Fraud Alert: Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud
Written by Bernadette Clair, Regulatory Compliance Counsel
Recently, the FBI, Financial Services Information Sharing and Analysis Center (FS-ISAC), and the Internet Crime Complaint Center (IC3), released a fraud alert regarding incidents of cyber crime targeting primarily small-to-medium banks and credit unions.
Cyber criminals are using spam and phishing e-mails, keystroke loggers, and Remote Access Trojans (RAT) to compromise financial institution networks and obtain employee login credentials. The stolen credentials are then used to initiate unauthorized wire transfers overseas. In reported cases, wire transfer amounts have varied between $400,000 and $900,000. In some of the incidents, the financial institution suffered a distributed denial of service (DDoS) attack against their public web sites and/or internet banking URL before and after the unauthorized transactions occurred.
The alert provides recommendations for financial institutions, such as:
- Educate employees on the dangers associated with opening attachments or clicking on links in unsolicited e-mails
- Do not allow employees to access personal or work e-mails on the same computers used to initiate payments
- Ensure employees do not leave USB tokens in computers used to connect to payment systems
- Ensure that workstations utilize host-based IPS technology and/or application white-listing to prevent the execution of unauthorized programs
- Monitor employee logins that occur outside of normal business hours
- Reduce employee wire limits in automated wire systems to require a second employee to approve larger wire transfers
- If wire transfer anomaly detection systems are used, consider changing âÂÂrulesâ to detect this type of attack and, if possible, create alerts to notify bank administrators if wire transfer limits are modified
- Monitor for spikes in website traffic that may indicate the beginning of a DDoS and implement a plan to ensure that when potential DDoS activity is detected, the appropriate authorities handling wire transfers are notified so wire transfer requests will be more closely scrutinized
- Strongly consider implementing an out of band authorization prior to allowing wire transfers to execute
Check out the alert for a complete list of the recommendations and information on reporting incidents of cyber crime.