Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Digital Fraud. Show all posts
RBI report
bank frauds banking fraud statistics Cyber Fraud Digital Fraud digital lending financial risk Internet Fraud mule accounts private sector banks public sector banks RBI report

RBI Report Highlights Rising Fraud Incidents and Financial Impact

 

The Reserve Bank of India (RBI) has revealed a significant rise in bank fraud cases during the first half of the current fiscal year. According to the Report on Trend and Progress of Banking in India 2023-24, fraud cases from April to September reached 18,461, involving a staggering ₹21,367 crore. This reflects a sharp increase compared to 14,480 cases amounting to ₹2,623 crore during the same period last year.

The Reserve Bank of India (RBI) report reveals a significant 28% rise in fraud incidents and an eight-fold increase in the financial impact during 2023-24. These frauds pose critical challenges, including reputational, operational, and financial risks, alongside the erosion of customer trust in the banking system.

Trends in Internet and Card-Related Frauds

Internet and card-related frauds have emerged as the most prevalent, accounting for:

  • 44.7% of Total Fraud Amounts: The highest share of financial losses.
  • 85.3% of Reported Cases: A majority of the incidents in 2023-24.

Private sector banks were implicated in 67.1% of these cases, while public sector banks incurred the largest financial losses, especially in card and online fraud categories.

In response to the alarming increase in fraud, regulatory penalties for banks more than doubled in 2023-24, reaching ₹86.1 crore. Key contributors included:

  • Public and Private Sector Banks: Accounted for the majority of penalties.
  • Cooperative Banks: Witnessed a decline in regulatory penalties.

Addressing Fraud in Digital Lending

The RBI highlighted fraudulent schemes in the digital lending space, where perpetrators falsely claim associations with regulated entities. To combat this, the central bank is developing a public repository of verified digital lending apps.

“Many cases of digital fraud stem from social engineering attacks, but there is a growing trend of using mule accounts to facilitate these frauds,” the RBI noted in its report.

Enhancing Fraud Prevention Measures

The report underscored the need for banks to strengthen their fraud prevention mechanisms, particularly in:

  • Customer Onboarding: Enhancing verification processes to detect fraudulent accounts.
  • Transaction Monitoring: Improving systems to identify and prevent suspicious activities.

“This exposes banks not only to serious financial and operational risks but also to reputational risks. Banks, therefore, need to strengthen their customer onboarding and transaction monitoring systems to monitor unscrupulous activities,” the RBI emphasized.

Collaborative Efforts to Tackle Fraud

To curb systemic fraud, the RBI is collaborating with law enforcement agencies (LEAs) through:

  • Enhanced coordination and information sharing.
  • Improved transaction monitoring systems.
  • Best practices to control mule accounts and prevent digital fraud.

The RBI’s initiatives aim to fortify the financial system’s resilience against these evolving threats, ensuring greater security and trust in the banking sector.

Read more »
South America
Banking Trojan Cyber Security Cyberthreats Digital Fraud Money Scams phishing South America

Global Resurgence of Grandoreiro Banking Trojan Hitting High

 
The cybercriminal group behind the Grandoreiro banking trojan has re-emerged in a global campaign since March 2024, following a significant law enforcement takedown earlier this year. This large-scale phishing operation targets over 1,500 banks across more than 60 countries, spanning Central and South America, Africa, Europe, and the Indo-Pacific, according to IBM X-ForceIBM X-Force. Originally focused on Latin America, Spain, and Portugal, Grandoreiro’s new campaign signifies a strategic shift after Brazilian authorities disrupted its infrastructure. 

Despite a major takedown in January 2024, which saw the Brazilian Federal Police, Interpol, the Spanish National Police, ESET, and Caixa Bank dismantle the operation and arrest five individuals, the malware has returned with significant upgrades. The phishing emails associated with Grandoreiro masquerade as urgent government payment requests, prompting recipients to click on links that download and execute malicious files. 

Once installed, the trojan interacts with banking apps to facilitate fraudulent transactions, logs keystrokes and captures screenshots to steal banking credentials and sensitive data. It also allows remote system manipulation and file operations by threat actors. A key enhancement in the latest version is a module that captures Microsoft Outlook data and uses compromised email accounts to spread spam. 

Grandoreiro employs the Outlook Security Manager tool to bypass security alerts, enabling seamless interaction with the Outlook client. IBM X-Force reports substantial improvements to the malware’s evasion techniques, including a string decryption method using AES CBC encryption with a unique decoder. The domain generation algorithm (DGA) has been upgraded with multiple seeds to enhance command and control (C2) communications. 

The trojan can also disable security alerts in Outlook and send phishing emails using compromised credentials. The updated Grandoreiro evades execution in several countries, including Poland, the Czech Republic, the Netherlands, and Russia. It also blocks operation on Windows 7 systems in the US without an active antivirus program, demonstrating its resilience and increased persistence. 

To combat the threat of Grandoreiro 

Organizations are advised to prioritize user education on phishing tactics. Employees should be trained to recognize suspicious emails, verify sender legitimacy, and avoid clicking on unknown links or opening untrusted attachments. Robust spam filtering systems at the gateway level can intercept many phishing emails, while behavior-based detection techniques in endpoint security systems can identify and stop harmful activities. As phishing attacks rise, protecting organizations becomes crucial. 

Enhancing user awareness is key, and resources like Phishing Tackle offer tools and training to help users recognize and avoid phishing threats. Despite technological defenses, user education remains vital in minimizing the impact of successful attacks. Consulting with experts can provide valuable insights and tools to strengthen defenses against these persistent threats.
Read more »
Subscribe to: Posts (Atom)