Man looking over bank statements.

New and urgent bank account fraud alert

The infamous Xenomorph Android malware, known for targeting 56 European banks in 2022, is back and in full force targeting banks, financial institutions and cryptocurrency wallets all over the world.

The cyber security and fraud detection company ThreatFabric has called this one of the most advanced and dangerous Android malware variants they’ve seen.

This malware is being spread mostly by posing as a Chrome browser or Google Play Store update. When a user clicks on the “update,” it installs the malware designed to automate the process of accessing your online accounts and extracting and transferring funds.

Besides being alert to this scam (and you should let your spouse, partners and family know as well), you should be aware of a few ways to protect yourself:

  • Avoid links and attachments in any unsolicited e-mail. Simply previewing a document could infect your device, so never open or click on anything suspicious.
  • Most browsers automatically update and in the case of Chrome, the updates are applied when you close it and reopen. You don’t have to download an application to update it. Furthermore, the Google Play Store app will not ask you for an update, so don’t fall for any website alert or text stating you need to download an update.

How to spot bank fraud

But remember, bank fraud can manifest itself in several forms, including:

  1. Phishing Scams: Cyber criminals send deceptive e-mails or messages, often impersonating trusted entities like banks or government agencies, to trick you or your employees into revealing sensitive information like login credentials. Sometimes these are facilitated by phone calls, so make sure your team is fully aware of this. The latest MGM hack happened when a hacker called the company’s IT department requesting a password reset.
  2. Check Fraud: Criminals may forge or alter your business’s checks to siphon funds from your account, making it essential for you to secure your check book and be careful about sharing or e-mailing your account information. You might consider going checkless to cut down on the chances of your account being hacked.
  3. Unauthorised Wire Transfers: Hackers may compromise your online banking credentials to initiate unauthorised transfers, diverting funds to their accounts.
  4. Account Takeover: Criminals may gain control of your business’s online banking accounts by exploiting weak passwords, reused passwords or security gaps, such as e-mailing your passwords to others or storing your bank password in your browser, allowing them to make unauthorised transactions.
  5. Employee Fraud: Sometimes, even employees may engage in fraudulent activities, such as embezzlement or manipulating financial records.

5 ways to protect yourself

To protect yourself, use strong, unique passwords for your online banking accounts and never store them in your browser. Also, update your passwords monthly with significant changes to them, using uppercase and lowercase, symbols and numbers that are at least 14 to 16 characters.

Second, always turn on multifactor authentication (MFA) so you’re notified if anyone tries to log into your accounts without your knowledge.

Third, set up alerts for large withdrawals. You can ask your bank to require a physical signature for wire transfers to protect you from someone taking money from your account without your signature.

Fourth, get fraud insurance that specifically covers employee and online theft so you are protected in the event a cyber criminal steals money from your account.

And, as always, make sure you have strong cyber protections in place for ANY device that logs into a bank account or critical application. Far too many businesses think that if their data is “in the cloud,” they are safe. Remember, your bank account is “in the cloud,” and the bank likely has a secure portal, but that doesn’t mean YOU can’t be hacked.

If you want to ensure your organisation is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your business is against known predators. If you haven’t had an independent third-party conduct this audit in the last 6 months, you’re due.

It’s completely free and confidential, without obligation. Call 0333 234 4288 to book your assessment today.

Read our latest insights

Leave a comment

Your email address will not be published. Required fields are marked *