Attackers are taking advantage of the requirement to secure online shopping and banking transactions processed within the U.K. to gather personal details of consumers and users alike.
If you’re unfamiliar with the Strong Customer Authentication (SCA) requirement in the UK, it’s basically multi-factor authentication given a “friendly” name; transactions only that involve banking or credit cards require the individual to authenticate themselves using two of three methods familiar to IT – something only they know (such as a password), something they possess (such as their phone), and something they are (such as their fingerprint).
While the UK’s implementation of SCA looks to be delayed until sometime next year, that isn’t stopping the bad guys from taking full advantage of the average consumer’s understanding that they need to abide by the new requirement.
According to UK news outlet Which, cybercriminals are sending out official-looking phishing emails from several banks designed to get the recipient to “verify” personal details.
While this scam is focused on obtaining information (likely to be sold on the dark web), it can just as easily be used as the vehicle to install malware or ransomware on your corporate network. Users should be warned about this scam and undergo Security Awareness Training to understand ways to quickly test and verify suspicious-looking emails.