The Agency Insider with Linda McGlasson

Is 2009 The Year of The Phish?

Is 2009 The Year of The Phish?

The FDIC, Department of Justice -- the list of targeted entities just keeps on growing. Is it time to name 2009 the Year of the Phish?

From every conceivable source they keep coming: Phishers targeting every brand name, financial institution, industry association, federal regulatory agency to get to their data-laden targets.

Earlier this fall it was the FDIC that was spoofed, along with other federal agencies and government leaders, including the U.S. Attorney General, Eric Holder. The latest target is NACHA, the Electronic Payments Association that oversees the Automated Clearing House (ACH) network. NACHA warned last week that fraudulent emails with "Rejected ACH Transaction" in the subject line are showing up in inboxes everywhere. The emails include links that redirect recipients to a fake website that appears to be the real NACHA website. The website contains a link that is suspected to be an executable with malware, mainly the Zeus Trojan.

"NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions," the organization says in its alert. "NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive."

The Zeus Trojan, also called Zbot, is the Trojan being used to steal online banking credentials of small and midsized businesses, and then used to steal money from those businesses via fraudulent ACH transactions.

But wait, there's more! Last night the FBI issued an alert warning law offices and PR companies that they are now being targeted with these phishing emails. It's a similar scenario: A fraudulent "spear phishing" email is sent, targeting a person within the firm to get them to open a file, or click on a link ... all with the same goal, to compromise the person's computer and steal data, passwords and anything else of value.

Phishers should be ready to face the price, as did the 100 phishers netted in Operation Phish Phry earlier this fall. But until there is a bigger net to catch all of the phishers out there, we'll have to keep public education about these scams at top of mind.



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.