- Education & Events
- Advocacy
- Products & Services
- Membership
- Resources
- SDBANKER Magazine
- SDBA eNews
- SDBA eNews Archives
- Legislative Update/Bill Watch
- South Dakota Bank Directory
- Women in Banking
- Scenes of South Dakota Calendar*
- Holiday Signs
- Regulatory Report
- South Dakota Banking Code
- Record Retention Manual
- Advertising & Sponsorship Guide
- COVID-19 Resources
- Mental Health and Crisis Prevention
- About
|
News
SDBA UpdatesSDBA Events
Online EducationCompliance AllianceABA Podcast: The real difference between stablecoins and tokenized depositsSeptember 24, 2025
Back to TopJoin ABA’s Fraud-Fighting Campaigns#BanksNeverAskThat and #PracticeSafeChecks are free consumer education campaigns open to all banks.
ABA’s scam prevention campaign, #BanksNeverAskThat, and our check fraud campaign, #PracticeSafeChecks are returning this fall — with new materials including social media posts and videos, check safety tips and resources for small business customers, digital graphics and more.
Participated in the past? Be sure to register again! Registration is free for all banks regardless of ABA membership status. Once registered, the ABA will email you a link to access the campaign materials — please allow up to 24 hours for the email to arrive.
All of the assets for both campaigns will be available in one toolkit. Back to topABA Banking Journal: FBI alert: Scammers impersonating agency’s cyber-crimes websiteSeptember 23, 2025
The FBI is warning that scammers are spoofing the website of the agency’s Internet Crime Complaint Center, or IC3, to trick consumers into turning over financial information. A spoofed website is designed to impersonate a legitimate website and may be used for illegal conduct, such as personal information theft and facilitating monetary scams, according to the FBI. The IC3 is the central hub for reporting cyber-related crimes and elder fraud to the agency. The IC3 does not work with any non-law enforcement entity, such as law firms or cryptocurrency services, to recover lost funds or investigate cases. In an alert, the FBI recommended that consumers type the IC3’s web address – www.ic3.gov – directly into their browser address bar to ensure they are going to the correct address. The agency also recommended against clicking on “sponsored” results in web searches for the IC3 as those may be spoofed sites, and instead to check that the address ends in “.gov” and matches the IC3 address. Potential victims should report any interactions with websites or individuals impersonating IC3 to their local FBI field office or the IC3 through its official web address, the agency said. Back to TopCISA News: New attack on ChatGPT research agent pilfers secrets from Gmail inboxesUnlike most prompt injections, ShadowLeak executes on OpenAI's cloud-based infrastructure.September 18, 2025 | Dan Goodin
The face-palm-worthy prompt injections against AI assistants continue. Today’s installment hits OpenAI’s Deep Research agent. Researchers recently devised an attack that plucked confidential information out of a user’s Gmail inbox and sent it to an attacker-controlled web server, with no interaction required on the part of the victim and no sign of exfiltration. Deep Research is a ChatGPT-integrated AI agent that OpenAI introduced earlier this year. As its name is meant to convey, Deep Research performs complex, multi-step research on the Internet by tapping into a large array of resources, including a user’s email inbox, documents, and other resources. It can also autonomously browse websites and click on links. A user can prompt the agent to search through the past month’s emails, cross-reference them with information found on the web, and use them to compile a detailed report on a given topic. OpenAI says that it “accomplishes in tens of minutes what would take a human many hours.” What could possibly go wrong?It turns out there's a downside to having a large language model browse websites and click on links with no human supervision. On Thursday, security firm Radware published research showing how a garden-variety attack known as a prompt injection is all it took for company researchers to exfiltrate confidential information when Deep Research was given access to a target’s Gmail inbox. This type of integration is precisely what Deep Research was designed to do—and something OpenAI has encouraged. Radware has dubbed the attack Shadow Leak. “ShadowLeak weaponizes the very capabilities that make AI assistants useful: email access, tool use and autonomous web calls,” Radware researchers wrote. “It results in silent data loss and unlogged actions performed ‘on behalf of the user,’ bypassing traditional security controls that assume intentional user clicks or data leakage prevention at the gateway level.” ShadowLeak starts where most attacks on LLMs do—with an indirect prompt injection. These prompts are tucked inside content such as documents and emails sent by untrusted people. They contain instructions to perform actions the user never asked for, and like a Jedi mind trick, they are tremendously effective in persuading the LLM to do things that are harmful. Prompt injections exploit an LLM’s inherent need to please its user. Following instructions has been so ingrained into the bots' behavior that they’ll carry them out no matter who asks, even a threat actor in a malicious email. So far, prompt injections have proved impossible to prevent. That has left OpenAI and the rest of the LLM market reliant on mitigations that are often introduced on a case-by-case basis and only in response to the discovery of a working exploit. Accordingly, OpenAI mitigated the prompt-injection technique ShadowLeak fell to—but only after Radware privately alerted the LLM maker to it. A proof-of-concept attack that Radware published embedded a prompt injection into an email sent to a Gmail account that Deep Research had been given access to. The injection included instructions to scan received emails related to a company’s human resources department for the names and addresses of employees. Deep Research dutifully followed those instructions. By now, ChatGPT and most other LLMs have mitigated such attacks, not by squashing prompt injections, but rather by blocking the channels the prompt injections use to exfiltrate confidential information. Specifically, these mitigations work by requiring explicit user consent before an AI assistant can click links or use markdown links—which are the normal ways to smuggle information off of a user environment and into the hands of the attacker. At first, Deep Research also refused. But when the researchers invoked browser.open—a tool Deep Research offers for autonomous Web surfing—they cleared the hurdle. Specifically, the injection directed the agent to open the link https://compliance.hr-service.net/public-employee-lookup/ and append parameters to it. The injection defined the parameters as an employee’s name and address. When Deep Research complied, it opened the link and, in the process, exfiltrated the information to the event log of the website. [...] Back to Top |
In the wake of the summer’s Genius Act, many banks and nonbanks have announced new stablecoin initiatives. Another digital asset — tokenized deposits — may meet needs similar to stablecoins, but the two asset types have significantly different features based on their underlying designs. On this episode of the ABA Banking Journal Podcast, ABA experts Brooke Ybarra and Yikai Wang discuss:
The South Dakota Bankers Association (SDBA) is asking for your bank’s participation in the 2025 Important Fraud Survey. The survey link was sent to all SDBA member Chief Executive Officers on Thursday, September 4, with a follow-up reminder on Monday, September 8, requesting that someone from each organization complete it. Participation in the survey is not required, but strongly encouraged, as we are aiming for 100% member participation. Input and feedback from the survey will help us gain a better picture of fraud-related issues impacting banks and customers across the state.
