A monthly Information Security publication for the WPI community.

Welcome to this month's newsletter about FINANCIAL & BANK FRAUD

The digital landscape is evolving at lightning speed, and with it comes a new level of trickery, fueled by Artificial Intelligence (AI). Financial scams are no longer limited to old-school phishing—they’re now powered by AI-generated emails, deepfake voices, and hyper-realistic fake documents. I’ve seen firsthand how even vigilant institutions can be caught off guard. To stay ahead, we must adapt: leverage advanced fraud-detection tools, stay informed about these emerging AI-driven threats, and always verify before acting. If you receive an urgent email or call requesting a change in payment details, don’t take it at face value—double-check through secure channels. Awareness and vigilance are no longer optional; they’re essential in an AI-driven world. Together, we can build a safer digital community.

In this issue:

  • Financial & Banking Fraud
  • Securing Finances
  • Online Banking Safety Tips
  • Learning with Laughter
  • From WPI's CISTO
  • Information Security on WPI Hub!
  • Meet a Financial Scammer
  • Videos, In the News, By the Numbers
  • Diversity in Cybersecurity
  • WPI Resources
  • Coming Next Month...

Financial & Banking Fraud

People and organizations intentionally deceive victims with the end goal of monetary gain. While schemes to steal valuables have been around for thousands of years, today scammers use a mix of both high and low tech tactics to convince victims to divulge the information they need in order to profit.

Guard your card! Fraudsters skim the magnetic strips and scan using an RFID reader, or they can even be looking over your shoulder at an ATM. Cards may be intercepted in the mail, so if you are expecting one and it is not received within the expected time frame, contact your institution right away.

Check a Requested Change! Fraudsters call and email urging you to make an account change, move money, or provide account details under the guise of resetting a compromised account. Don't reply. Use the contact information on your card or a past statement to check on the request. If a request comes to you to change or reveal WPI financial data, do not comply. Please contact your supervisor and Information Security.

Pay Attention to Payments! Authorized Push Payment (APP) scammers inform you of a purported change or breach putting your money at risk, and of course, they claim to need your password or PIN to assist. Review statements to ensure checks paid on your account are not counterfeit. Scrutinize invoices and policies to ensure they are legitimate before paying.

Session Hijacking!  This occurs in the middle of the user journey, rather than at the login stage. The attacker uses stolen session cookies to take over a customer's existing session. The stolen data is usually obtained using third party browser extensions, malware-infected devices, or public WiFi networks. The hijacker can view information being sent and received, including financial details of an online bank account.

Additional details about these scenarios and more are here:

12 Most Common Types of Bank Frauds (PingIdentity.com)Types of Financial Fraud (VictimConnect.org)

How a Direct Deposit Scam Works

  1. A phishing email is used to steal an employee's login credentials.
  2. The scammer uses the stolen credentials to contact the Payroll staff and ask how to change their direct deposit information. 
  3. Direct deposit is changed to the scammer's account.
  4. After 1-2 pay cycles, the employee notifies the employer that they have not been paid.

How to Prevent Deposit Scams

  • Never send money to someone you don't know through a payment app even if they sent you money.
  • Use secondary factors to verify change requests
  • Know how to spot a phishing email
How to Secure Your Bank Account From Fraudsters (USNews.com)Protect Your Wallet from Accidental Deposit Scams (StaySafeOnline.org)

Securing Finances

AI Preventing Financial Fraud

Payroll diversion threats can be difficult for a system to detect because they often do not contain malicious payloads and are sent to specific people. Cybersecurity systems use AI to analyze messages to determine whether a message is simply an uncommon occurrence or malicious.

In 2024, the U.S. Department of the Treasury announced that it has recovered over $375 million as a result of its implementation of an enhanced fraud detection process that utilizes AI.

Treasury Announces Enhanced Fraud Detection Process Using AI Recovers $375 million (Treasury.gov)Using Behavioral AI to Squash Payroll Diversion (Proofpoint.com)

When it comes to MFA safety for financial accounts, did you know...

  • Multi-factor authentication (MFA) reduces the risk of security breaches from occurring.
  • According to Microsoft, MFA can “prevent 99.9 percent of attacks on your accounts.”
  • Passwords alone don't provide enough security because they can be stolen.
Use Two-factor Authentication to Protect Your Accounts (FTC.gov)

How WPI Keeps Financial Data Safe

  • WPI accounts and access to financial systems require MFA. 
  • Workday enables you to securely add and edit direct deposit criteria yourself.
  • Instructions about changing your financial data require sign-in on help.wpi.edu to view.
  • Compliance training is provided via KnowBe4 to employees with access to financial data governed by the Gramm-Leach-Bliley Act (GLBA).
Gramm-Leach-Bliley (GLB) WPI PolicyAbout KnowBe4 (login required)

Online Banking Safety Tips

  • Choose trustworthy financial apps. Never use person-to-person payment apps to pay bills. 
  • Don't conduct banking on public Wi-Fi.
  • Sign up for banking alerts.
  • Be wary of phishing scams; email that claims to be from your bank or payment app could be fraudulent.
  • Set strong and unique passwords.
  • Enable multi-factor authentication.
How To Protect Your Online Banking Information (Forbes.com)

Learning with Laughter

Chef Gordon Ramsay shouting, "Never send money to someone you have never met. It will always be a scam."
Willy Wonka portrait. Text: "Oh you're from an official government agency and you need me to pay you with gift cards? Tell me more about how that's definitely not a scam."

From WPI's CISTO: Compliance Education

As part of our ongoing commitment to maintaining the highest standards of security and compliance as required by state and federal regulations, we are implementing mandatory education on key data security topics. We are using the KnowBe4 platform to provide and track compliance education.

Our initial December 2024 campaign includes employees who have access to financial data governed by GLBA. Thank you in advance for your cooperation!

Information Security Is on the WPI Hub!

Here you can find the latest phishing and cybersecurity news, and links to helpful articles.

InfoSec's Hub Page

Meet a Financial Scammer

These traits could be signs you are dealing with a scammer:

- The interaction begins with unsolicited contact.

- They portray an air of authority, such as saying they are from your bank or the IRS.

- There is heightened emotion in the conversation - crying, anger, or fear.

- Exploiting emotional reactions to current events and news.

- They insist you act immediately.

Social Engineering Principles explains more about how scammers operate.

Social Engineering Principles

Financial Fraud News & Videos

In this news segment from Detroit, someone requested a new ATM card without the account owner's knowledge.

Bank Account Takeover Scams (3:47)

Two customers fell victim to wire transfer fraud in Los Angeles.

Protecting Yourself From Wire Transfer Scams (3:48)

Cyber crooks use the year-end rush to impersonate the fraud departments of banks and credit unions.

Scammers Impersonate Banks to Drain Savings (USA Today)

As higher education expands online learning offerings, bots have more opportunity to target institutions.

- About $10 billion was lost to fraud in 2023.

How Higher Education Became The Target Of Bots, Fake Accounts And Online Fraud (Forbes)

Financial Fraud by the Numbers

According to the Federal Trade Commission...

- 21% increase in money lost to investment scams in 2023.

- 2.6 million fraud reports were submitted to the FTC in 2023.

Infographic from FTC about fraud in 2023. Right click to open in new tab.
FTC Data for 2023

Diversity in Cybersecurity

Dr. Aleise McGowan, Assistant Professor of Cybersecurity at The University of Southern Mississippi

Aleise is smiling and there is an out of focus park background.
Dr. Aleise McGowan

WPI Resources 

Online Banking SecurityKeeping Your Identity Safe 

Coming Next Month...

Compromised Vendors 

  

Is there a cybersecurity topic that you would like to know more about? Please contact WPI Information Security using Get Support below.