How to protect your business from becoming a victim of fraud or scams: Malware and phishing trends

Over the latest weeks, Coronavirus / COVID-19 related phishing campaigns have become a more constant practice for fraud.

By taking advantage of the growing emergency situation and panic among the population, hackers have created effective techniques for fraud, incorporating fake web pages, malware and fraudulent links. For this reason, banks have been noticing higher hacking activity, malware and cyberattacks against consumers. From HSBC’s perspective, strategies for fraud detection are in constant review and are being adjusted in accordance to the market’s behavior in order to protect the assets of our clients.

Consumers in general

Not only financial services organizations have been victims of this issue, also small, medium and large companies can be victims of this type of fraudulent campaigns. To avoid being a victim of fraud, we suggest staying alert to the following type of scams:

• Phishing*

You may receive e-mails that lead to web sites where confidential personal or financial information is requested. Some of these e-mails might look as if they come from a legitimate source but they are designed to steal your personal information and use it to access your accounts.

• Malware

Is malicious codified software with the intent to affect private or corporate computers. Hackers usually use this type of software to redirect on-line banking users to fake websites and perform fraudulent transactions. Malware is usually delivered by phishing e-mail or fraudulent links.

Protect your company from cyberattacks.

Thematic phishing increased in March 2020 and it has been a surprising development caused by anxiety over the global pandemic. Hackers have exploited this to promote their malicious objec-tives.

Modus Operandi

When it comes to phishing It is important to mention that even though the coronavirus subject has expanded, there has been no change in tactics, techniques and procedures used by hackers. They keep sending the same malware or basic product links to malicious phishing sites used to cheat their victims into providing personal information. The most common phishing example uses a hy-brid subject between HSBC and coronavirus. Hacker’s purpose is to redirect victims to a fake HSBC website where they are cheated to provide private information without knowing it. Again, this tactic is no different of other lures where they try to legitimatize their malicious intentions using the HSBC logo.

Lessons Learned / Proactive strategies for risk mitigation

For coronavirus subject phishing HSBC uses a tool to scan and block malicious e-mails identified on the web. Over 228,000 malicious e-mails have been blocked this year, many of which were phishing intents and some with coronavirus subject. The automated process from our cybersecurity team to identify this malicious e-mails allows the Threat Detection and Monitoring team to investigate and stop threats by avoiding possible connection with our systems infrastructure. Its worth mentioning that no increase in this type of threats has been noticed in spite of the constant anxiety caused amid the coronavirus.

Scam Examples

• Hackers are creating fake websites, social media accounts and e-mail addresses that claim to be selling medical supplies that are currently highly demanded and they ask for unusual payment methods such as in advance payment by money order, bank transfer or international funds transfer.
• They are also creating and manipulating mobile apps designed to track the propagation of the coronavirus / COVID-19 to insert malware that will compromise electronic devices and user personal information.
• They use fear to hack health companies and health professionals by using rescue articles. Among a wave of undesired SMS messages with offers around masks, survival guides and compatible medical treatments such as CBD oils.

How to maintain your business secure

• Never share financial or company information with people you don’t know.
• Never click on links, text messages or e-mails and never open any attachments unless you are sure they are secure.
• Be careful with the information you share on social media because it can provide hackers with several pieces of information that allows them to create a more wide image of yourself.
• At HSBC we will never ask for your password, personal or financial in-formation, or ask you to move funds to a secure account.

Report

Send any suspicious e-mail to report.phishing@hsbc.com, afterwards delete the e-mail from your inbox and reach out to your account executive.