Kaspersky has issued a press release with comments and tips for spying on 15.000 cards from a Greek travel company. According to Kathimerini, this is a Greek company that is active in the field of online sales of tourist services, ie bookings of air, ferry tickets, hotels, cars, travel insurance. We quote the bulletin as it stands:
In today's digital age, cyber fraud is a real and very serious threat. With almost every aspect of our daily lives now online, scammers use a range of sophisticated and varied digital threats to target their victims and lead them to drop their defenses.
There are a variety of different types of credit card fraud. From simple "fishing" emails (Phishingup to targeted attacks launched through payment system terminals and through the exploitation of login credentials and customer confidential data.
Since the introduction of the EMV (chip card) standard, theft from cloned credit cards has dropped dramatically as cybercriminals focus on cybercrime.
There are still some attempts at card cloning, but as more countries have switched to chip cards, this is a type of attack that requires more effort and brings lower profits.
The volume of cards that can be intercepted is probably lower than in a cyber-based attack, as the physical use of a cloned card has more risks as one can easily notice that the card is fake.
We also see digital criminals shifting their focus to account-based attacks. While account theft is not a new tactic, scammers are increasingly focusing their efforts on this type of attack, as it is often more profitable, as attackers can take advantage of the client's good reputation, while data availability and customer credentials are higher than ever - due to the continued success of data breaches and social engineering attacks.
Digital criminals are always looking for a "point of contact", that is, something that can increase their chances of making a profit from their investment. No sector can be considered protected and must regularly review its security procedures.
The specific measures will always vary depending on the organization and the role of each employee, however the basic elements should remain the same.
Examine the potential risks and evaluate how the individual - if manipulated - can be a risk to your business.
This process should also review the physical security and protection of sensitive corporate data.
Fraud prevention efforts often focus on stopping fraudulent transactions, but it is necessary to further reduce fraud - cyber security and fraud must continue to converge with more communication between internal teams to detect attempted attacks earlier, e.g. χ. detect and take action as soon as there is an unusual access attempt.