FIS Blog

Staying Secure in 2019

February 18, 2019

As part of FIS’ commitment to help you “Think Secure” and “Be Secure,” please review the list below of various threats observed last year and watch out for them in 2019.

SIM Swap/Port-out Fraud

  • What is it?
    • Identity theft in which attackers convince a mobile phone carrier, by means of social engineering or collusion, to switch the victim’s phone number to a new device by using the criminal’s own device, SIM card, and even a different carrier.
    • This is frequently used by criminals to intercept SMS-based two-factor authentication of bank accounts, cryptocurrency accounts, etc.
  • How do I recognize it?
    • Unfortunately, you will only notice this when your phone stops sending/receiving messages or calls.
  • What can I do?
    • Contact your carrier to set up an account PIN or passcode in addition to your login credentials.
    • Remove your cell phone number from account profiles that don’t require it to reduce the exposure of your number if there’s a data breach.
    • Verify that you’ve enabled alerts for unexpected/failed sign-in attempts on all accounts that allow this feature.
    • Always use a strong password (refer to FIS’ Password Requirements for help) and use sensible password hygiene (refer to our Secure Guidelines).
    • Consider alternatives to SMS-based two-factor authentication. For your most important accounts, like your online bank account, see if they allow other versions of two-factor authentication such as a security key or a third-party authenticator app.
    • Avoid sharing personal information on social media that can be utilized for recovering your accounts. For example, don’t answer or share questionnaire responses, etc., as these are commonly exploited for this purpose.

Cryptojacking

  • What is it?
    • Criminals hijack your device resources to mine cryptocurrency via malware, malicious scripts in webpages, malicious apps, etc.
  • How do I recognize it?
    • You may notice your computer slowing down or your mobile device consuming a lot of data and becoming hot due to increased computing resources. Or you may not notice anything if the criminals are crafty enough to siphon computing power from your device by throttling its consumption to avoid detection.
  • What can I do?
    • Most cryptojacking takes place via malware delivered via phishing email attachments or embedded websites links. Review our Think Secure. Be Secure. page’s Secure Guideline entitled “Stop and Think Before You Click” for more information on recognizing and reporting phishing attacks at FIS.
    • When web browsing on a computer or mobile device, stay away from unknown sites and only navigate to work-related websites when using an FIS device.
    • View phishing emails seen in the FIS environment by frequently navigating to the new Phishing Campaign Awareness Page (PCAP) from the Think Secure. Be Secure. page’s Helpful Links.
Mobile Botnets/Mobile Malware
  • What is it?
    • A mobile botnet is a network of remotely controlled infected mobile devices. This can happen when your mobile device becomes infected with malware and is under control of criminals. Your device can be used to facilitate distributed denial of service (DDoS) attacks on other entities, send spam emails/texts, infect other devices on the network with malware, facilitate click fraud by clicking on advertisement links on websites in the background, or spy on you and record your keystrokes to harvest credentials and other information.
  • How do I recognize it?
    • Your battery life seems to drain more quickly, you have dropped calls or disruptions, data usage spikes, large phone bills from your device sending SMS messages to premium numbers, or performance degradation. If you download a malicious app, it may want many levels of permissions to be granted that are not necessary to run the app, i.e., a calculator app that wants permissions to your contact list, call log, camera, microphone, or to retrieve information on running apps, etc.
  • What can I do?
    • Avoid downloading apps from any source that isn’t the official app store on your mobile device.
    • Be suspicious of unfamiliar apps that are in the official store, especially if they are new and have no ratings or are new with only 5-star ratings as many of those apps have bogus reviews to fool you into thinking they are legitimate.
    • Keep your systems and applications current with the latest patch updates.