Spear-Phishing Attacks on Banks on the Increase

Banks and their commercial clients face the persistent threat of online channel attacks with a significant threat posed by email from undetected crimeware and are being exposed to spear-phishing attacks more than ever before.

According to Gartner, crimeware designed to takeover online banking accounts and steal money is now the most significant threat concerning U.S. banks.

Financial services executives will be presented with “Strategies to Fight Online Account Takeover and Payments Fraud” when IronKey Chairman Dave Jevans and co-presenter, Kevin Thomsen, senior vice president, Citibank Strategies, address the topic at the Global Concepts 2011 Payments Operations & Strategy Forum, Wed., November 16th from 2:45 PM – 3:45 PM at the Four Seasons Hotel in Atlanta.

With 45 percent of U.S. PCs infected by crimeware, according to the latest Anti-Phishing Working Group (APWG) research, the risk of online banking crime, in which one wrong click can lead to financial disaster, has never been greater. Today’s anti-malware software fails to detect these threats at least 75 percent of the time according to real-time research from SpyEye Tracker.2 As a result, online banking account takeovers grew more than 150 percent based on new research published by FS-ISAC (Financial Services Information Sharing and Analysis Center).

Jevans will share the latest information regarding these risks to the financial executive and online banking customers’ desktops, and Thomsen will discuss Citi’s strategy for fraud prevention.

Jevans will update financial executives on these developments:

  • An increase in spear-phishing, where individuals inside companies and government agencies are targeted by criminals who send individualized fake emails to their victims, often with crimeware payloads. These emails usually evade spam and anti-virus filters, and are very effective at infecting a user’s computer.
  • How cybercriminals are using social media to social engineer spear-phishing attacks on CFOs, controllers and others in corporate finance roles. Criminals are taking their time, compiling as much information as they can through emails, social networking activity, chat records and even phone calls, before going after the big pay out.
  • An expectation for more targeted attacks to commercial accounts and high profile individuals like CEOs, CFOs and celebrities.
  • Smart phones will also likely become a target, working in conjunction with malware installed on computers. In short, threats will become more sophisticated, more complicated and harder to detect.

“It’s important that banks understand how financial malware such as ZeuS and SpyEye work and how they can go undetected by anti-virus software, firewalls and other conventional countermeasures,” said Jevans. “In light of the new FFIEC guidelines for online banking authentication that go into effect in January 2012, banks need to act now to better protect themselves and their clients from these potential threats at the customer’s own PC.”

Last updated by at .

Andrew Bonar

The founder of emailexpert.org, Andrew Bonar currently resides not far from Sydney in Australia where he performs his primary role as Postmaster for self-service ESP Campaign Monitor

In the past two years alone Andrew has been responsible for the delivery of in excess of 120 Billion messages. With more than 15 years of industry experience, Andrew is widely recognised as a leader in the field of message sending, deliverability and compliance.

In 1996, he co-founded the UK’s oldest privately held ISP, Cheapnet Ltd. In 1998, launched the UK’s first privately held eCommerce payment systems: eBanx Ltd, and in 2003 he launched two of the very first ESP’s in Europe: MailPhoenix and eMailGenie.

From 2006 Andrew served as an independent consultant at organisations throughout Europe, the Middle East, Asia Pacific and the US. More recently serving as Worldwide Director of Deliverability at Emailvision, managing deliverability operations in 22 Countries. Andrew continues developing and evangelising best practices in permission-based marketing with clients and industry associations and travels extensively in Asia, Europe and North America to fulfil these obligations.

Top