From: American Banker
While distributed denial of service attacks ebb and flow based on geopolitics, mortgage problems and earnings reports, the two leading types of cyber threats on banks of late are two types of phishing. One plays off the government’s troubled healthcare program, the other spoofs top executives’ email accounts, according to Christopher Novak, managing principal and security expert at Verizon Business.
“A lot of social engineering campaigns are using the confusion around what’s happening in healthcare to say, you need to come to this website and register and give up either personal information or credentials,” Novak says. The victim thinks it’s a legitimate message from the company for which he works and coughs up the desired credentials on a fake website.
The emails say something like, you’ve probably heard in the media that there’s this new healthcare regulation taking effect, you need to re-sign up for open enrollment, come in through Bank X’s website.
“In reality, it’s a hacker hosted site,” Novak says. “You’re supposed to log in with your bank credentials.” Minutes after the victim enters his credentials on the website, someone will come in from Asia or Eastern Europe and use that login information on the bank’s website. The hacker will then conduct a funds transfer or ACH transaction to move money out of the account.
“It’s a different twist on something we’ve seen before in phishing,” Novak says. “There’s a lot of talk, a lot of confusion, a lot of information and misinformation about healthcare right now. Those are the kinds of things the hacker community loves. That’s why every March and April you see a whole set of phishing emails that go out around taxes.”
Another currently popular phishing exploit uses the stolen email addresses of a bank’s top executives. “Someone will spoof an email to the CFO or controller and it will purport to be from the CEO,” he says. “The email will say something like, we need to sponsor this event or pay this vendor, it’s urgent and I need you to wire $100,000 into this account immediately, we’re already 30 days late. Because it’s from the CEO, other staff will expedite the request.
“In one case, the CFO happened to have lunch with the CEO and said, just out of curiosity, who was that merchant you had us expedite the wire transfer to?” Novak recalls. “The CEO said, ‘What are you talking about?’ The blood drained out of the CFO’s face and he said he had to go. We’ve seen more than a dozen of those happen in the last week. Probably over $10 million has moved in the last week because of this.”
If a bank recognizes immediately what’s happened, it has a chance of recovering the funds. But once the money is moved offshore, it’s gone. About 70% of the time, the companies targeted by such scams are banks, Novak estimates.
Verizon gets an inside look at such incidents because it works with the FBI or Secret Service on the investigations.
Leave a Reply