iBB Security Alert and Attacks: March 2015
New Email Fraud Attack
The Bank has been advised by customers of a new type of fraud attempt. Criminals are sending emails which spoof the from: field, so the email appears to be from a managerd/director/senior staff member within the customers' own company. The email is requesting the receiver to ‘complete a bank transfer’ which appears to be sent from the managers' email account.
A subsequent mail is then sent from the ‘Manager’ with the receiving account details, which belong to the criminal.
If you receive such an email, we would recommend that you take the following steps:
- Contact the manager using the existing agreed number to verify the request.
- Do not use any phone number that has been provided on the email purporting to be from the manager.
- Do not use the email ‘reply’ function, from within the received email.
- Never open attachments to an email unless you are satisfied the emails are genuine.
- Ensure that all your staff are aware of this threat and that they should report any suspicious activity immediately.
Viruses and Trojans
We would like to bring to your attention the growing threat of online fraud from malicious software (malware) such as Viruses and Trojans on our customers' computers.
In particular, a Trojan is malicious software that is installed on any internet-enabled device (e.g. computer, smartphone) without your knowledge or consent. Trojans are capable of recording your passwords and other personal details by capturing the keystrokes you enter into the device, or taking screen shots of sites you visit. These details are then sent to a fraudster. Some Trojans actually allow a fraudster to shadow your computer sessions, seeing everything you do.
Evidence of a Trojan on your computer might be:
- A message or pop up window asking you to pause your iBB activity e.g. when logging on, or making a payment.
- Pop up messages looking for your iBB logon credentials or checking your security settings whilst logging on to iBB.
- Suspicious activity when logging on to iBB e.g. system is very slow when you log on.
To counteract the threats posed by external fraudsters AIB (NI) advises that you:
- Make it mandatory that at least two iBB Users are involved in the Creation and Authorisation of payments as this is the most effective control against the external fraudster.
- When using your Digipass to authorise payments to new beneficiaries, ensure that you verify the bank account details against the invoice and not just against the details that appear on the iBB screen.
- AIB (NI) NEVER uses pop up windows or messages looking for logon information or checking your security settings so do not respond to them. Log off iBB and call the Bank and consult with your IT department.
- Beware if iBB is operating unusually slowly when you are logging on.
- Be wary of any suspicious phone calls or emails purporting to be from the Bank or suppliers requesting you to:
- Update their information or to make payments.
- Contact the supplier using the existing contact number to verify the request.
- Do not use any number that has been provided by an individual purporting to be the Bank or supplier in any correspondence.
- Ensure that all your iBB Users are aware of these threats and that they report any suspicious activity immediately.
- Install and regularly update firewall software.
- Review your anti-virus software protection on every PC & Laptop used to access iBusiness Banking.
For tips and information on how to help you safeguard your system, please visit our Security Centre which is available on www.aibni.co.uk/securitycentre.
If you have compromised your security details or want to report any suspicious behaviour, please contact the iBB Help Desk on the number below and we can immediately temporarily disable your access to iBB.
Telephone: 0370 243 0331†
Monday - Friday: 8.30 - 17.30
† Calls may be recorded. Call charges may vary - refer to your service provider.
Vishing and Phishing Fraud Attacks
The bank has been advised by customers of new types of fraud attempts. Fraudsters are attempting to gain bank details by using 'vishing' and 'phishing' scam methods.
Organised criminals and individual fraudsters are continually developing ever more sophisticated tactics to target business customers. Focussed phone (known as vishing attacks) and email (known as phishing attacks) tactics are used to try and trick users into giving them their customer log in and payment authorisation details.
The email may advise that one of your suppliers has changed their bank account number and that all future payments are to be made to the new account which belongs to the criminal.
The phone calls may advise that payments have been held, their accounts have been frozen, or that a digipass has been intercepted. The fraudster then requests a User ID, passphrase and digipass One Time Code).
The fraudster can then obtain enough information to take control of your internet banking. The people behind this are organised and knowledgeable.
If you receive such an email or phone call, we would recommend that you take the following steps:
- Contact the supplier using the existing agreed contact number to verify the request
- Check the email address - it may be different to the genuine on
- Do not use any phone numbers that have been provided on the email or given to you during the call
- Never open attachments to an email unless you are satisfied the email is genuine
- Ensure that all your iBB Users are aware of these threats and that they should report any suspicious activity immediately
- Delete the mail immediately.
New Trojan variant targeting BACS
The National Crime Agency has issued a warning about a new variety of banking trojan which includes code specifically targeting Bacs submissions.
If you are infected, the virus, which is known as Cridex and has a related Dridex version, will look for evidence of Bacs and FPS (Faster Payments Scheme) processing software on the PC. If it finds it, the virus will then download additional malicious software to exploit the processing software it has found.
Cridex/Dridex includes remote access software which allows the attacker to alter bulk payments files to change the destination of the funds. Dridex also includes a keylogger, software that records every keystroke you make. By using this software, the attacker may be able to collect PIN and password data for use in signing submissions once they have been altered.
To get infected you will have to click on a malicious link in an email, the most common being subjects such as a fake Amazon invoice, HMRC phishing campaign or ‘you’ve got a friend, click here. It is also possible that fake websites may download the virus when visited.
To minimise risk it is recommended that access to computers used for managing Bacs payments is carefully controlledand that they are not used for surfing the web or accessing email. You should also run Anti-virus scans regularly and at least before submitting payment files.
Other actions you should take to protect your business:
- Make sure your Bacs submission computer has up to date software. Strongly consider upgrading if you are still using Windows XP.
- Never open attachments to an email unless you are satisfied the email is genuine.
- Ensure that all your iBB Users are aware of these threats and that they should report any suspicious activity immediately.
- Delete the mail immediately
- Only visit website you trust and type the address into your browser.
Have you heard of Cyber Essentials? The new UK government initiative to prove your company’s security credentials and give you a competitive edge.