MSN Money: Banks Have No Idea Who’s Creditworthy Anymore

MSN Money: Banks Have No Idea Who’s Creditworthy Anymore. “Lenders that are having a tough time spotting risky loan applicants are approving fewer borrowers for credit cards, auto loans and other consumer debt. They are also hunting for new data sets that could indicate who is in financial trouble and how much they need to set aside to cover soured loans. The Federal Reserve last week said the biggest U.S. banks could be saddled with as much as $700 billion in loan losses in a prolonged downturn.”

Phys .org: A COVID-19 crisis looms in the mortgage industry, experts warn

Phys .org: A COVID-19 crisis looms in the mortgage industry, experts warn. “More than two years ago, [Nancy] Wallace and [Richard] Stanton again began raising the alarm that the mortgage landscape that emerged from the last crisis is dominated by ‘nonbank’ lenders who operate with little of their own capital or access to emergency cash. It was another disaster waiting to happen, they warned, and called for increased oversight. No one predicted a shock the size and speed of the coronavirus pandemic, but it’s now upon us, and Wallace fears the worst.”

New York Times: Smashing the Finance Patriarchy With Memes

New York Times: Smashing the Finance Patriarchy With Memes. “Haley Sacks, 28, doesn’t just want women to save; she wants them to invest. Not only that: She wants them to understand the culture of investment banking. To teach them, she posts memes on Instagram. Her account, @MrsDowJones, has compared Deutsche Bank’s trajectory since 2007 to Rob Kardashian; likened the hype ahead of the Uber I.P.O. to that surrounding the newest royal baby; and used Andy Cohen as a proxy for interest rates.”

Krebs on Security: First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

Krebs on Security: First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records. “The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.”

Krebs on Security: Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions

Krebs on Security: Phishers Target Anti-Money Laundering Officers at U.S. Credit Unions. “A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.”

Black Hats & White Collars: SEC EDGAR Database Hackers Revealed (Splunk)

Splunk: Black Hats & White Collars: SEC EDGAR Database Hackers Revealed. “Over the past year, I’ve been presenting research at security conferences regarding the increasingly cozy relationship between black hat hackers and white collar criminals. One of the cases I researched was a group of hackers targeting PR firms for non-public insider information that could be monetized by trading stock based on the results of a company’s earnings and other factors. This past week it was revealed that this same group of criminal hackers and traders had become much more brazen and were also involved in the hacking of SEC’s EDGAR system targeting similar information.”

The Hindu: A new bank scam using Google Maps loophole

The Hindu: A new bank scam using Google Maps loophole. “Scamsters seem to have stumbled upon a gold mine in the form of a loophole in the Google Maps interface. Taking advantage of the fact that on Google Maps, an establishment’s contact details can be edited by anyone, a group of Thane-based con artists have been putting up their own contact numbers and getting customers who call them into revealing sensitive account details.”

Krebs on Security: SMS Phishing + Cardless ATM = Profit

Krebs on Security: SMS Phishing + Cardless ATM = Profit. “A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones. But this also creates an avenue of fraud for bad guys, who can leverage phished or stolen account credentials to add a new phone number to the customer’s account and then use that added device to siphon cash from hijacked accounts at cardless ATMs.”

ZDNet: Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks

ZDNet: Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks. “Over 100,000 routers have had their DNS settings modified to redirect users to phishing pages. The redirection occurs only when users are trying to access e-banking pages for Brazilian banks. Around 88% of these routers are located in Brazil, and the campaign has been raging since at least mid-August when security firm Radware first spotted something strange.”

New York Times: Banks and Retailers Are Tracking How You Type, Swipe and Tap

New York Times: Banks and Retailers Are Tracking How You Type, Swipe and Tap. “The way you press, scroll and type on a phone screen or keyboard can be as unique as your fingerprints or facial features. To fight fraud, a growing number of banks and merchants are tracking visitors’ physical movements as they use websites and apps. Some use the technology only to weed out automated attacks and suspicious transactions, but others are going significantly further, amassing tens of millions of profiles that can identify customers by how they touch, hold and tap their devices.”

Ars Technica: In-the-wild router exploit sends unwitting users to fake banking site

Ars Technica: In-the-wild router exploit sends unwitting users to fake banking site. “Hackers have been exploiting a vulnerability in DLink modem routers to send people to a fake banking website that attempts to steal their login credentials, a security researcher said Friday. The vulnerability works against DLink DSL-2740R, DSL-2640B, DSL-2780B, DSL-2730B, and DSL-526B models that haven’t been patched in the past two years.”

Facebook: We’re not asking for financial data, we’re just partnering with banks (Ars Technica)

Ars Technica: Facebook: We’re not asking for financial data, we’re just partnering with banks. “Facebook is pushing back against a report in Monday’s Wall Street Journal that the company is asking major banks to provide private financial data. The social media giant has reportedly had talks with JPMorgan Chase, Wells Fargo, Citigroup, and US Bancorp to discuss proposed features including fraud alerts and checking account balances via Messenger.” I had a comment here but my keyboard melted.