkedIn or Facebook) I have worked in the city and have used the information to make looking the phishing letter more “real”.

Below is the opinion of Andrei Arsentiev, the analyst of InfoWatch (3) what we can expect in the near future?

The use of social engineering is a classic security threat. Scammers always play on people’s feelings and try to exploit their weaknesses, especially the desire for “easy money”. With the development of non-cash forms of payment, the attackers began to turn to more advanced methods of cheating.

Almost daily in the news feed, you can find stories about how someone told the scammers their card details and lost all the money from the account.
Sometimes employees of banks, cellular operators and other companies that work with personal databases can participate in fraudulent schemes. Such unscrupulous employees cause data leaks, deliberately fusing confidential information about citizens to fraudsters.
Such internal IS risks can be significantly minimized by using information leakage prevention systems (DLP systems).

The situation with fraud in banks can gradually improve as a result of mass educational activities and the accumulation of user experience. However, we must not forget that attackers are always trying to stay ahead of the evolution of security solutions and come up with more sophisticated methods of deception, which are based, among other things, on high-tech solutions.
For example, scammers have already learned to imitate calls from bank call centers.

In the future, fraudsters can adopt advanced machine learning tools. It is possible that the means of artificial intelligence in some time will reach the level that will allow attackers to create advanced bots that perfectly mimic their voice, manner of communication and the lexical set of a person – it will be enough just to accumulate a certain amount of information about a particular subject to create a training model. Such bots can be very dangerous weapons and cause a new wave of fraud.

(1) https://www.plusworld.ru/professionals/sotsialnaya-inzheneriya-chego-zhdat-ot-moshennikov/

The article is slightly shortened and edited. It was translated by me using Google Translate.

(2) https://spl.net/the-onion-principle-in-atm-security/

Send this to a friend