Kaspersky has issued a press release with comments and tips for spying on 15.000 cards from a Greek travel company. According to Kathimerini, this is a Greek company that is active in the field of online sales of tourist services, ie bookings of air, ferry tickets, hotels, cars, travel insurance. We quote the bulletin as it stands:
In today's digital age, cyber fraud is a real and very serious threat. With almost every aspect of our daily lives now online, scammers use a range of sophisticated and varied digital threats to target their victims and lead them to drop their defenses.
There are a variety of different types of credit card fraud cards. From simple “phishing” emails (Phishingup to targeted attacks launched through payment system terminals and through the exploitation of login credentials and customer confidential data.
Από τη στιγμή που ξεκίνησε η χρήση του προτύπου EMV (κάρτες με τεχνολογία chip), η κλοπή από κλωνοποιημένες credit cards has declined dramatically as digital criminals focus on online fraud.
There are still some attempts to clone cards, but as more countries have switched to chip cards, that's kind of it attacks that requires more effort and brings lower profits.
The volume of cards that can be intercepted is probably lower than in a cyber-based attack, as the physical use of a cloned card has more risks as one can easily notice that the card is fake.
We also see digital criminals shifting their focus to account-based attacks. While account theft is not a new tactic, scammers are increasingly focusing their efforts on this type of attack, as it is often more profitable, as attackers can take advantage of the client's good reputation, while data availability and customer credentials are higher than ever - due to the continued success of data breaches and social engineering attacks.
Cybercriminals are always looking for a "touch" point, that is, something that can increase the likelihood of making a profit on their investment. No domain can be considered protected and must review procedures regularly security of.
The specific measures will always vary depending on the organization and the role of each employee, however the basic elements should remain the same.
Examine the potential risks and evaluate how the individual - if manipulated - can be a risk to your business.
This process should also review the physical security and protection of sensitive corporate data.
Fraud prevention efforts often focus on stopping fraudulent transactions, but it is necessary to further reduce fraud - cyber security and fraud must continue to converge with more communication between internal teams to detect attempted attacks earlier, e.g. χ. detect and take action as soon as there is an unusual access attempt.
