Search This Blog

Showing posts with label @bank_of_russia. Show all posts

The Central Bank of Russia will fine banks for weak cyber defense


On September 12, 2019, it became known that the Central Bank has a new punishment for banks for poor cyber defense.  By the end of the year, the Central Bank will launch a new feature for credit institutions, it will be the risk profile on the level of information security.

This indicator, according to Artem Sychev, the first Deputy Director of the Information Security Department of the Bank of Russia, will show the likelihood of problems for the Bank due to non-compliance with cybersecurity standards.

The risk profile will be formed on the basis of four characteristics, including the share of unauthorised card transactions and the bank's readiness to repel an attack. In addition, the risk profile will be taken into account in assessing the economic situation of the bank along with the amount of capital, profitability, liquidity, quality of management, etc.

Depending on the risk profile on the level of cyber security, the Central Bank will give recommendations to banks.

The calculation of the risk profile will allow us to evaluate how the bank’s management responds to emerging cyber threats, the Central Bank added.

A financial institution that receives a low-risk profile will have consequences ranging from enhanced supervision to penalties. Moreover, this will affect the loan terms at the interbank market.

Sychev stressed that the Bank of Russia sees a connection between the way the Bank relates to information security issues and its financial stability.

Nobody before in the Russian Federation or in other countries has determined such indicators that help the regulator (the Central Bank) to form an opinion about the situation, whether it achieves the goals of the regulation or not from the point of view of information security,” Sychev explained.

It is worth noting that on September 12, the Bank of Russia recorded a “rather serious” cyber attack on Russian banks from Brazil, said Artem Sychev.

According to him, it was a BIN-attack, in which bank card numbers are generated using a special program.

Sychev noted that the direct interaction of each of the attacked banks separately with the representative of Brazil did not give results. The attacks stopped only after the interaction of the Central Bank with the Brazilian regulator.

Income Tax Dept alerts taxpayers of phishing mails by fraudsters




The Income Tax department of India has alerted the taxpayers about a phishing email asking them to verify their tax return even though they have e-verified it.

A taxpayer Anika Gupta, received an email from a suspicious email ID, asking her to e-verify her return, while she had already e-verified her ITR through OTP generated by the Aadhaar card.

The email claiming to be from the Income Tax (I-T) Department, it read, “Hello anxxxxx@xxail.com, Income Tax Return for the Assessment Year 2019-2020 has been successfully filed. After Submission, It is mandatory for Tax Payers to e-Verify the Income Tax Return using various verification methods. For your Income Tax Return, e-verification is not d………..read more”

The mail contains three malicious links with the texts ‘read more’, ‘see here’, ‘pending’ and ‘click here’.

Soon after receiving the mail, Gupta alerted the matter to the grievance section of the I-T Department.

The I-T Department alerted the taxpayers by saying, “Income Tax Department never asks PIN, OTP, Password or similar access information for credit/debit cards, banks or other financial account-related information through e-mail, SMS or phone calls. Taxpayers are cautioned not to respond to such e-mails, SMS or phone calls and not to share personal or financial information.”

The I-T department also requests the user to carefully “Check the domain name. Fake emails will have misspelled or incorrect sounding variants of Income Tax Department web sites and will have incorrect email header.”

The Department further said, “In case if you have received such phishing / suspicious mail – do not open any attachments as it may contain malicious code. Do not click any links. Even if you have clicked on links inadvertently, then do not enter personal or financial information such as bank account, credit/debit/ATM card, income tax details, etc.”