Spear-Phishing Attacks on Banks on the Increase

0
130

Banks and their commercial clients face the persistent threat of online channel attacks with a significant threat posed by email from undetected crimeware and are being exposed to spear-phishing attacks more than ever before.

According to Gartner, crimeware designed to takeover online banking accounts and steal money is now the most significant threat concerning U.S. banks.

Financial services executives will be presented with “Strategies to Fight Online Account Takeover and Payments Fraud” when IronKey Chairman Dave Jevans and co-presenter, Kevin Thomsen, senior vice president, Citibank Strategies, address the topic at the Global Concepts 2011 Payments Operations & Strategy Forum, Wed., November 16th from 2:45 PM – 3:45 PM at the Four Seasons Hotel in Atlanta.

With 45 percent of U.S. PCs infected by crimeware, according to the latest Anti-Phishing Working Group (APWG) research, the risk of online banking crime, in which one wrong click can lead to financial disaster, has never been greater. Today’s anti-malware software fails to detect these threats at least 75 percent of the time according to real-time research from SpyEye Tracker.2 As a result, online banking account takeovers grew more than 150 percent based on new research published by FS-ISAC (Financial Services Information Sharing and Analysis Center).

Jevans will share the latest information regarding these risks to the financial executive and online banking customers’ desktops, and Thomsen will discuss Citi’s strategy for fraud prevention.

Jevans will update financial executives on these developments:

  • An increase in spear-phishing, where individuals inside companies and government agencies are targeted by criminals who send individualized fake emails to their victims, often with crimeware payloads. These emails usually evade spam and anti-virus filters, and are very effective at infecting a user’s computer.
  • How cybercriminals are using social media to social engineer spear-phishing attacks on CFOs, controllers and others in corporate finance roles. Criminals are taking their time, compiling as much information as they can through emails, social networking activity, chat records and even phone calls, before going after the big pay out.
  • An expectation for more targeted attacks to commercial accounts and high profile individuals like CEOs, CFOs and celebrities.
  • Smart phones will also likely become a target, working in conjunction with malware installed on computers. In short, threats will become more sophisticated, more complicated and harder to detect.

“It’s important that banks understand how financial malware such as ZeuS and SpyEye work and how they can go undetected by anti-virus software, firewalls and other conventional countermeasures,” said Jevans. “In light of the new FFIEC guidelines for online banking authentication that go into effect in January 2012, banks need to act now to better protect themselves and their clients from these potential threats at the customer’s own PC.”

SHARE
Previous articleUS ESP Vendor Report Ranks SilverPop & ExactTarget as Leaders
Next articleiContact Announces 3,000 UK Customers
emailexpert is published by Andrew Bonar, the founder of the company Deliverability which is incorporated in Australia, Hong Kong and the United Kingdom. Deliverability has included Dotmailer, GetResponse, outreach.io, SendLane and other ESPs as clients. Having launched his first website in 1990, he went on to become the co-founder of @POBox UK in 1993, a free email address provider, possibly the first in the world. Thereafter launching Cheapnet which became the longest running privately owned ISP in Europe before launching the first privately owned online payment gateway in the UK: Ebanx. Andrew has consulted to some of the worlds biggest senders including Amazon, Mondelez and Nestle. 2012 in his role as Global Deliverability Director at Emailvision was the first time he oversaw the delivery of more than 100 Biillion messages in a single year. Since that time he has provisioned consultancy or performed leadership roles at some of Australia's most successful tech companies. Including Campaign Monitor, Freelancer.com and Kogan. With 21+ years of industry experience, Andrew is widely recognised as a leader in the field of message sending, deliverability and compliance. He currently resides in the Harbour City of Sydney and continues to serve as an independent consultant at organisations throughout Europe, the Middle East, Asia Pacific and the US.