Fraudsters Target Bank Employees

Hijacked Credentials Lead to Credit Report Thefts

By , November 6, 2012.
  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
Fraudsters Target Bank Employees

A breach at a Texas credit union offers yet another example of how hackers now target financial institution employees to gain access to sensitive information from other sources, such as credit-reporting services, and then commit fraud.

See Also: The Evolution of Advanced Malware

In September 2011, hackers compromised an employee account at the former Abilene Telco Federal Credit Union, now First Priority Credit Union, most likely through a phishing scheme that fooled the employee into opening an attachment or link that launched malware. The credit union did not respond to BankInfoSecurity's request for an interview. But the institution's branch manager reportedly told Bloomberg News in late October that hackers broke into an employee's computer and accessed login credentials to the credit union's online account with Experian, the credit reporting organization.

Experian confirms the breach, and says the incident wound up exposing personally identifiable information of about 702 Experian users, including Social Security numbers, dates of birth and financial data.

Experian spokesman Gerry Tschopp says his organization discovered the breach on Sept. 19, 2011, and notified attorneys general in the affected states, including North Carolina.

"This issue really is about cybercriminals attempting to commit fraud and illegal actions against many companies and many industries," Tschopp says. "This is about the sophisticated criminal organizations that constantly try to exploit companies and victimize consumers.

"The malware was not a direct hack of Experian's systems in North America," he adds.

The year-old breach is getting renewed attention, as legislators, including Sen. John Rockefeller, D-W.Va., review how companies such as Experian collect and protect data.

Inadequate Security

This incident, and others like it, illustrates how financial institution employees increasingly prove to be weaker links in the security chain, says financial fraud expert Avivah Litan, an analyst at the consulting firm Gartner. Inadequate authentication practices and lax mandates for computer security upgrades, updates and patches leave banking institution employees in some cases more susceptible to malware attacks waged via socially engineered schemes than bank customers, Litan says.

"The banks themselves don't use the same controls they ask customers to use," Litan says. "You see banks focusing on data loss prevention, but then you often see what I consider antiquated antivirus systems. It's those types of outdated systems that make them vulnerable."

To improve security internally, Litan suggests institutions invest in:

  • Enhanced malware-detection tools;
  • Device identification for employee authentication;
  • Network-threat-intelligence software.

Neglecting Employee Protection

Banking institutions, because of increasing regulatory scrutiny linked to conformance with the Federal Financial Institutions Examination Council's updated Authentication Guidance, have better technology in place to protect their customers and members than their own employees, Litan contends.

"Employees have not been a focus, and the FFIEC guidance does not address the need for employee protections," she says.

What the guidance does address is the need for banking institutions to enhance their practices for user authentication to online-banking access. Because of increasing incidents of account takeover - typically accomplished via malware installed on an end-user's computer - the FFIEC recommends banking institutions invest in multiple controls to verify a user's authenticity.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Anthem Breach Tally: 78.8 Million Affected

Anthem Inc. now confirms that the health insurer's recent data breach compromised a database...

Latest Tweets and Mentions

ARTICLE Anthem Breach Tally: 78.8 Million Affected

Anthem Inc. now confirms that the health insurer's recent data breach compromised a database...

The ISMG Network