An article relating to this blog post on Finextra:
FBI investigating 400 corporate account takeovers
The FBI is currently investigating over 400 reported cases of corporate account takeovers, where cyber crooks have used ACH and wire transfers to steal tens of millions of dollars from US businesses.
The news from the FBI does not come as a surprise given the tenacity of cyber criminals in their efforts to steal from businesses and consumers. The reference from the Department of Homeland Security that "the mission to reduce the cyber risks posed to the
finance sector systems is a national endeavor, requiring broad collaboration" reinforces the need for financial institution to partner with customers on educating them on the dangers of these types of attacks.
Just yesterday I received an e-mail from Bank of America telling me my Online Banking privileges would be de-activated if I didn't renew my subscription. I have to say this e-mail looked extremely legitimate, until I read the smaller text and found a typo.
Now I normally would never click through to a link from an e-mail but rather go directly to the site for any confirmed instructions around my account, however for some people this bogus phishing e-mail would have prompted them to follow its instructions. I
did forward the e-mail to the bank (they have a dedicated abuse e-mail address) and they replied they were aware of the scam and trying to shut down the source.
Many banks will post any known threats on their site, so customers (businesses and consumers alike) should get to know where their financial institutions may be posting these bulletins to help heighten awareness.
These events reinforce the FFIEC's recent Supplement to its 2005 Guidance on Authentication in an Online Banking Environment. The Supplement calls for financial institutions to take a layered approach to authentication and anomaly detection for monitoring
online banking transactional activity. Such an approach would include utilizing security tools like multi-factor authentication and limit management with a fraud prevention and detection solution which would include customer profiling and analytics to detect
suspicious behavior. The Guidance also calls for authentication techniques, challenge questions, and customer education. Technology will always play a key role in the fight no doubt, but the financial community working together with its customers on awareness
campaigns will continue to be critical.