Phishing, malware to strain banks in 2009

Indeed, check ACH and other types of "offline" fraud seem to be on the increase in the last several months, but these cross-channel schemes frequently have undetected online account takeover at their root. Institutions rarely have the resources to piece together the overall fraud scheme.

Tom Miltonberger

We're hearing a lot of reports about cybercriminals taking advantage of the economic crisis and upheaval in the financial industry. What are you seeing so far?
Miltonberger: Cybercriminals are certainly finding new ways to steal sensitive data and exploit consumer confusion around the banking meltdown. The Federal Trade Commission recently published examples of phishing scams that attempt to capitalize on the turmoil in the financial services industry by asking consumers to "update, validate, or confirm" account information. Consumers are more likely to provide information to these scammers because they look like they're coming from financial institutions that are part of the recent bank consolidation, so it appears credible. Fraudsters are also exploiting consumers' increased interest in new job opportunities as unemployment rates skyrocket, leading consumers to bogus sites that promise new job offers or "work from home" opportunities where the victim becomes an unwitting mule in a fraud scheme, typically using their legitimate online banking account to transfer money around.

Is the recession affecting financial institutions' security budgets and/or antifraud efforts?
Miltonberger: While overall budgets have declined, we have not seen a decrease in security and antifraud investments. Fraud will continue to remain a problem that financial institutions need to address, especially as criminals get more desperate and savvy in the current economic climate.

SearchSecurity radio:

What fraud issues do you expect financial institutions to be dealing with in 2009?
Miltonberger: Phishing scams, malware and identity theft are all trending upwards in volume and sophistication that will only get worse in 2009, forcing all financial institutions to be more diligent in the ongoing fight against fraud. Moreover, as more large-scale bank mergers are announced and the ones already in motion begin to finalize, fraudsters will be lurking in the shadows, eager to capitalize on the confusion and uncertainty that comes with industry consolidation. Consumers will be distracted by the economy, and their misguided attempts at frugality will lead to poor decisions. For example, many consumers will let their antivirus protection expire to save $50, jeopardizing the safety of the broader online ecosystem in the process. With the economy in flux for the foreseeable future, banks and consumers must be made more aware of the dangers of online fraud and take action to protect themselves accordingly.

What compliance issues do you think will be priorities for your customers next year?
Miltonberger: Just as SOX emerged from the previous major economic downturn, I predict that Washington will begin issuing more regulations for financial institutions in particular. Increased regulation in the financial sector is inevitable, given the economic crisis was in a large part, borne of deregulated activities. In addition, Obama's administration will likely make some regulatory changes that will impact the financial institutions and their vendors and service providers.

One particular compliance issue that our customers will be prioritizing is the Red Flag regulations, which calls for the "establishment of an Identity Theft Prevention Program that is appropriate to the size and complexity of each organization," and is required of any financial institution. The Nov. 1, 2008 deadline has passed, but compliance will be an ongoing and evolving concern.

Tags: Emerging security threats and attacks,  Spam, phishing and social engineering attacks,  Information security awareness training,  Risk assessment and management in financial institutions,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Emerging security threats and attacks ACH fraud scams total $100 million, FBI says FDIC warns of rise in "money mule" schemes FDIC warns of bogus emails Bank Trojan used against German accounts evades antifraud systems Wyoming bank sues Google after bank employee email mishap California man sentenced in online brokerage scam Zeus Trojan hitting banking customers hard FDIC: Educate business customers about the need for security How to combat the insider threat ACH fraud on the rise, experts say Spam, phishing and social engineering attacks Judge rejects TD Ameritrade breach settlement FDIC warns of bogus emails Two Romanians suspected in phishing scheme extradited to U.S. Social engineering tests should make sense, not headlines Zeus Trojan hitting banking customers hard Five considerations for choosing network access control products Proposed expansion of top-level domains generates security concerns Online scammers exploit bank brands and consumers' financial woes BITS releases guide for implementing email authentication protocols Banks using Twitter need to proceed with caution, experts say Information security awareness training Social engineering tests should make sense, not headlines Laid off workers likely to steal company data, survey warns How to make information security a company-wide effort The Societe Generale fraud story: Keith White on fraud Rogue activity thwarted by early warning systems An overview of the FFIEC IT Examination Handbooks How to use PCI to your (budgetary) advantage Bank boosts security after couriers lose backup tapes Security survival skills critical to weathering shrinking budgets Online tax firm seeks exemption from hackers

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary