Dear FIBA members,

We continue to see an elevated number of phishing and smishing attempts not only at FIBA but across our membership base. These attempts will continue to increase for the remainder of the year as bad actors aim to disrupt services, extort organizations, and or make information systems inaccessible. As part of our ongoing efforts to ensure the security of our systems and data, we urge you to remain vigilant against phishing emails that attempt to steal credentials or entice you into opening attachments potentially containing malicious content, leading to data extraction and or ransomware. The majority of data breaches and ransomware attacks originate with email messages that trick users like you into taking some type of action, leading to the loss of confidentiality, integrity or availability of your systems and assets. Given how important this threat is to FIBA and our members, our service provider, UDT, has increased their alert classification from a “Moderate” (MOD) to a “Moderate to High” (MOD-HIGH) threat level.

We all must maintain a “zero-trust” mentality when handling email messages, especially those originating from external parties. The manner in which these messages are being delivered by bad actors has evolved to leverage more sophisticated actions meant to bypass email security filtering applications. 

Here are some key recommendations provided by UDT to help you identify and avoid these threats to our operations:

External Source Banner: As an added layer of proactive measures,we’ve added a warning banner for every incoming message originating from an external source. This is meant to prompt you into being more careful when handling messages received from external sources, especially ones from contacts you have never received messages from.

Verify the Sender: Always check the sender’s email address, especially for emails from external sources. Be cautious if the email address looks suspicious or unfamiliar. Bad actors have continued to improve their “spoofing” techniques to the point where a sender’s address is masked to look like a legitimate address. Even if the from address appears to be legitimate, it still might be spoofed. Your next step should be to hover over any links included in the body of the email message itself to unhide the URL address its pointing to. If the link’s URL address does not match up with the From address, the email is most likely a phish. For example, the “From:” address on the email might show “Joe Smith <Joesmith@visa.com> ” but the link in the body of the email displays a different redirecting domain address like http://visausa.com/formsubmissions.

Be wary of emails that:

1. Claim to be urgent or time-sensitive, particularly concerning payments or payment transfers.
2. Contain unexpected attachments or links.
3. Have spelling and grammatical errors.
4. Request sensitive information such as passwords or personal details.
5. Before clicking on any link, hover your mouse over it to see the actual URL. Ensure it directs you to a legitimate website. If you’re unsure, report it to your IT Department.

Avoid Clicking on Suspicious Attachments: Do not open attachments you weren’t expecting, especially if the email is from an unknown sender. We’ve observed an increase in the number of emails with attachments claiming to be Invoices that reference fraudulent banking account numbers for the sender to use when submitting payment. Or invoices containing Purchase Orders related to large purchase requests.

These attachments have three objectives:

1) To trick the recipient party into transferring funds to an illegitimate bank account;

2) The hope by the bad actors of obtaining a shipment of systems or assets; and

3) Once opened by the recipient, trigger executable code which installs malicious code across systems.

Stay Cautious with Text Messages: Be aware of an increasing number of text messages asking you to confirm your identity or urging you to click on a link. 

Security controls that detect and block malicious messages on email applications do not extend to text messages received on your mobile device. Instead, text messages are delivered by the phone carriers,leaving it up to you to detect, report, and block messages from these suspicious numbers. If you receive a suspicious text message from an unrecognized number, we recommend you take the following steps:

1. Report the message: use the link provided by the carrier to report the message as junk. You will also be able to add the number to your phone’s block list to prevent you from receiving messages or calls in the future from this number.
2. Download Anti-Spam Apps: Use your telephone carrier’s anti-spam applications to protect against suspicious phone numbers.
3. Do Not Respond: Do not respond to or interact with any suspicious text messages.

By following these simple steps, you can help protect our organization from these real cyber threats.

Thank you for your attention and cooperation regarding this important notification.

Regards,

David Schwartz
CEO & President