Phishing Attempts in the Banking Sector – Security Alert

VeriFone Security Alert Banner
28 AUGUST 2014

DISCLAIMER: This advisory is provided “as is” for informational purposes only.  VeriFone does not provide any warranties of any kind regarding any information contained within.

Cyber criminals “hackers” behind a series of sophisticated attacks on banks…

Recent data breach events are the result of successful spear phishing attacks targeting bank employees. According to a recent article published by Bank Info Security, a major U.S. financial institution spokesperson reported they are working with law enforcement to determine the extent of a potential data breach of the bank’s network. Apparently, attackers managed to compromise a single bank employee’s computer system – and potentially a home computer with a VPN connection to the bank’s network – which gave attackers a launching point for accessing the bank’s networks and compromising other systems. According to the article, these same cyber criminals may be responsible for similar cyber-attacks at as many as five other financial institutions.

Spear phishing attacks target company employees

Spear phishing is an email that appears to be from an individual or business that you know. But it isn’t. It’s from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your computer systems (mobile devices, PCs, laptops, etc.). Spear phishing attacks often target specific employees within an organization, in an attempt to trick employees into clicking on an attached link or document. Once the employee clicks on the link, the employee’s computer becomes infected with malicious software, known as malware. Once malware is installed onto an employee’s computer, the malware will go about collecting user names and passwords that may allow further access to company systems. This type of compromise is often used as the initial entry point into a company’s network.

Anti-Phishing Working Group (APWG) releases its Phishing Trends Report for Q1 2014

Some key findings in the APWG report include:

  • The number of phishing sites leaped by 10.7 percent over the fourth quarter of 2013.
  • The number of brands targeted was up, from 525 targeted in the fourth quarter of 2013 to 557 in Q1- 2014.
  • The number of phishing attacks observed in Q1 was 125,215. That is the second-highest number of sites detected in a first quarter, eclipsed only by the 164,032 seen in the first quarter of 2012.
  • Payment Services continued to be the most- targeted industry sector.
  • 32.7 percent of personal computers around the world are infected with malware or spyware.

Steps to prevent being the victim of a phishing attack

  • Ensure that computer systems are up to date with latest antivirus software and patches.
  • Links in emails, tweets, posts, and online advertisements are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete it or, if appropriate, mark as junk email.
  • Think before you click. Be especially wary of communications that make it simple for you to act immediately, click to check status, or get more information.
  • Do not open email attachments or click on links unless expected. Be especially careful with zip files.
  • Report any suspicious behavior or symptoms immediately, even if you are not sure you are a victim. Contact IT Helpdesk or local IT Site Support.

For more information on VeriFone security solutions please visit us at www.verifone.com.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>