BankInfoSecurity.com - Information Security News, Regulations, & Education

Just Released: Our Online Webinar Catalog

Bank Information Security Articles

Phishing Victims Fight Back

Credit
EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Tips for Turning the Tables on Scam Artists

April 28, 2008 - Linda McGlasson, Managing Editor

This article was originally created for BankInfoSecurity.com, and contains information that should interest our GovInfoSecurity.com readers.

Save

Digg

Delicious

Please login or register to save this article.

One midwestern credit union (which prefers to remain anonymous), with nearly $200 million in assets and more than 30,000 members, has been phished four times -- the most recent in 2006, with three of those incidents occurring within a 90-day period.

In the first three cases, the credit union received copies of the emails from its members and even non-members, asking why the institution would send email to them requesting card and account information. The phishing emails were similar to those pervasive spams mimicking eBay, PayPal, and many banks from outside the region.

In these cases, the perpetrators found an opening on an innocent's computer and used the email client to send emails to State University students and staff, purporting to be from the credit union. They copied the credit union's home banking entry page, adding additional boxes for credit card numbers, CVV codes, PINs, and expiration dates. The emails originated in Seattle, Washington and Montevideo, Uruguay. The URL of the credit union's copied site was located at a university in Poland in one case. The others were in Seattle, WA and Taoyuan City, Taiwan.

The credit union was able to take these down by researching the WHOIS data (a database that tracks the name and address of the domain owner) from Network Solutions and contacting the host and ISPs. The credit union says it received great help from everyone. Its longest delay occurred when the university in Poland was on a week-long break, and no one was available to resolve the issue.

Click to Get Updates on the Latest Information Security News

Company*

Title*

Email*

Subscription Type:

Healthcare Enews

General Healthcare Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Government Enews

General Government Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Banking Enews

General Banking Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Credit Union Enews

General Credit Union Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Need Help?

The credit union's fourth phish was resolved with help from staff at Purdue Employees Federal Credit Union. They contacted the credit union, as the attack began at Purdue EFCU and also had targeted their own brand. Purdue's advance warning and monitoring were able to bring down the attack before any damage occurred. They found that the phish was being done by teenagers in Romania. The credit union says it now uses multifactor authentication to assist in identifying fraudulent sites.

You've Been Phished, Now What?
So what do you do if your financial institution's brand is phished? Your institution should have an incident response plan already in place, but here are some phishing-specific steps to review and add to your plan.

Communicate to your customers. The sooner the better. Put an announcement message on your website's front page. And if you can, send an email to all of your customers, telling them about the phishing attack. Give the facts, as much as you can, and tell them what you're doing to stop it. Let them know to contact your institution when they receive any suspicious email or phone call purporting to be from your institution.

Contact law enforcement, both local and federal authorities. The credit union that had been phished four times says sending an email to the FBI's www.ic3.gov alert doesn't garner much attention. They say that filing a report with the www.ic3.gov site will result in "no help and no response." The case file number they give simply states that they have too many complaints, and the data will be forwarded to the appropriate agency. A call to your local FBI office is also advisable. Alerting the Anti-Phishing Working Group should also be considered. A call to your institution's regulatory body is also in order, and is mandatory if customer account data is breached.

Find out who owns the URL. Use the Network Solution's www.netsol.com site to determine the owner and notify them of the attack. Sometimes they don't know their site is a phish hosting site. It may be a compromised web server that has been hacked by the phishers, or a registered domain name on an ISP such as Yahoo or Google. If you do contact the owner, ask them to take down the server or block the outgoing messages. Involve your legal department on this portion to ensure compliance with your request. Find the ISP that the IP address belongs to and ask them to block the address and tell them why you're requesting it.

Get a copy of the original email sent to people, and if possible save the headers from the email. This can show the email server that sent the email, it's usually not the case as phishers will obfuscate the address or misconfigure the server but it still will provide ammo if you catch the phishers.

Go to the phishing site, but go carefully. Use a non-institutional computer if possible because of the possibility of malware being on the site that will inject viruses and other nasty downloads onto the machine. Once you're on the site, take time to document what is there by making a screen shot of every page on the site. Copy the source code from every page for later forensic use in a law enforcement investigation.

1 | 2

View On 1 Page

Next Related Article:

Beware Phishing via Fax

Topics of Interest

Confidence In Banking

Confidence in Commerce
Top Online Banking Threats to Financial Service Providers in 2010

Guidance

OTS Update: Risk Management of Remote Deposit Capture guidance
Corporate Governance and Oversight by the Board of Directors

Network/Perimeter

Is The Door To Your Company's Private Data Wide Open?
Top Online Banking Threats to Financial Service Providers in 2010

PCI DSS

Reducing the Cost of Achieving PCI Compliance
Automated, Continuous PCI Compliance

Cobit

The Role of Internal Auditing in IT Security
Interagency Guidelines Establishing Information Security Standards Small-Entity Compliance Guide

Storage

Compliance Rules for Financial Firms and Institutions
Satisfying GLBA Requirements: Log Management

Latest Tweets & Mentions

Recent Content
Most Popular

1Heartland, Discover Settle at $5 Million
2How to Protect Consumers from ID Theft
3The Mobile Mandate
4Church Latest Victim of ACH Fraud
5Video: Why Cyber Challenge is Needed
6FDIC: 829 Troubled Banks
7ID Theft: Courts Cracking Down
810 Tips to Thwart Skimming
9Skimming: Old Crime, New Tools
10Key Elements of Risk Management

1Failed Banks and Credit Unions, 2010
22010 Data Breach Timeline
3Pay-At-The-Pump Skimming on the Rise
4Account Takeover: The New Wrinkle
5Tapping the Power of Social Media
6ATM Skimming: How Effective is Jitter?
741 Banking Breaches So far in 2010
8New Fraud Spree Investigated
9Social Media Policy - The 6 Essentials
10FDIC: Top 5 Fraud Threats

BankInfoSecurity.com Research

Podcast:Mortgage Fraud: Compliance to be a Challenge
Webinar:Information Security Risk Assessments: Understanding the Process
Handbook:2010 Webinar Catalog
White Paper:Understanding Man-in-the-Browser Attacks and Addressing the Problem
Regulation:FHFA: Issues Subpoenas for PLS Documents

Recent Blog Entries

Be Mindful of Insider Fraud Against Seniors

California's Financial Abuse Reporting Act, SB 1018, which r…

Read The Agency Insider by Linda McGlasson

Vendor Solutions

McAfee, Inc.

Solutions For:

Access Control, Application Security, Risk Management, Risk Analysis
VeriSign

Solutions For:

Anti-Phishing, Authentication, Web Services Security, E-Commerce Security

Marketplace

Information Security Media Group - Family of Websites

Banking

BankInfoSecurity.com
Careers
Blogs

Credit Unions

CUInfoSecurity.com
Careers
Blogs

Government

GovInfoSecurity.com
Careers
Blogs

Healthcare

HealthcareInfoSecurity.com
Careers
Blogs

About Us
Contact Us
Site Map
Terms of Service
Advertise
RSS

BankInfoSecurity NewsGet the RSS Feed
Agency ReleasesGet the RSS Feed
Latest ArticlesGet the RSS Feed
WebinarsGet the RSS Feed
BankInfoSecurity.com BlogGet the RSS Feed

Home
Training
Resources
Content Library
- Agency Releases
- Articles
- Handbooks
- Podcasts
- Surveys
- Webinars | Calendar
- White Papers
Careers
Blog

Advanced Search

Browse Topics

Agencies

Federal Deposit Insurance Corp
Federal Reserve Board
Federal Trade Commission
FFIEC
FHFA
FinCEN
Government Accountability Office
National Credit Union Admin.
NIST
Office Comptroller of Currency
Office of Thrift Supervision

Anti-Money Laundering

Banking Today

Confidence In Banking

Business Continuity & Disaster Recovery

Pandemic Preparation

Compliance

Bank Secrecy Act
Basel II
CA Bill 1386
E-SIGN Act
FACTA
Gramm-Leach-Bliley Act
Guidance
Identity Theft Red Flags Rule
NCUA Part 748
Patriot Act
PCI DSS
Sarbanes-Oxley Act

Emerging Technology

Application Security
Authentication
Cloud Computing
Data Loss
Encryption
GRC
ID Access & Management
Messaging
Mobile Banking
Network/Perimeter
Remote Capture
SIM/SEM
Social Media
Storage
Web Security

Fraud

ACH
ATM
Check
Debit, Credit, Prepaid Cards
First Party
Insider
Mortgage
Payments
Wire

Governance & Standards

BITS
Cobit
COSO
FFIEC Handbook
ISO
ITGI
ITIL
PCAOB

Identity Theft

Pharming
Phishing
Skimming

Leadership & Management

Physical Security

Biometrics

Risk Management

HR
Incident Response
Information Security Compliance
Insider Threat
IT Audit
Privacy
Risk Assessment
Social Engineering
Vendor Management

Training & Education

FHFA: Issues Subpoenas for PLS Documents..Next Topic
The Electronic Funds Transfer (EFT) Act - Regulation E..Next Topic
The Electronic Funds Transfer (EFT) Act - Regulation E..Next Topic
DoJ: Report to Congress on Implementation of Section 1001 of the USA PATRIOT Act..Next Topic
FFIEC Issues 2009 Mortgage Fraud White Paper:The Detection and Deterrence of Mortgage..Next Topic
FDIC: Fraudulent Work-at-Home Funds Transfer Agent Schemes..Next Topic
Joint Statement by Education Secretary Duncan, Homeland Security Secretary Napolitano and..Next Topic
Obama's Cyberspace Policy Review: Assuring a Trusted and Resilient Information and..Next Topic
Obama's Cyberspace Policy Review: Assuring a Trusted and Resilient Information and..Next Topic
NIST: PIV Card Application and Middleware Interface Test Guidelines, SP800-85A-1..Next Topic

A-
A
A+