Remember the Xenomorph Android malware that caused a stir among 56 European banks last year? Well, guess what? It's back, and this time it's targeting US banks, financial institutions, and even cryptocurrency wallets. These cybercriminals are using fake Chrome browser or Google Play Store updates to spread malware. Malware is a type of harmful software that can cause damage to your computer or steal sensitive information. When you click on one of these fake “updates,” it installs the malware which then allows the hackers to access your online accounts and extract or transfer funds.
This is no run-of-the-mill malware. The cybersecurity and fraud detection company ThreatFabric has labeled it as "one of the most advanced and dangerous Android malware they've ever seen" and we couldn't agree more. ThreatFabric said that they have been tracking Xenomorph's activities since February 2022 and noted that it launched a new campaign in mid-August.
Stay a Step Ahead: Simple Tips for Financial Safety
As your cybersecurity partner, we've got your back with some tips to keep your finances safe and sound.
1. Don't Take the Bait
Avoid clicking on links or opening attachments in unsolicited emails. Even previewing a document could infect your device. Stay vigilant and never open anything suspicious.
2. Browser Updates 101
If you come across an unexpected update on your browser, don't be hasty. Close your browser and reopen it; no need to download anything. And remember, the real Google Play Store won't bug you for updates, so ignore any shady alerts.
The Many Faces of Bank Fraud
It's important to remember that bank fraud does not only come in the form of malware such as Xenomorph. Bank fraud can come in many faces such as:
1. Phishing: Here's how phishing normally works. Cybercriminals send fake emails or messages, pretending to be a bank or government agency to trick employees into revealing their login credentials. Sometimes, phishing emails are followed through with phone calls to make the email look more legitimate. The recent MGM hack happened when a hacker called a company's IT department requesting a password reset. Crazy, right? (Check out the video we made on this.)
2. Check Fraud: Watch out for crafty criminals who might forge or tamper with your business's checks to drain funds from your account. It's crucial to safeguard your checkbook and exercise caution when sharing or emailing your account information. If you're looking to minimize the risk of your account being hacked, you might want to explore the option of going checkless.
3. Unauthorized Wire Transfers: Cybercriminals could breach your online banking credentials, enabling them to carry out unauthorized transfers and redirect funds to their accounts. Stay vigilant to safeguard your financial security.
4. Account Takeover: Hackers might take hold of your business's online banking accounts by exploiting vulnerabilities like weak passwords, reused passwords, or security gaps such as sharing passwords via email or storing your bank password in your browser. These actions could empower them to execute unauthorized transactions, posing a serious threat to your financial security.
5. Employee Fraud: On occasion, employees might involve themselves in deceptive activities, such as embezzlement or the manipulation of financial records.
To stay one step ahead, educate your team about phishing scams, and always safeguard your checkbook. Consider going checkless to reduce the risk of account hacks. And don't forget about the importance of securing your online banking credentials. Use strong, unique passwords, and change them monthly with a mix of uppercase and lowercase letters, symbols, and numbers.
To add an extra layer of protection, activate multifactor authentication (MFA) for your accounts. This way, you'll get a heads-up if someone tries to access your accounts without your knowledge. Setting up alerts for large withdrawals is also a good move. Ask your bank to require a physical signature for wire transfers, making it harder for someone to swipe your hard-earned cash.
Despite doing everything right, bank fraud can still happen. Nevertheless, you can minimize the risk by investing in fraud insurance that covers both employee and online theft.
And here's a friendly reminder: just because your data is in the cloud doesn't mean it's invincible. Your bank account is up there too, and while the bank has a secure portal, you still need to keep your guard up against potential hacks.
IT Support Near Greater Philadelphia Area
To make sure your organization is rock-solid and secure, click here to request a Cyber Security Risk Assessment. It's quick, confidential, and could be the key to keeping your business safe from cyber predators. If you haven't had an audit in the last 6 months, now's the time. Remember, it's better to be safe than sorry.
Stay safe out there, Philly small business owners!