Institute
Sophisticated attacks in the Community Financial Institutions increase!
In the world of high technology today, maintaining the privacy and protection customers and employees' information grows more and more difficult, especially for many financial institutions. These crooks days are getting bolder and unabashed in their abilities to obtain personal information from banking customers, as the less aggressive goal of community-owned local financial institutions.
In fact, a recent customer reported a complex, malicious and targeted attack took place in their institution's customers and employees. A well-known "phishing" Site activity trends reported that financial institutions registered a steady increase in "phishing" activities with 92.5% of attacks directed financial institutions.
On average, a phishing site stays online for 3.8 days. The interest for the number of days that the line is remains in line longer, more possibilities for the scammer to collect personal information. It is imperative that we are prepared for such incidents and response is needed.
Phishing and pharming attacks
There was a time when only large financial institutions such as Wells Fargo were targeted phishing scams and pharming, but that is no longer the case. The increase in phishing attacks in the community financial institutions stems from the fact that smaller financial institutions simply are more profitable and are less protected against fraudulent activities.
As mentioned above, the institutions of our financial community a local was beaten with a complex and sophisticated vishing / pharming / phishing scam phone that focused on customers and employees of the bank. Fortunately, we have been preparing for years for our clients for this type of attack, and therefore were on alert, so that the attack caused minimal problems.
Sharp customers and employees acknowledged that the emails were a scam, because of bad grammar and content, in addition to the greeting addressed to "members" or any other person not described. A genuine message from a financial institution customer is always directed by his full name. On the other hand, did not provide half scams to contact the institution if there were any questions, but said customers and employees, not the email to respond. No institution legitimate ever tell you not to answer.
But even with preparation and after years of working in the field of Internet security, we were surprised at the combination of attack vectors used.
Combination of the types of attack
The scammers' used a variety of strategies from an email mass and pharming scam as an attempt to steal personal information through a phishing Do it yourself kit. The initial attack was followed telephone calls to certain area codes with false numbers and using a technique called vishing. Furthermore, using pharming, phishing, vishing and tactics aimed at stealing valuable information such as credit cards, social security numbers, IDs and passwords, the attackers did not stop there.
The scammers also included Spear phishing, counterfeit fraud email addresses to employees of financial institutions in an attempt of obtaining unauthorized access to confidential data. Due to the watchful eye banks, who caught it in time, but such attacks are becoming bolder and more common require great vigilance and more on keeping your personal information outside of scammers.
Why customers are fooled
About 19% of recipients respond to Spear-phishing, which is now one of the most menacing threats to Internet users. Unfortunately, users do not clearly understand the importance to verify the authenticity, which should include specific indications that the site that are being sent to is secure.
As a busy society, we're so focused in doing the work quickly and efficiently, often do not check important clues, which is why many users receive messages, or paying bills online is not careful with the clues that indicate whether an email message or the site is fraudulent.
An Incident Response Plan
How are you scams are on the rise financial institutions, if a financial institution is prepared, and in today's world, must be, the consequences will be minimal. In the case of phishing and pharming scams, staff members at a financial institution should know how to deal with such situations effectively.
To ensure customer security and privacy, an incident response plan should be in place and is necessary for examiners to be in place. Included in the plan should be an organized approach of how the problem will be handled as well as having a clearly defined plan to address the situation.
The following should be considered in relation with an Incident Response Plan:
1. Start by assessing the situation so that you know exactly what your bank is trying, if an incident has occurred, for usually up to the CEO and CIO to manage the overall incident response along with members of a CSIRT.
2. Anti-attacker
1. Educating the end user
2. Pharming redirects clicks to a page of education (most of the attacks are pulling the images from your site)
3. Try turning off the same phishing site
4. If you need a competent supplier to respond to the situation of counter, which helps identify moving this web site and contact the agencies for.
5. Exploit the phishing website
6. Communicate with customers
1. Publish newsletters on the website to ensure that customers are aware situation
2. To ensure that its customers used the security controls in place for the institution.
7. Contact the authorities such as the Service Secret FBI, also in contact with financial service providers to support abnormal activity on customer accounts.
8. Feed false information to sites of Pharm.
9. Review of abnormal activity in customer accounts and fake accounts
10. Companies Implement monitoring by a third party
This is not meant be an incident response plan complete, but in motion the process of thinking about the topics to be covered.
Preventive Actions
At one time or another of your institution be affected by a fraud scam, so they are preparing a response plan good for employees as well as providing customer education, as well to have the resources (either in house or outsourced) to handle the problem efficiently and effectively are the most effective preventive action.
Prevention the primary course of maintaining the extent that pharming and phishing scams at bay, and therefore as a precautionary measure, customers who use online banking at any financial institution that they must use caution when opening any email with links that appear to come from your financial institution. Although the message looks legitimate, caution is always best. Educate clients to take the initiative rather than reactive.
Warning to customers who do not click the links from in emails, especially if they appear somewhat suspicious. Also, if the client has any questions about email, alert the customer to call directly to your financial institution to determine whether it could be a phishing or pharming scam.
Provide customers with Security Awareness Training by developing a website on disclosure of information, besides providing an email address to closely monitor this activity must be performed by your institution in the Customers can send suspicious activity.
About the Author
Mr. Gale Yocom is a recognized expert in technology and Chairman of the specialist security company based in Dallas Covetrix. For the past ten years his company has provided networking solutions and full service entitities governmental safety, financial institutions and commercial enterprises throughout the conduct of U.S. security audits, penetration testing and application security controls, which provides a wealth of knowledge and information on Internet safety.
Mr. Yocom is known to effectively identify gaps in practice security institution and has impressively strengthened the security posture of many financial institutions. Mr. Yocom can get to contact him gale@covetrix.com or visit the web www.covetrix.com
About the Author
Michael worked as a Marketing Professional he discovered home business marketing potential. Today his advice widely sort for upcoming business vertures.
|
|
Dr. Seuss Oceanography Institute Fish Sleep Shorts for women $13 These sleep shorts for women feature Dr. Seuss’ Blue Fishes from his much loved One Fish Two Fish Children’s book on a pink and blue buffalo block background. These fun shorts have a covered Dr. Seuss waistband and rear patch pocket. Machine washable and easy care. Junior Cut. |
|
|
Dr. Seuss Oceanography Institute Fish Lounge Pants for women $18 These lounge pants for women feature Dr. Seuss’ Blue Fishes from his much loved One Fish Two Fish Children’s book on a pink and blue buffalo block background. These fun pants have a covered Dr. Seuss elastic waistband with tie and rear patch pocket. Machine washable and easy care. Junior cut. |
|
|
Dr. Seuss Oceanography Institute Navy V-Neck Tee for women $16 These tees for women feature Dr. Seuss’ famous Blue Fish from his much loved Children’s Storybook ‘One Fish Two Fish ‘ on a navy background. These fun speckle-print, fitted tees are machine washable and easy care. Junior cut. |
|
|
Advanced Sexual Techniques Book & DVD $24.95 Increase your pleasure, explore sexual options, and take your relationship to a whole new level with this DVD and book! Developed by the Sinclair Institute and sex expert Dr. Linda Banner, the DVD presents explicit demonstrations of sexual techiques by real couples, and the 176-page book provides more information plus additional tips and fun exercises! Learn positions for deeper penetration, the best oral techniques, how to trigger g-spot orgasms, fun with sex toys, and more! A great way to learn how to become better lovers together! 76-minute DVD. |
|
|
Lubricant – Better sex essentials silicone lubricant $19.99 Flavor: Unflavored; Base: Silicone; Product Type: Lubricant; Manufacturer: Sinclair Intimacy Institute |
