The economy has been through the wringer for the past few years. Skyrocketing inflation in the wake of the COVID-19 pandemic brought with it a series of rapid rate rises that still may not have reached an end.
Financial fear has set in, and many vulnerable consumers are becoming even more vulnerable by the day.
In a report released by the Financial Health Network (FHN), “potentially worrying” signals were found throughout the levels of household spending. Debt has been mounting, and consumers have been increasingly reliant on high-cost credit.
Most acutely affected are those deemed “financially vulnerable” whose growing reliance on credit could impact their ability to recover from the strain.
It’s an environment that could affect US households for years to come. While some regard it as a return to “normal,” some consumers could be locked into a debt cycle that could benefit from a change.
Source: Financial Health Network
Financial Health walks a thin line.
Taking into account consumers’ spending, saving, and borrowing habits, as well as their approach to financial planning, the FHN can determine indicators of financial vulnerability.
The network found that the areas that consumers had been most affected were shown in fees and interest derived from credit and loans.
Savings have hit a new low since 2015, dropping to below 5% of incomes for the duration of 2022.
More often, consumers were leaning on credit and loan products. Gone is the financial cushion that many used to weather out the financial strain of the Covid19 pandemic. Gone too, are the pandemic-era measures that assisted in loan payments, buoying delinquency numbers.
The total interest and fees paid on a variety of nonmortgage financial services increased between 2021 and 2022 by 15%. From credit card interest alone, costs grew by $20 billion.
Rate hikes are partly to blame, accounting for around one-quarter of the increase. However, increased card usage drove the majority of fees. In 2022, just over half of credit card users reported having carried a balance, with clear delineations by financial health tier.
While credit delinquencies had remained low post-pandemic, levels, have started to creep up. Total debt balances grew by $394 billion in the fourth quarter of 2022, the largest quarterly increase in 20 years. The Federal Reserve Bank of New York reported an uptick in credit card delinquency rates towards the end of 2022.
“Altogether, this paints a picture of debt that could really start to strain the checkbooks of American families,” said Meghan Greene, senior director of policy and research at Financial Health Network. “Toward the end of 2022, there were a number of signs that defaults were starting to grow, so that gives us a worrisome picture of how much debt people are carrying.”
Source: Financial Health Network.
Financially vulnerable bear the brunt
According to the survey, while the unbanked population had decreased by 1.8% within the year, those who remain unbanked are disproportionately made up of populations of color and households earning less than $30,000.
The proportion of unbanked is an ever-changing experience, according to the report. Many respondents who said they had no bank account reported closing their checking account in the past 12 months.
The worsening conditions of vulnerable consumers is a running theme throughout the report. In 2022, it was found that financially vulnerable households allocated 14% of their incomes to fees and interest alone, compared to an average of 1% among the financially healthy.
Individuals that are deemed to be struggling with most or all areas of their financial life spent an estimated $98 billion on interest and fees in the last year. They drove 28% of all fees and interest payments, despite only making up 15% of the population.
The report also found that Black and Latinx households had to allocate more of their income towards covering fees and interest, and a “startling” number of the demographic have had to turn to high-cost loans.
In conclusion, the FHN warned of future scenarios where an already gaping divide in financial health continued to grow wider. “The burden of increasing costs of borrowing will continue to fall disproportionately on those who are less likely to be able to afford it.”
Courtesy of Isabelle Castro Margaroli, FinTechNexus
PUBLISHED The CFPB’s 2022 Fair Lending Annual Report to Congress
The CFPB released its Fair Lending Annual Report to Congress , describing our fair lending activities in enforcement and supervision; guidance and rulemaking; interagency coordination; and outreach and education for calendar year 2022.In 2022, the CFPB’s fair lending work centered on the consumers and communities most affected by unlawful discrimination. These efforts included working with our federal and state partners to address redlining as well as confronting deep-seated discrimination in the home appraisal industry. The CFPB also released several reports shining a light on factors that may influence fair access to credit, including how medical debt affects tens of millions of consumers’ credit profiles, how people in under-resourced rural areas struggle to access financial services, and the challenges faced by justice-involved individuals and families. Read more
Office of Research blog: How are mortgages with a COVID-related forbearance performing in 2023?
In response to the COVID-19 pandemic, the federal government enacted the Coronavirus Aid, Relief, and Economic Security (CARES) Act, allowing millions of mortgage borrowers in the United States to enter public or private forbearance programs and temporarily pause their mortgage payments. In reports from May 2021 and March 2022 , the CFPB explored the characteristics and demographics of mortgage borrowers during the COVID-19 pandemic, with a focus on those who were in forbearance.In this post, we use recent data from the National Mortgage Database to compare the performance of mortgage borrowers in March 2023 to those in March 2021 that had COVID-related forbearance, were delinquent but not in forbearance, and those considered current on their payments. While we expressed concern in both 2021 and 2022 about borrowers’ ability to recover from periods of forbearance, our most recent analysis shows that the majority of borrowers in forbearance in 2021 – including Black and Hispanic borrowers – were largely able to become current on their payments by March 2023. Read more
The CFPB issues order against payment processor ACI Worldwide Corp. and its subsidiary ACI Payments Inc. (ACI) improperly initiating the Consumer Financial Protection Bureau (CFPB) issued an order against ACI Worldwide and one of its subsidiaries, ACI Payments, for improperly initiating approximately $2.3 billion in unlawful mortgage payment transactions. ACI’s data handling practices negatively impacted nearly 500,000 homeowners with mortgages serviced by Mr. Cooper (formerly known as Nationstar). By unlawfully processing erroneous and unauthorized transactions, ACI opened homeowners to overdraft and insufficient funds fees from their financial institutions. Today’s order requires ACI, among other things, to pay a $25 million civil money penalty. Read more
PUBLISHED Protecting consumers’ right to challenge discrimination
The Consumer Financial Protection Bureau (CFPB) is committed to ensuring fair, equitable, and nondiscriminatory access to credit for individuals and communities. The CFPB administers and enforces federal laws such as the Equal Credit Opportunity Act, a landmark civil rights law that protects people against discrimination in all aspects of credit transactions. Under the law, consumers targeted by race, religion, age, or any other prohibited basis with predatory lending products or practices also have the right to challenge that discrimination by bringing a lawsuit. Yet lenders engaged in discriminatory acts or practices sometimes unfairly try to make consumers sign away that right. Fortunately, many courts have rejected attempts to make people sign away crucial legal rights. Read more
Wednesday, June 28, 2023, 11:00 AM – 12:00 PM
EST
Bureau staff will provide information to help financial institutions determine whether they are covered financial institutions for purposes of the small business lending rule. This will include how to determine if transactions are covered credit transactions and whether businesses are small businesses.
PUBLISHED CFPB Releases Reports on Banking Access and Consumer Finance in Southern States
The Consumer Financial Protection Bureau (CFPB) issued two new reports on the financial opportunities and challenges facing Southern communities. The Southern U.S. is home to diverse populations, including many rural areas. Many areas of the Southern region are considered “banking deserts” because of the absence of sufficient bank or credit union options for local communities. The first report, “Consumer Finances in Rural Areas of the Southern Region,” compares consumer financial experiences and outcomes in rural communities in Southern states with other regions. A second report, “Banking and Credit Access in the Southern Region of the U.S.,” dives deeper into banking access and credit access, particularly mortgage lending, in both rural and non-rural areas in the region. Read more
CFPB Report Identifies Issues with Increased Servicemember Use of Digital Payment Apps
The Consumer Financial Protection Bureau (CFPB) released its annual report on the top financial concerns facing military families. The report highlights the growth of digital payment app usage in the servicemember community, the unique risks to servicemembers from these services, and the potential abuse from bad actors. Some servicemembers have also indicated in their complaints about incurring serious financial harm from scams and fraud when using these services, and their complaints suggest digital payment app providers often fail to provide timely and substantive resolutions. Read more
The CFPB intends to identify ways to simplify and streamline the existing mortgage servicing rules
By Rohit Chopra
Borrowing to buy a home is one of the biggest financial decisions a family will make. Mortgage servicers are the companies responsible for processing payments and managing mortgage accounts, and they play a critical role in assisting homeowners with repayment. Borrowers don’t choose these companies – servicers are chosen by the lender or investor that owns the mortgage.
In the mid-2000s, predatory mortgage practices spread throughout the country. Many large financial institutions with mortgage servicing operations experienced serious breakdowns. This resulted in a crisis where 10 million homes ended up in foreclosure between 2006 and 2014.
The foreclosure crisis was an important catalyst for the creation of the Consumer Financial Protection Bureau. Congress required the CFPB to implement new rules to make the mortgage market work better. These new rules first took effect in 2014. During the COVID-19 pandemic, we saw how these rules worked when unemployment spiked. The CFPB observed that there were places where the rules could be revised to reduce unnecessary complexity.
Last fall, the CFPB asked the public for input on ways to reduce risks for borrowers who experience disruptions in their ability to make mortgage payments, including input on the mortgage forbearance options available to borrowers. In particular, we sought input on the features of pandemic-related forbearance programs and whether there are ways to automate and streamline long-term loss mitigation assistance. We received comments from housing organizations, homeowner advocates, mortgage servicers, and many others.
Many commenters noted that borrowers seeking help on their mortgages can face a paperwork treadmill that hurts both homeowners and mortgage servicers. According to commenters, the temporary pandemic-related changes we made to the mortgage servicing rules helped alleviate this problem and get borrowers accommodations more quickly. Click here to read more
Laying the foundation for open banking in the United States
By Rohit Chopra
New digital banking technologies have the power to expand and open market access for American consumers and emerging businesses. In a more competitive market, Americans will be able to earn higher rates on their savings, pay lower rates on their loans, and more efficiently manage their finances. But the new technologies, and the competition they can fuel, have not yet reached their full potential. Consumers continue to encounter all too familiar obstacles when trying to switch banks or apply for loans.
The CFPB is working to accelerate the shift to open banking through a new personal data rights rule intended to break down these obstacles, jumpstart competition, and protect financial privacy. To do this, the CFPB is formalizing an unused legal authority enacted by Congress in 2010. This authority gives consumers the right to control their personal financial data. These rights will become a practical reality after the CFPB implements a rule that sets expectations for the market. We expect to solicit comments on our formal proposal in a few months and finalize in 2024.
But the agency must not micromanage open banking. Fair standards developed by the market to leverage our rule will be critical to the creation and maintenance of an open banking system in which consumers can vote with their feet — and exercise their data rights without being trapped by powerful incumbents and without losing control of their data.
Our proposal will recognize that the CFPB must resolve certain core issues because system participants are deadlocked or because existing approaches do not put consumers fully in the driver’s seat. But many of the details in open banking will be handled through standard-setting outside of the agency. Properly pursued, such standards can allow open banking to evolve as new technologies emerge, new products develop, and new data security challenges arise. Click here to read more
The Consumer Financial Protection Bureau (CFPB) today released a new issue spotlight on the expansive adoption and use of chatbots by financial institutions. Chatbots are intended to simulate human-like responses using computer programming and help institutions reduce the costs of customer service agents. These chatbots sometimes have human names and use popup features to encourage engagement. Some chatbots use more complex technologies marketed as “artificial intelligence,” to generate responses to customers.
Communities across the nation are working to prevent and respond to elder financial exploitation, which threatens the financial security of millions of older adults each year.
The Consumer Financial Protection Bureau (CFPB) helps state and local organizations create and develop Elder Fraud Prevention and Response Networks, often working with partners to host in-person convenings of local or regional stakeholders.
But what happened during the COVID-19 pandemic, when people were no longer able to convene in person? When reported fraud and scams hit an all-time high? And what happens when scammers target traditionally underserved populations? Here is how the CFPB and elder justice advocates adapted to meet the moment.
Courtesy of Dave Kovaleski, Financial Regulation News
June 20, 2022 — The Bank Policy Institute (BPI) offered feedback on the Securities and Exchange Commission’s (SEC) proposed climate disclosure policy, expressing its concerns.
The proposal would require public companies to provide a detailed financial accounting of climate-related risks, information on indirect emissions, and numerous requirements for disclosure of risk management policies and practices.
BPI officials said that many banks already voluntarily disclose climate information, adding that an overly prescriptive approach from the SEC could undermine the goal of providing useful information to investors. Further, BPI says the proposal fails to account for the interaction with the prudential bank regulatory framework.
“Banks share the SEC’s goal of communicating material climate risks transparently to investors and managing those risks in a prudent manner. However, the proposal’s overly detailed requirements would lead to a mountain of information that would be misleading and of little use to investors. This is particularly the case given the significant limits of climate data today. It is important to ensure that the climate-related disclosures produced are useful to investors,” Lauren Anderson, BPI senior vice president and associate general counsel, said.
While investors are increasingly seeking more information on how firms will be affected by climate-related risks, BPI says climate risk data is in the early stages of development. As such, there are significant data gaps and inaccuracies. BPI adds that data challenges are even more problematic for banks as they must rely on data from their clients to produce their climate disclosures. The approach that the SEC is taking could lead to a false sense of precision regarding climate reporting and end up misleading investors. Regulators should recognize the need for a flexible framework that will allow disclosures to improve over time.
Specifically, the proposal’s Regulation S-X financial reporting requirements are largely inoperable, will not result in useful disclosure for investors, and should be removed or, at a minimum, narrowed, said BPI.
Also, they state that the Scope 3 emissions disclosure requirements are overly broad as drafted and should be narrowed to focus on registrants’ material targets or goals. Further, the risk management aspects of the proposal should be modified so that they do not front-run, and are consistent with, ongoing efforts by the federal banking regulators.
In addition, the proposal’s board and management governance provisions should be modified to be less prescriptive and not place outweighed importance on one potential risk factor that public companies must manage. Among other recommendations, BPI says the proposal’s cost-benefit analysis likely under-estimates costs by several degrees and has not demonstrated the purported benefits outweigh even the identified costs. Also, BPI says the proposal should not require third-party attestation of Scope 1 and Scope 2 GHG emissions disclosures.
Jun 23, 2022 — Cornerstone and HCUA merger committees have begun the due diligence process.
The Cornerstone League and Heartland Credit Union Association are exploring the possibility of a merger. Both league boards approved moving forward with the due diligence process, and a letter of intent has been signed by both organizations. A merger between the two would create a five-state league serving up to 718 credit unions and 14 million members, led by Cornerstone League President/CEO Caroline Willard.
“We believe that the infrastructure supporting our credit unions must evolve to keep pace with the way credit unions and consumers have changed,” said Willard. “Partnering with Heartland can help both organizations do that.”
“Joining HCUA and Cornerstone together provides a unique opportunity for our leagues to maximize efforts in compliance and advocacy,” said Lisa Simmons, interim CEO at the Heartland Credit Union Association. “This partnership will provide all credit unions access to more options to better serve their members and communities.”
Willard said that in combining their shared strengths, Cornerstone and HCUA can help to preserve the unique role of financial cooperatives in the marketplace.
“By removing barriers on the federal, state, and local level, we can fight regulatory burdens more effectively and strengthen our influence as a larger regional league,” she said.
Cornerstone League Board Chairman James Boyd said that Cornerstone’s proven multi-state association model can be applied to create additional value in the Heartland region.
“We at Cornerstone are excited at the possibility of expanding our model—centralized professional staffing combined with boots on the ground in each state capital—into Kansas and Missouri,” said Boyd, who is also president/CEO of Abilene Teachers Federal Credit Union in Abilene, Texas. “Given the political and cultural similarities amongst our five states, we believe the combination can be smooth and productive.”
James Nastars, board chairman of the Heartland Credit Union Association and president/CEO of Meritrust Credit Union in Wichita, Kan., said the time is right to consider a merger.
“Our two associations complement each other in so many ways, and our focus and commitment to credit unions align very well,” he said. “By working together while still maintaining our individual state identities, it will create an even stronger league and provide our credit unions of all sizes with more opportunities to grow.”
Upon consolidation, both organizations would operate under the Cornerstone League brand, serving credit unions in Arkansas, Kansas, Missouri, Oklahoma, and Texas.
Following the due diligence process, the boards of both associations would need to vote on the approval of a merger agreement, and a vote of the members of both organizations would be required as well. In the meantime, members of both leagues will be invited to one of many townhall meetings to learn more about the consolidation, provide feedback, and ask questions. If the merger is approved, the tentative timeline for the merger to become official is Jan. 1, 2023.
Author: Cornerstone League
One of the FDIC’s most important responsibilities is to prudently manage the Deposit Insurance Fund. The FDIC’s ability to credibly guarantee our nation’s insured deposits is vital for the stability of the banking system. The Deposit Insurance Fund has gone broke twice in the last 30 years.1 Just as large financial institutions should not expect a bailout from taxpayers, neither should the FDIC.
The law requires the FDIC’s Board to establish and implement a restoration plan when the Deposit Insurance Fund’s reserve ratio falls below 1.35%.2 The plan must bring the reserve ratio back above the statutory floor within eight years. The fund’s reserve ratio breached the statutory floor on June 30, 2020. In the last six months, the situation has worsened, with the reserve ratio falling from 1.27% to 1.23%. The Deposit Insurance Fund is currently about $12 billion below the minimum prescribed by law. Given the serious risk of missing the statutory deadline, it is critical that the Board take steps now, while banking industry profits are robust. Otherwise, the Board may be forced to impose a larger rate hike later when economic conditions may be different.
I am voting in favor of shoring up the Deposit Insurance Fund by amending the restoration plan required by law and by proposing a small premium increase. These are important short-term actions.
Over the long term, I believe the Board should explore a new mechanism to automatically adjust premiums upward and downward based on economic conditions, rather than relying on ad-hoc actions. For example, calibrating assessment rates based on banking sector profitability, or a combination of metrics, is worth exploration. The Board should also evaluate the relative burden of assessments on banks of varying sizes, including whether the largest firms, especially global systemically important banks, should be paying a higher share of the assessments than they do today.
Regulators expect a bank board to actively monitor management’s execution of the bank’s objectives and require adjustments if warranted by changing conditions. That is sound governance. I am pleased we are demonstrating that we will hold ourselves to that same standard.
1. The Deposit Insurance Fund balance went negative in the early 1990s after the Savings and Loan Crisis and 1990-91 economic recession. The balance again went negative due to the 2008 financial crisis.
2. 12 U.S.C. 1817(b)(3)(B) and (E).
.
Can non-fungible tokens (NFTs) disrupt the lending market? And should credit unions, which are showing heightened interest in cryptocurrency, be entering this space as well?
Article courtesy of Ray Birch, CUToday.info
Lou Grilli, senior innovation strategist at PSCU, believes many credit unions will eventually answer “yes” to both questions, noting NFTs are already playing a part in the lending marketplace.
An NFT is a non-interchangeable unit of data stored on a blockchain, a form of digital ledger, which can be sold and traded, representing ownership of digital files such as photos, videos, and audio.
“So, an NFT could show you are the owner of a collectible, digital art, a song, a book, a video, or something more tangible, like tickets to a real-life event, or the title to a boat or to real-estate,” noted Grilli. “To understand how it works, think about owning a piece of a cryptocurrency coin, such as Ethereum. Your ownership of some amount of Ethereum is represented by a token on a blockchain. NFTs are likewise tokens on a blockchain, also representing ownership of something. Today, the most common use-case is ownership of artwork, like CrypotKitties, and characters in video games, such as Axie Infinity.”
The Coming Disruptor
But Grilli predicts NFTs will see more practical applications, such as real estate transactions, auto and boat titles, and other real-life uses.
“We already saw the first NFT-based real-estate transaction in the U.S. happen right here in Florida,” said Grilli. “And the person involved in this transaction has plans for several more.”
Where credit unions will first be forced to address NFTs is in mortgage lending, said Grilli.
“NFTs will be disrupters to mortgage lending,” he predicted. “Neobanks and crypto exchanges are entering the lending market by allowing clients to collateralize their digital asset holdings, meaning their holdings are locked up and can’t be sold or traded, in exchange for a loan.”
Recently, Genesis, a cryptocurrency exchange, offered a new client a six-month $1.25-million loan with a 7.5% interest rate—the equivalent of a 15% annual rate—collateralized by 10 NFTs by well-known digital artists Pak and Fewocious, valued at $5 million, Grilli pointed out.
Lou Grilli
“While this is an outsized example, there are firms like Arcade that in their first four months issued $10 million in similarly structured loans,” he said.
The New Card Perk
Grilli noted NFTs have already entered the credit card space as perks, suggesting they could disrupt those offerings, as well.
“AMEX is offering its cardholders a chance to purchase one of 14 unique digital images from a recent performance by R&B singer SZA as part of its rewards program,” Grilli said. “Amex is anticipating that NFTs will become more mainstream and will become an increasingly desirable perk for prospective customers. For credit unions, when it comes to crypto-savvy members, there will be a clear delineation of credit unions participating in the digital asset evolution—large and small—and those that are not.”
But when it comes to NFTs and payments cards, chargebacks may be a big issue, cautioned Grilli.
“Like gambling and other high-risk merchant category codes, chargebacks for NFT purchases pose a headache to issuers,” he said. “Due to the completely virtual nature of digital assets, it is even more attractive for a fraudster to use a stolen credit card number to purchase an NFT than it is to purchase a TV. Chargeback attempts due to friendly fraud, buyer’s remorse, kids using a parent’s card, occur with a much higher frequency in the digital world than in the physical world.”
Recognizing the potential for abuse in this area, Grilli noted that PayPal announced it would cap fraudulent claims about the sale of NFTs containing art, media or collectables at $10,000.
What to do Now?
What should credit unions be doing?
Grilli recommended monitoring member activity, “Ideally, using data analytics to track funds flowing. Every credit union should be tracking ACH and debit transactions to and from the major exchanges, such as Coinbase, crypto.com, Gemini, FTX, Binance, and BitFinex. Many credit unions would be surprised to see how much activity their members are already conducting in the world of digital assets. Likewise, credit unions should be looking at purchases made at the largest NFT exchanges, such as OpenSea, NFT Launchpad, crypto.com, and Rarible.”
Grilli pointed out that last summer Visa bought one of the NFT CryptoPunks for $150,000.
“Visa doesn’t consider this an investment, and the asset is not on their balance sheet,” Grilli said. “Visa believes that NFTs will play an important role in the future of retail, social media and entertainment. If this is an area of interest, start small, and have a team of enthusiasts go through the effort of buying an NFT, within a reasonable budget,” Grilli suggested.
Making it Count
Grilli believes credit unions will eventually have to make NFTs, and cryptocurrency, “count.”
“Digital assets as collateral,” he said. “Consider cryptocurrency balances, including NFT investments as part of a member’s ability to repay. Some members are starting to accrue significant balances in cryptocurrency and NFTs. When members start searching for a mortgage, they’d like their investment to be considered, I believe.”
What members don’t want to do is sell their cryptocurrency holdings, incurring a tax liability, and more importantly, abandoning the opportunity for additional gains on their investments.
“Likewise, they don’t want to sell their NFTs, given the limited market of buyers and the slower appreciation cycle,” he said.
Grilli pointed out neobanks are already working to attract new clients by recognizing crypto and NFT investments.
“They are using reasonable valuations, and then taking into account risks of loss, using these investments as part of the overall equation when underwriting a loan,” Grilli said.
As CUToday.info has reported, UNIFY Financial, Torrance, Calif., already plans to recognize cryptocurrency as collateral for a loan.
“While this may be something that not all credit unions are ready for just yet, loan officers should be following news related to the topic, discussing this with their chief compliance officer and NCUA examiner, and preparing for a future where digital assets, cryptocurrency, and NFTs comprise a growing portion of a household’s net worth,” Grilli said. “And this future looks like it might happen sooner than anyone expects.”
June 7, 2022 — Cyber attacks, hacking, and data breaches are a growing threat. Yet, many companies could have prevented these threats with a bit of risk management and a proactive approach to digital security.
Whether you’re going through a digital transformation or worried about data protection, these are the emerging cyber threats that you need to beware of.
A Forrester report showed that 94% of organizations suffered some type of cyber attack in 2020 alone. Even worse is that three-quarters of those attacks were due to a vulnerability caused by a technology put in place during the pandemic.
Data breaches cost businesses on average $4.24 million in 2021 [*]. And in breaches where remote work was a driving factor, the average cost was $1.07 million higher.
- Malware: a combination of the words malicious and software — is an umbrella term used to refer to software that damages computers, websites, web servers, and networks. While malware isn’t a new threat, hackers are constantly capitalizing on new approaches. This includes ransomware, viruses, spyware, and trojans. Once installed, malware can deny access to your network, secretly obtain sensitive data, and even destroy your system.
- Ransomware: is a type of malware that involves extortion. Hackers prevent users from accessing data, threatening to publish or delete it until a ransom is paid. Hackers take control of a victim’s computer when they click links or download attachments that contain malware.
- Cryptojacking: uses your computer to secretly “mine” cryptocurrencies such as Bitcoin and Ethereum. While not an immediate threat, it can slow down your devices significantly. Hackers use phishing emails or other methods to get you to click a link that then downloads the cryptojacking malware to your device.
- Viruses: are malicious pieces of code that damage your device and can replicate and spread between hosts. Much like flu viruses that can’t replicate without a host, computer viruses can’t spread without a host file or document. Once a virus successfully attaches to a host file or document, it can lay dormant until circumstances “trigger” it to execute its code. Once it does activate, the virus can spread across computers or even across corporate networks.
- Trojans: named after the famed Trojan horse, this type of malware uses helpful software as a backdoor to gain access and exploit a computer or network. Trojans are widely used to steal credit card information. Users click on a link that hides the Trojan malware or unknowingly download it along with legitimate software. Once the file is clicked and opened, the download proceeds to install malware onto the device.
- Worms: are self-contained malware that spread through other files and programs on their own. Unlike viruses which require a host, worms are standalone programs that can “wiggle” through your network. Worms are often sent through email attachments — they duplicate themselves and send a copy to all contacts in the hacked email list. Attackers can use worms to overload servers and achieve distributed denial of service (DDoS) attacks.
- Spyware: is a type of malware installed to collect information about users, including their system or browsing habits. There are several different types of spyware to beware of. For example, Infostealers steal your information from browser forms. While Keyloggers record your keystrokes to catch sensitive data. Spyware is distributed in many ways — links, phishing emails, pop-ups, infected ads, or even poisoned links on Google search.Once a user clicks on the link, their data is sent remotely to an attacker. The information is then used to blackmail the victim or install other malicious programs.
- Adware: displays unwanted ads on your computer. It can also change your browser homepage or even add unwanted plugins and other spyware. While adware isn’t quite a virus and isn’t as problematic as other code floating around the internet, you still need to remove it from your computer. Not only is it bothersome, but it could also cause other device issues down the line. Adware can come from either downloading it by mistake or getting it from a malicious website. Once it’s downloaded and installed, adware immediately starts tracking your web activity. One indicator that you’ve been infected is constant pop-up advertisements.
- Drive-By Downloads: are programs that install on your devices without your consent. These include bundled software and unintentional downloads of any files. Drive-by downloads often take advantage of apps, operating systems, software, or web browsers that haven’t been updated. They can use any website as a delivery method for corrupted files. Just like other malware, drive-by downloads enter your computer unintentionally. You don’t have to click on or download anything for your computer to be infected — it just happens when you visit an infected website.
- IoT Device attacks: Internet of Things (IoT) devices are common targets for bad actors as they don’t have space to run proper security systems and often store sensitive information like log-in details and passwords. Hackers exploit the weak security and constant connectedness of IoT devices to gain access to them. Once they install malware, hackers can link devices together and launch DDoS attacks. These attacks attempt to knock out networks by flooding them with traffic. IoT devices such as smart speakers can also act as a weak point in your network. Once hackers are in, they can gain access to your entire system.
- Wipers — or wiper malware: damage organizations by wiping as much data (if not all) as possible. Unlike ransomware which has financial motives, wiper attacks are purely disruptive. Criminals may also use wiper attacks to cover the tracks of separate data thefts.Wipers often target files, backups, and the system boot section. Normally, hackers override files to destroy them, but they don’t do this in wiper attacks because it’s time-consuming. Instead, hackers write a certain amount of data at intervals which destroys files randomly.
- Cross-Site Scripting (XSS): hackers insert malicious scripts into a website with the intent of stealing users’ identities through session tokens, cookies, and other information. The malicious code is usually JavaScript but can include Flash or HTML. XSS often occurs when users log onto a web application’s session. Victims unintentionally click on the content because they think it’s legitimate. But little do they know that the attacker altered the executed script, making XSS harmful and dangerous.
- Phishing: has been around for years, but is consistently one of the most common ways hackers try to scam you online. It involves sending messages that seem to be from a trusted source to gain personal information or scam you into downloading malware. Phishing attacks can occur via email, text (known as “smishing”), phone calls, fake websites, and social networks. Hackers use a combination of social engineering tactics to gain your trust. Then, they send messages containing malware or a link to a fake site designed to steal your information.COVID-19 scams (like PPP fraud) and phishing schemes have been especially prevalent in the past few years [*]
- Whale and spear phishing: is a phishing attack in which the prime targets are senior executives (aka the “big fish”). While spear phishing is a similar attack that hyper-targets a specific company or individual. In whaling, attackers impersonate high-level executives to try and steal sensitive data. In spear phishing, criminals research victims on LinkedIn or other social media sites and pose as a trusted source to gain access to their data.
- Pharming: is when cybercriminals capture user credentials through a fake landing page. There are two types of pharming: malware and DNS cache poisoning. Malware-based pharming uses trojan horses to direct you to a fake website. For example, you’ll get a link to enter your credentials on your banking site. But the link routes you to a fake (yet believable) landing page designed to steal your information. With DNS cache poisoning, hackers exploit your DNS server. So even if you enter the URL of your banking site, you’ll still be redirected to the fake website without your knowledge.
- SQL Injection Attacks: An SQL injection attack (SQLI) is typical in database-driven websites. SQL attacks happen when attackers inject code into a website or server database to steal money, change data, or erase web activity. Hackers find vulnerable website fields such as contact forms and insert malware. Once the SQL query is inserted into the website, the attacker can execute malicious commands on the database.
- Denial of Service (DoS): is a website attack where attackers overwhelm a system or network with internet traffic. A variation of DoS attacks is the distributed denial of service (DDoS) attacks. With DDoS attacks, hackers infect computers on the network with malware to turn them into bots. Attackers control the bot network (or botnet) by sending instructions remotely. Some hackers even use artificial intelligence (AI) technologies for automation purposes. DDoS attacks result in a server overflow or network error. It can be challenging to separate DDoS traffic from regular traffic.
- Brute Force Attacks: are a type of cryptographic attack where hackers use software to repeatedly guess your login credentials. One in five networks have experienced a brute force attack.Hackers attempt to access an account by trying different passwords until they guess the right one. When you’re against hackers with a powerful computing engine or control over an extensive botnet, it can pose a problem. Some warning signs that you’re under a brute force attack include:
- The same IP address trying to log in multiple times.
- Many IP addresses try to log into a single account.
- Multiple unsuccessful login attempts being made from different IP addresses in a short period.
- Man-in-the-Middle Attacks (MitM): are a type of “shoulder surfing” where hackers eavesdrop on your connection. Hackers intercept data transfers between a server and a client to steal data and manipulate traffic. Attackers insert themselves through an IoT device or exploit unsecured public Wi-Fi.
- Insider Threats: are security risks that begin within the targeted organization. It often involves a current or former employee with administrator privileges or access to sensitive information. Insider threats have increased by 47% over the last two years [*], making them an emerging cyber threat. Insider threats occur when someone with authorized access misuses their access. Insider threats can be intentional or unintentional. Unintentional threats occur when a negligent employee falls victim to malware or phishing scams. Most security operations focus on external threats. But the best course of action for limiting insider threats is restricting employee access to systems they need for work.
- Zero-Day Attacks: Zero-day attacks happen to websites with newly-discovered security vulnerabilities.The term ‘zero-day’ alludes to web developers recently discovering the flaw, which means they have had zero days to fix it. Attackers jump to take advantage of the small time frame in which the device or program is vulnerable. Preventing zero-day attacks requires constant monitoring and proactive detection.
Read more about these threats with real-life examples here.
Courtesy of Christopher Bray, Aura
Urges Financial Institutions to Aid in Combatting Growing ThreatThe Financial Crimes Enforcement Network (FinCEN) is issuing an advisory to alert financial institutions to the rising trend of elder financial exploitation (EFE). EFE involves the illegal or improper use of an older adult’s funds, property, or assets, and is often perpetrated either through theft or scams. The advisory highlights new EFE typologies and red flags since FinCEN issued its first advisory on the issue in 2011.
“FinCEN is proud to support World Elder Abuse Awareness Day and call attention to a concerning and tragic rise in elder financial exploitation. Older adults should not have to endure abuse by criminals who seek to defraud them of their lifelong savings, or who wish to lure them into scams or schemes under false pretenses,” said FinCEN Acting Director Himamauli Das. “Financial institutions serve on the frontlines in protecting their older customers’ finances, and can play a critical role in helping to identify, prevent, and report suspected elder financial exploitation. Financial institutions’ vigilance matters. Their reporting matters.”
In 2021, financial institutions filed 72,000 Suspicious Activity Reports (SARs) related to EFE. As referenced in the advisory, this represents an increase of 10,000 SARs over the previous year’s filings. The Consumer Financial Protection Bureau (CFPB)’s estimate of the dollar value of suspicious transactions linked to EFE has similarly increased—from $2.6 billion in 2019 to $3.4 billion in 2020. This is the largest year-to-year increase since 2013.
FinCEN’s EFE advisory highlights behavioral and financial red flags to aid financial institutions with identifying, preventing, and reporting suspected EFE. In line with the risk-based approach to compliance with the Bank Secrecy Act, financial institutions should perform additional due diligence where appropriate and remain alert to any suspicious activity that could indicate that their customers are perpetrators, facilitators, or victims of EFE.
In addition to filing a SAR, FinCEN recommends that financial institutions refer their older customers who may be victims of EFE to the Department of Justice’s National Elder Fraud Hotline at 833-FRAUD-11 or 833-372-8311 for assistance with reporting suspected fraud to the appropriate government agencies. For educational resources on EFE and scams targeting older adults, please see the CFPB’s Office for Older Americans.
There are now 105 countries that are exploring central bank digital currencies (CBDCs). Among them, 50 countries are in an advanced phase of digital currency exploration (development, pilot, or launch).
The Atlantic Council’s Geoeconomic Centre has released a major update to its Central Bank Digital Currency (CBDC) Tracker. According to the tracker:
105 countries, representing over 95 percent of global GDP, are exploring a CBDC … A new high of 50 countries are in an advanced phase of exploration (development, pilot, or launch).
Furthermore, the tracker details that “10 countries have fully launched a digital currency, with China’s pilot set to expand in 2023.”
Among the G20 countries, 19 are exploring a CBDC, with 16 already in the development or pilot stage. They include South Korea, Japan, India, and Russia.
Last month, the Bank of International Settlements (BIS) released a report stating that 9 out of 10 central banks globally are exploring CBDCs. The BIS said, “the emergence of stablecoins and other cryptocurrencies have accelerated the work on CBDCs.”
Read more: Jamaica Becomes First Country to Make a CBDC Legal Tender