Connect with us





By Steve Mulhearn, Director of Enhanced Technologies UKI & DACH at Fortinet


With 30% of all retail sales occurring between Black Friday and Christmas Day, it’s safe to say the festive shopping period is upon us. Indeed, since Black Friday and Cyber Monday were first launched in 2005, the retail holiday weekend has become a regular fixture on the annual shopping calendar with brands recouping lost sales, thus generating a significant portion of their annual revenue. According to Adobe Analytics, consumer spending over this period last year achieved 22% year-over-year growth, and 2021 is expected to be even higher.


No such thing as a free lunch

But whenever there’s bargains to be had, cybercriminals are preying on our desire to get a great deal. For example, let’s look at how cybercriminals are using fake Amazon gift card generators to steal cryptocurrency from consumers. The criminals were discovered by Fortinet Labs to be using fake documents to lure shoppers into giving out their personal information, such as credentials for online shopping sites, credit card numbers, and home addresses. A malicious application named Amazon Gift Tool.exe was found in a zip file hosted on a publicly available repository site. Despite not knowing specifically how this tool was viewed by potential shoppers, the scammers most likely promoted the tool as a free Amazon gift card generator.

Steve Mulhearn

Clearly, a tool that provides free gift cards does not exist. However, faced with the right con – putting shoppers into what psychologists call a ‘hot state’ – we’re all vulnerable. We don’t think so clearly when we are eager to spend during the Black Friday Cyber Monday frenzy. Losing the ability to do due diligence and the hope of getting something for free can be a compelling lure.

So when a distracted shopper used the fake Amazon gift card generator it rolled out a malicious winlogin.exe that surveyed his/her clipboard. The purpose of the malware was simple. If the shopper tried topping up their cryptocurrency wallet by copying and pasting the wallet address, the malware overwrote the wallet address on the clipboard with its own, resulting in the money potentially going to the fraudster.

Further investigation also found that the malicious winlogin.exe was distributed by a number of ‘Trojan droppers’ – applications that are seen as valuable to the shopper – with compelling names to dupe shoppers, such as Crunchyroll Breaker.exe, Netflix Tools.exe, Multi Gift Tools.exe. These tactics have been scamming people for years but given Amazon’s market pull, this iteration of the scam is particularly inviting.

Another scam FortiGuard Labs has observed more and more involves fake online sites that mimic trusted retail brands. To the untrained eye, these sites look safe but if the shopper isn’t paying attention they can steal the funds and worse still, payment information.

Fortinet recently came across live scams that leveraged the look and feel of global brands and their respective trademarks to compel and lure shoppers into making purchases from their site. These sites mimicked big brands Blink (Amazon), Nespresso and Shimano (to name a few), and were in no way affiliated with the trademark/IP owner. They were familiar only because they adopted the same template over and over in an online game of whack-a-mole – meaning that as soon as one site gets shut down another one immediately pops up somewhere else.


Common Framework

The fake websites observed have the following common traits:

  • Recently registered domain names
  • All sites are registered with the same registrar
  • The urls or internet addresses look a little suspicious, often ending in unusual domain names, such as.TOP and .SHOP (.com is also common)
  • They use stolen imagery
  • They have many linguistic mistakes
  • Social Media buttons lead to dead ends
  • Their webhosting providers use content delivery networks (CDN) to hide their identity (via an untraceable IP address) (Recently registered on 10/21/21)

Milwaukee Tools is a well-known and internationally established tool company that, like most big brands, sells products via authorised retailers online or in shops. Fortinet Labs recently discovered a registered online site, milwauketools[.]shop, that seemed authentic but on closer inspection the warning signals were obvious – a misspelled domain name coupled with very low prices raised alarm bells.

Big discounts, unless it’s for discontinued items, are usually a key indicator of a scam. This kit below is a perfect example – it normally sells for $659 yet it was being advertised for $99. This 85% discount coupled with high-pressure sales tactics claiming that stock is low or demand is high would likely be a successful prompt for an impulse shopper too excited to pay much attention to the deal.


Red Flags

Although the About US and Our Culture sections of this website appeared to be written by someone with a good grasp of English (likely stolen from a legitimate site), the ‘milwauketools’ string revealed a small error, suggesting that this was not related to the official Milwaukee Tools organisation, even though the trademarked logo in the screenshot below had the correct spelling. This suggests that the fraudster was following a template during the creation of this site.

Figure 3. About us page for impersonating site

Figure 5. Official website. Note they do not sell any products directly.

Another red flag was the domain’s creation date – the 21st of October – which at the time of writing made it less than a month old.


Who are the cybercriminals?

As the registrar of the domains and usage of CDN for these sites allow a high degree of anonymity, it’s difficult to identify who these scammers are and if they are working alone or as part of a larger group.


Secure shopping tips

When shopping this holiday season, it’s important that due diligence is performed, and websites are scrutinised for inconsistencies. Typos and grammatical mistakes can be strong indicators of fraud, and avoid impulse purchases that appear too good to be true. But ultimately, don’t panic. If you feel you have been the victim of a scam, please call your credit card company right away and inform them of a potential scam.

Remember, Black Friday and Cyber Monday scams depend on creating a sense of urgency, using these special shopping days to spur immediate action and grab deals before they are gone. Think before you click.



Why Anti-Money Laundering is no longer just a tick box exercise




Tremors following Russia’s invasion of Ukraine have been felt around the world. At a time when customers are already demanding more from companies, the additional pressure being felt — especially by banks and financial services — to prioritize compliance and risk management is stronger than ever before. This has been further compounded by the realization across Western democracies of the extent of the Kremlin’s financial links within their jurisdictions, adding yet more pressure on governments to implement regulatory change. The need to investigate unexplained wealth orders and provide stronger reporting measures to tackle illicit transactions is more necessary now than ever before, while simultaneously ensuring sanctions do not impact the security of ordinary citizens’ bank accounts.

Anti-Money Laundering (AML) was once merely a tick box exercise. However, those in compliance now see financial crime and any link to bad actors as a legitimate risk to the reputation and the future success of financial organizations. As the industry moves in this direction, the entire ecosystem — law enforcement, regulators, and financial institutions — must move with it. Investment in banking technology is increasingly being focused on the development of more sophisticated solutions in the AML and anti-financial crime space. Clearly, there is more to be done in establishing the openness, reliability and safety needed to ensure customers’ assets remain secure. While some of the more traditional organizations still use fairly basic tools, there is a desire to innovate quickly and effectively, with a focus on implementing high-risk–reducing activities that can provide AML alerts in real-time across both traditional finance and the growing presence of digital assets.

However, the banking sector is also on the precipice of great change and dynamism, and AML has a fundamental role in achieving this success, especially for the emerging economies market. A report by PwC highlighted that Brazil, Indonesia, Mexico, and Turkey will develop banking sectors of comparable scale to major European economies such as the UK, France, and Italy before 2040. Meanwhile, EY’s report in 2019 showed that financial inclusion can help boost GDP by up to 14% in large developing economies such as India, and up to 30% in frontier markets across Africa. These predictions are being aided by the continued rise of digital assets, growing exponentially, and projected to reach $4.94 billion by 2030, growing at a CAGR of 12.8% from 2021 to 2030, providing capital access to customers worldwide through instant decentralized transactions.

This makes the need for frictionless financial activity imperative, ensuring businesses have constant access to capital to invest alongside the security of working with banking providers with industry-leading AML services in place.

At Zenus Bank, we have approached this challenge by offering a US bank account that allows clients in over 150 countries to deposit, hold and make payments through US banking infrastructure. This form of international movement makes secure worldwide AML services an imperative.

As demand for our services has grown rapidly this year across Asia, Europe, and South America, we knew to scale at speed we needed to have a secure AML system that would allow us to grow our operations remotely without compromise. Adopting systems such as Identity Onboarding Authentication (IOA) has been key to achieving this. The technology streamlines the onboarding process for all our new customers using facial and voice recognition combined with artificial intelligence, all but eliminating the risk of individuals or businesses setting up fake accounts. IOA also validates thousands of identification documents in seconds, comparing the customer’s ID when submitting transactions to their facial recognition to provide financial security for us and our customers against money laundering. This type of full cycle integration of customer biometric validation and frictionless connectivity with multiple vendors is essential for financial irregularities and fraud prevention, eliminating old protection systems such as the need for passwords, personal questions, or other weak links in the security chain.

And so, the future of AML is two-fold: helping to fight the rising risks of financial crime that come with the increase of embedded financial services, and to ensure the ever more complex forms of payment can be completed at speed while monitoring the legality of each transaction in real-time.  AML is no longer just a tick box exercise — it is key to the future success of the financial industry.

Continue Reading


Making better decisions with people data and analytics at Standard Bank




By Ian McVey, SVP & GM EMEA at Visier


Talent attraction, development and retainment remains a key challenge facing the financial services sector, one which has intensified due to the impact of the COVID-19 pandemic and how it has transformed working environments.

Even before the pandemic arrived, financial services was ranked the second most stressful industry to work in, second only to health and social care on a list of 12 of the UK’s most prominent sectors.

Today, financial services employers are having to keep pace with the growing need for new digital skills in the workforce, as well as placing a greater wellbeing focus on their most important asset – people.

Indeed, the landscape continues to shift at speed. According to a survey of financial services workers undertaken by UK Finance, three in 10 said they needed more digital and tech expertise, with 28% saying they needed a better understanding of the mental and physical health of their staff and customers.

Industry leaders are wary of the talent crunch as well. Around seven in 10 banking and capital markets CEOs and insurance bosses view the limited availability of key skills as a threat to growth.

This makes people-based decision-making paramount to achieving the best possible business outcomes. Reams of research support this, with several studies showing that more diverse workforces outperform others, and that happy workers are markedly more productive in their day-to-day roles. The upshot is that the firms which rank best to work at perform better on stock markets.

Ian McVey

Putting people first at Standard Bank

Standard Bank is a pioneering example of how financial services organisations can leverage workforce data and insights to make better employee and business decisions.

It is a huge business. As the largest African banking group by assets, the company has around 55,000 employees operating in 28 countries around the world.

Digitisation and modernisation have been central to the business’s strategy, both in how it provides services to customers and operates internally.

Prior to the pandemic, the company already had a solid reporting structure and process in place, but there was a crucial problem – access to reports was limited to a small number of people and they were often out of date by the time of use.

Standard Bank needed clear, real-time insight that connected their workforce decisions to business value. It was faced with two options – leaning on analytical tools already in the business which provided monthly reports, or deploy a pre-built people analytics solution that could provide instantaneous insights.

The company chose Visier to implement the latter. Here, the adoption of on demand people data analytics has been scaled across the business, empowering line managers who make important daily decisions that shape the employee experience. So far, more than 6,000 line managers are using these insights to make informed people and business decisions.

Indeed, through the pandemic, the outcome-focussed insights offered by Visier’s people analytics solution have shaped the work-life balance and hybrid working policies for the company. It underpinned a key support system for employees, from tracking sick leave to issuing gentle reminders to take all important annual leave.

Progress continues in 2022. Having a holistic view of the workforce has been influential in enabling Standard Bank to develop its digital landscape – it has highlighted where skills are needed and what processes need transforming to facilitate the journey to becoming a truly digital bank.

Proving the power of people analytics in financial services

What Standard Bank’s experience shows is that it is possible to create an agile banking investment workforce that can pivot on demand with accurate, real-time people analytics capabilities at your fingertips.

Developing an industry-leading financial services workforce is no easy undertaking. However, gaining insight into what employees are feeling and how to keep them engaged has never been easier.

By leveraging a pre-built people analytics platform, managers can create plans based on projected growth, skills, and expected turnover, and share them securely across the business with role-based permissions.

And with all employee data stored in a single system, managers can view the entire workforce picture without having to wade through spreadsheets, enabling them to make decisions with greater confidence using the information to back them up.

Across our customer base, we see a 50% greater return on equity in comparison to other solutions (23.6% compared to 15.4%), as well as a 17% lower manager turnover which collectively saves millions on recruitment processes.

That said, recruitment processes can be transformed by people analytics, too. It enables organisations to identify the traits driving turnover and discover where their best candidates are coming from – and, crucially, how to keep them engaged through the hiring process.

From obtaining talent to keeping staff engaged and on-board, a data-driven people strategy is central to all stages of building the best financial services team possible.

Continue Reading



Business3 days ago

How can businesses boost employee experience for finance professionals?

By Martin Schirmer, President, Enterprise Service Management, IFS Over the course of the last year, The Great Resignation has seriously...

Business4 days ago

CBDCs: the key to transform cross-border payments

Dr. Ruth Wandhöfer, Board Director at   If you work in finance, you’ll have been hearing a lot about...

Business4 days ago

Green growth: The unstoppable rise of climate technology investment

With the investment community focusing more and more on renewable technologies, investor interest is at an all-time high. Ian Thomas,...

Business4 days ago

Bolstering know your customer processes as regulation tightens

Nick Payne, banking services, customer advisory, SAS UK & Ireland, discusses how new technologies allow financial services companies to develop rigorous KYC...

Finance4 days ago

The penny has dropped – the finance sector needs Data Governance-as-a-Service

By Michael Queenan, Co-Founder and CEO at Nephos Technologies   In our data-driven world, the amount of data is growing...

Business4 days ago

Seven tips for financial services brands using mail

By Cameron Russell, Head of Marketing at Marketreach   Customer experience (CX) is a powerful differentiator for modern brands. If...

Top 104 days ago

Turn the data landfill into an insight goldmine

Andrew Watson, CTO, MHR Today, businesses have access to a wealth of data, with vast amounts of information created daily....

Business4 days ago

A Culture of Cyber Security Throughout Financial Services Organisations

Michael Cantor, CIO, Park Place Technologies Financial Services organisations have long been a top target for cyber-attacks given both the...

Business6 days ago

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation The strongest recommendation yet by the Financial...

Business6 days ago

On-demand pay: why payroll needs a modern approach

Byline:  Paul Bartlett, CEO, CloudPay   While the world of work has evolved drastically over the last decade, payroll has...

Business6 days ago

 ‘What should real estate investors be doing now – has the market hit rock bottom or is now the time to buy?’

Following many years of housing prices soaring and competition steadily increasing, real estate growth has finally started to slow, likely...

Business7 days ago

Expert Guide for Email Marketing to Improving Your Conversion Rates

If you talk about email marketing campaigns, it would seem like an old-fashioned advertising style. But it is still an...

Banking1 week ago

Augmented automated underwriting and the evolution of the life insurance market

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions   It’s almost inevitable. Spend your working life...

Banking1 week ago

ESG in the finance and banking industry – are you ready?

By Julian Moffett, CTO BFSI, EDB   Environmental, Social and Governance (ESG) has soared towards the top of banking, financial...

Top 102 weeks ago

An Entrepreneur’s Guide to Investing in Bitcoin

Marcus de Maria, Founder and Chairman of Investment Mastery.   Over recent years, Bitcoin has been steadily growing in popularity...

Business2 weeks ago

Overcoming macroeconomic challenges

By Mike Chambers, formerly CEO of Bacs and a consultant at Access PaySuite.   For businesses offering a subscription-based service, the...

Banking2 weeks ago

How unlocking the potential of tokenised markets can help banks keep pace with the digital economy

Giulia Secco is the Strategic Partnership & Ecosystem Manager at Fnality International.   In the aftermath of the 2008 financial...

Banking2 weeks ago

The role of Artificial intelligence in compliance at banks

Sujata Dasgupta, Global Head – Financial Crime Compliance Advisory, Tata Consultancy Services   There’s not a financial institution across the...

Technology2 weeks ago

Scaling securely in the automation-first era

By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk   Robotic process automation (RPA) has been one of the...

Business2 weeks ago

Putting technology to work on entrepreneur fund-raising

By Simon Glass, CEO, Qodeo   Human relationships are behind the most successful venture capital deals. The chemistry between an...