Connect with us





By Steve Mulhearn, Director of Enhanced Technologies UKI & DACH at Fortinet


With 30% of all retail sales occurring between Black Friday and Christmas Day, it’s safe to say the festive shopping period is upon us. Indeed, since Black Friday and Cyber Monday were first launched in 2005, the retail holiday weekend has become a regular fixture on the annual shopping calendar with brands recouping lost sales, thus generating a significant portion of their annual revenue. According to Adobe Analytics, consumer spending over this period last year achieved 22% year-over-year growth, and 2021 is expected to be even higher.


No such thing as a free lunch

But whenever there’s bargains to be had, cybercriminals are preying on our desire to get a great deal. For example, let’s look at how cybercriminals are using fake Amazon gift card generators to steal cryptocurrency from consumers. The criminals were discovered by Fortinet Labs to be using fake documents to lure shoppers into giving out their personal information, such as credentials for online shopping sites, credit card numbers, and home addresses. A malicious application named Amazon Gift Tool.exe was found in a zip file hosted on a publicly available repository site. Despite not knowing specifically how this tool was viewed by potential shoppers, the scammers most likely promoted the tool as a free Amazon gift card generator.

Steve Mulhearn

Clearly, a tool that provides free gift cards does not exist. However, faced with the right con – putting shoppers into what psychologists call a ‘hot state’ – we’re all vulnerable. We don’t think so clearly when we are eager to spend during the Black Friday Cyber Monday frenzy. Losing the ability to do due diligence and the hope of getting something for free can be a compelling lure.

So when a distracted shopper used the fake Amazon gift card generator it rolled out a malicious winlogin.exe that surveyed his/her clipboard. The purpose of the malware was simple. If the shopper tried topping up their cryptocurrency wallet by copying and pasting the wallet address, the malware overwrote the wallet address on the clipboard with its own, resulting in the money potentially going to the fraudster.

Further investigation also found that the malicious winlogin.exe was distributed by a number of ‘Trojan droppers’ – applications that are seen as valuable to the shopper – with compelling names to dupe shoppers, such as Crunchyroll Breaker.exe, Netflix Tools.exe, Multi Gift Tools.exe. These tactics have been scamming people for years but given Amazon’s market pull, this iteration of the scam is particularly inviting.

Another scam FortiGuard Labs has observed more and more involves fake online sites that mimic trusted retail brands. To the untrained eye, these sites look safe but if the shopper isn’t paying attention they can steal the funds and worse still, payment information.

Fortinet recently came across live scams that leveraged the look and feel of global brands and their respective trademarks to compel and lure shoppers into making purchases from their site. These sites mimicked big brands Blink (Amazon), Nespresso and Shimano (to name a few), and were in no way affiliated with the trademark/IP owner. They were familiar only because they adopted the same template over and over in an online game of whack-a-mole – meaning that as soon as one site gets shut down another one immediately pops up somewhere else.


Common Framework

The fake websites observed have the following common traits:

  • Recently registered domain names
  • All sites are registered with the same registrar
  • The urls or internet addresses look a little suspicious, often ending in unusual domain names, such as.TOP and .SHOP (.com is also common)
  • They use stolen imagery
  • They have many linguistic mistakes
  • Social Media buttons lead to dead ends
  • Their webhosting providers use content delivery networks (CDN) to hide their identity (via an untraceable IP address) (Recently registered on 10/21/21)

Milwaukee Tools is a well-known and internationally established tool company that, like most big brands, sells products via authorised retailers online or in shops. Fortinet Labs recently discovered a registered online site, milwauketools[.]shop, that seemed authentic but on closer inspection the warning signals were obvious – a misspelled domain name coupled with very low prices raised alarm bells.

Big discounts, unless it’s for discontinued items, are usually a key indicator of a scam. This kit below is a perfect example – it normally sells for $659 yet it was being advertised for $99. This 85% discount coupled with high-pressure sales tactics claiming that stock is low or demand is high would likely be a successful prompt for an impulse shopper too excited to pay much attention to the deal.


Red Flags

Although the About US and Our Culture sections of this website appeared to be written by someone with a good grasp of English (likely stolen from a legitimate site), the ‘milwauketools’ string revealed a small error, suggesting that this was not related to the official Milwaukee Tools organisation, even though the trademarked logo in the screenshot below had the correct spelling. This suggests that the fraudster was following a template during the creation of this site.

Figure 3. About us page for impersonating site

Figure 5. Official website. Note they do not sell any products directly.

Another red flag was the domain’s creation date – the 21st of October – which at the time of writing made it less than a month old.


Who are the cybercriminals?

As the registrar of the domains and usage of CDN for these sites allow a high degree of anonymity, it’s difficult to identify who these scammers are and if they are working alone or as part of a larger group.


Secure shopping tips

When shopping this holiday season, it’s important that due diligence is performed, and websites are scrutinised for inconsistencies. Typos and grammatical mistakes can be strong indicators of fraud, and avoid impulse purchases that appear too good to be true. But ultimately, don’t panic. If you feel you have been the victim of a scam, please call your credit card company right away and inform them of a potential scam.

Remember, Black Friday and Cyber Monday scams depend on creating a sense of urgency, using these special shopping days to spur immediate action and grab deals before they are gone. Think before you click.



Protean and Fino Payments Bank tie-up to expand PAN card issuance services in India




Fino Payments Bank has tied up with Protean eGov Technologies (formerly NSDL e-Governance Infrastructure Limited), a market leader in universal, citizen centric and population scale e-governance solutions, to expand PAN card issuance services in India, especially in rural areas.

The association makes Fino the first payments bank to act as PAN Service Agency (PSA) of Protean and facilitate paperless PAN issuance services. The tie-up allows Protean to expand its reach in the interiors of the country through Fino Bank’s  phygital network of over 12.2 lakh merchant points.

At Fino Bank points people can apply for PAN card through Aadhaar based authentication, without the need to submit or upload any documents.

Further, applicants have the option to choose PAN card either in digital or physical form. The digital version or e-PAN, introduced recently, will be sent within a few hours of applying to the applicant’s email id. It is admissible as actual PAN card. Those opting for physical will receive their PAN cards at their Aadhaar mentioned address within 4-5 working days.

Mr. Rishi Gupta, MD & CEO, Fino Payments Bank said, “The association is a reiteration of our commitment to provide all financial related services under one roof. Our extensive pan India distribution network is best placed to provide efficient near doorstep delivery of G2C services. We are already facilitating disbursal of direct benefit transfer payments of various Government schemes and providing last mile access to banking services. We are pleased to partner with Protean towards their efforts to expand PAN coverage across the country and in the process ensure our objective of making every citizen financially secure is achieved.”

Mr. Suresh Sethi, Managing Director and CEO, Protean eGov Technologies, said, “We are delighted to partner with Fino Payments Bank as part of our strategy to contribute to a financial ecosystem that offers socio-economic benefits across all strata of the society. Our partnership will help to advance our shared vision of an inclusive and empowered India. This initiative is aligned with our mission to leave no citizen behind and bring the digitally excluded into the fold of formal financial economy.”

Since inception in 2017 Fino Payments Bank has been transforming the rural banking landscape with its extensive distribution network of over a million points. The convenience offered by the neighbourhood banking outlets has led to increased banking adoption and usage with more than 25 million customers visiting the points every month. With its innovative asset light model the transactions focused bank is profitable and as of today the only listed entity in its space.

Protean, which accepts and processes PAN applications on behalf of the Income Tax Department, Government of India, has played a pioneering role in laying down the basic e-governance infrastructure for the nation and providing citizen-centric services to the masses over the course of the last 25 years. Access and inclusion lie at the heart of any e-governance initiative and towards that the company has adopted and established a “Phygital” (Physical+Digital) model to ensure a truly inclusive service delivery paradigm.

As per Ministry of Finance, more than 43.34 crore Permanent Account Numbers (PANs) have been linked with Aadhaar till January 2022. That is around 36% of India’s population has Aadhaar linked PAN card. With more than 131 crore Aadhaar cards issued, there is immense scope for PAN card penetration, especially within those falling in income tax bracket.

Continue Reading


Cost of living: How to identify vulnerable customers




Ellie Engley is account director at REaD Group


In the current climate, the cost of living crisis is a real challenge for financial services companies who need to be able to support their vulnerable customers. One in six (17%) of UK households (4.4 million) are now in ‘serious financial difficulties’, compared to one in ten (2.8 million) in October 2021 – an additional 1.6 million households – according to research from Bristol University, while it was recently reported that one in five adults across the UK – nearly 11 million people – have fallen behind with at least one household bill payment.

As a financial services provider, it has never been more important to be able to identify and communicate appropriately with vulnerable customers; those who, due to their personal circumstances, are especially susceptible to detriment. Not only that, but there are three different levels of poverty to be aware of: ranging from income below minimum income standard, not enough income and destitution.

As a financial service provider, then, it has never been more important to communicate sensitively to customers, price products appropriately and protect customers from fraud.

Identifying vulnerable customers

As a responsible brand, the first step is to proactively identify vulnerable customers to exclude from particular direct marketing campaigns, where additional credit or non-essential purchases could increase the pressure on their personal circumstances. This is an ethical approach to direct marketing which also sees companies increase ROI and improve campaign success.

Using both internal first party and third party data, it is possible to build up a detailed picture of customers in order to identify the existing vulnerable groups, as well as the emerging vulnerable groups within your customer base.

This data can identify vulnerable and potentially vulnerable segments of consumers, including self-declared vulnerability or that shared by a first party, such as a bank, on behalf of the consumer, along with high-cost short term credit applications; houses of multiple occupation (HMO data); and consumer vulnerability metrics. This latter employs a segmentation model which takes into account census data to provide information on demographics, such as age, income, housing, education, financial products, affluence measures; transient states such as health; market forces acting on the consumer and their susceptibility to those forces; and the individual’s market preferences.

Taken together this data will provide a rich and detailed understanding or levels and types of vulnerability so brands are able to work with their customers responsibly. Gaining a better understanding of differing vulnerable segments in a customer base helps drive effective communication strategies, while simultaneously ensuring fair treatment.

Other warning signs

Changes in transactions and behaviour are another way to identify vulnerability in customers. It may be necessary to identify different segments or groups of customers who are classed as vulnerable for different reasons. Those consumers who were once deemed ‘financially stable’ now feel financially stretched and are at greater risk of financial vulnerability through increased cost of living and rise in inflation.

The use of third party datasets can also support the identification of these groups which provide information on changes in personal circumstances, short-term finance requirements, loss of income or employment and changes to relationship or residential status.

Using external data variables helps companies make data-driven decisions on how to price products, reduce fraud, identify vulnerable customers and ultimately make more personalised decisions using data. Data can be used across different teams, including marketing, fraud and pricing, for multiple purposes and projects.

Being able to supplement the data they hold on a customer can help marketing teams to not only help identify risk but help define what their need state actually is, whether that’s saving, moving house or having children. Enhancing customer data helps companies make better informed decisions.

Keep it clean

On top of this, every financial services provider should be keeping their consumer data clean and accurate. Data that is up to date will help businesses make more informed and responsible decisions about how they communicate with customers and prospects.

Above all, financial service providers should be mindful of the many more people who are now vulnerable, and communicating with care should be a brand’s mantra for the foreseeable future.


Ellie Engley is account director at REaD Group, a Sagacity company, which uses its data products, insight and expertise to help its clients get closer to their customers.

Continue Reading



Business4 hours ago

Hidden channel costs: how to find and tackle them

By Mark Wass, Strategic Sales Director, UK and North EMEA at CloudBlue     Growth for businesses will always be a...

Finance10 hours ago

Is your business ready for finance automation?

Mari-Frances Bentvelzen, Business Head and General Manager of Global SMB at SAP Concur   As managers continue to drive their...

Top 1010 hours ago

The power of a proactive customer service

By Delia Pedersoli, COO, MultiPay   2023 is shaping up to be another challenging period for B2C businesses. While the...

Business10 hours ago

Automation nation: Liberating workers from desks, data entry and the doldrums

Gert-Jan Wijman, VP of EMEA at Celigo.   Just when businesses thought the tough times were over, even more challenges...

News10 hours ago

Protean and Fino Payments Bank tie-up to expand PAN card issuance services in India

Fino Payments Bank has tied up with Protean eGov Technologies (formerly NSDL e-Governance Infrastructure Limited), a market leader in universal,...

Business18 hours ago

What is the True Cost of SMS Phishing?

Gemma Staite, Threat Analytics Lead   Cybercriminals will recycle attack strategies for as long as they are effective. In Fraud...

Technology1 day ago

Digital Asset Management (DAM) To Transform Enterprise Brand Management

Alexander Rich, Co-founder and CEO – Desygner    Rapid digital transformation fuelled by the pandemic has undoubtedly proven beneficial to...

Finance1 day ago

Cost of living: How to identify vulnerable customers

Ellie Engley is account director at REaD Group   In the current climate, the cost of living crisis is a...

Banking1 day ago

Is traditional business banking the best option for SME finance squeezes?

Airto Vienola, CEO, AREX Markets  The pressures facing business and personal finances alike have been well documented. Stories are now starting...

Business1 day ago

Breaking down communications silos to streamline the customer experience

Dave Tidwell, Head of Technical Pre-sales, DigitalWell   The pandemic has, without doubt, moved the goalposts when it comes to...

Business1 day ago

How growth can be a big challenge when a business becomes multiple entities

By Paul Sparkes, Commercial Director of award-winning accounting software developer, iplicit. Organisations don’t just grow in size – they also...

Wealth Management1 day ago

Keeping Cyber Insurance Premiums Down with Deep Observability

By Mark Coates, VP EMEA, Gigamon There is no doubt that the cyber insurance industry has experienced something of an...

Business1 day ago

When it comes to innovation, ignore your CEO and listen to your customer

 By Alex Hammond, Partner, Airwalk   At its core, the 2008 financial crisis was a result of banks incorrectly managing...

Business1 day ago

Netflix-style ransomware makes your organisation’s data the prize in a dark subscription economy

By John Davis, UK & Ireland Director, SANS Institute. Today’s subscription economy makes accessing nearly any service as easy as hitting enter....

Banking1 day ago


By Alex Kwiatkowski, Director of Global Financial Services, SAS. From shifting market dynamics and mounting geopolitical tensions, to skyrocketing cyber threats...

Banking1 day ago

Why traditional banks need to embrace the agility of fintech competitors

Paul Higgins, EMEA Banking Lead, Mendix   Tech has long played a role in the finance space. The legacy applications running...

Technology1 day ago

SaaS Procurement’s Silver Bullet – How Automation is Changing the Game

Sven Lackinger, Co-Founder, Sastrify   Sven Lackinger is Co-Founder at Sastrify, the digital procurement platform for Software-as-a-Service products. Founded in...

News1 day ago

Tata Motors partners with IndusInd Bank to offer exclusive Electric Vehicle Dealer Financing

Key Highlights:   One-of-its kind Electric Vehicle Inventory Financing program for Tata Motors’ dealers  Limits extended towards EVs will be over...

Finance1 day ago

astrantiaPay Selects SaaScada to Enrich Swiss Landscape of Business Payments and Fill Market Gap

Swiss financial firm, astrantiaPay, to use SaaScada’s cloud-native core banking engine to simplify cross-border payments for SMEs and facilitate international...

Business2 days ago

How Big Data is Transforming Bilateral Trading

By Stuart Smith, Co-Head Business Development – Data & Risk at Acadia   Since its inception, Big Data has been...