Going Phishing in Banking

Bank attack

The headlines can be seen everywhere: Hackers’ $1 billion bank theft may still impact consumers, JPMorgan and Other Banks Struck by Hackers, How safe are you and your bank from cyber attack?

Morgan Chase warned that cyber attacks are growing every day in strength and velocity across the globe.

He said, “It is going to be a continual and likely never-ending battle to stay ahead of it and unfortunately, not every battle will be won.”1

Ten of the largest banks in the world seemed to echo the concerns of J.P. Morgan Chase. Within the 2014 filings with the Securities and Exchange Commission virtually every bank seemed to be concerned about cyber attacks 2:

    • Citigroup: “Citi has been subject to intentional cyber incidents from external sources, including

  • (i) denial of service attacks, which attempted to interrupt service to clients and customers;
  • (ii) data breaches, which aimed to obtain unauthorized access to customer account data;
  • (iii) malicious software attacks on client systems, which attempted to allow unauthorized entrance to Citi’s systems under the guise of a client and the extraction of client data. For example, in 2013 Citi and other U.S. financial institutions experienced distributed denial of service attacks which were intended to disrupt consumer online banking services. …
  • “… because the methods used to cause cyber attacks change frequently or, in some cases, are not recognized until launched, Citi may be unable to implement effective preventive measures or proactively address these methods.”

    • Bank of America: “Although to date we have not experienced any material losses relating to cyber attacks or other information security breaches, there can be no assurance that we will not suffer such losses in the future.”
    • Wells Fargo: “Wells Fargo and reportedly other financial institutions continue to be the target of various evolving and adaptive denial-of-service or other cyber attacks as part of what appears to be a coordinated effort to disrupt the operations of financial institutions and potentially test their cyber security capabilities. Wells Fargo has not experienced any material losses relating to these or other cyber attacks.”
    • PNC: “We are faced with ongoing efforts by others to breach data security at financial institutions or with respect to financial transactions. Some of these involve efforts to enter our systems directly by going through or around our security protections. Others involve the use of schemes such as ‘phishing’ to gain access to identifying customer information, often from customers themselves.”

Despite all the damage that hackers can inflict on seemingly impenetrable networks, a good deal of breaches often start with something as simple as a spear phishing email. It was a spear phishing email that led to the $1 billion banking cyber attack by a Russian group known as Carbanak 3.

These types of e-mails are fraudulent attempts to target specific organizations by seeking unauthorized access to confidential data. Unlike the common e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source searching for confidential data.

To avoid emails of this nature, always be vigilant regarding the email you receive. If it looks phishy, call and ask the person who sent it. A lot can be accomplished from a safety perspective with so little effort. Now that is the dirty little secret that hackers don’t want anyone to know.

This Blog was brought to you by Hypersocket Software and its CEO, Lee David Painter. With over 20 years of industry experience as a pioneer in IT Security, Lee developed the world’s first OpenSource browser-based SSL VPN (SSL-Explorer). Today, Lee runs Hypersocket Software, a leader in Password Self-Service solutions.
LogonBox Password Self Service