Case Study: Bank Responds to Vishing Attack

How One Institution Mobilizes Against Phone-Based Phishing For most people, Friday afternoon is time to wrap up the week's activities and look forward to the weekend. For Bill Lamb, IT manager for Central National Bank in Enid, OK, it's time to wonder: "Will my customers be hit with another phone-based phishing attack?"

Since last October, Central National Bank has been with three text-based and phone-based phishing attacks -- the most recent two happening within the past month.

"This week we are being targeted by automated calls to cell phones in this area, telling people that they need to press 1 to reactivate there card -- and people are falling for it," Lamb says.

He has experienced vishing attacks over the past several years, and to fight back he has developed an incident response program to track down and shut down the phone numbers.

The latest attack was less sophisticated than most. "The interactive voice response system (IVR) at the other end of the 800 number was generic," Lamb says. "All it talked about was 'National Bank.'"

Still, Lamb tracked down the owner of the 800 number by using the site, which told him RingCentral owned the number. Lamb found a customer service number for RingCentral, a call center in the Philippines. "After much holding and escalation, I finally got someone to tell me that they would have the fraud department -- which did not work weekends -- call me Monday," Lamb says. "That was the best they could do."

The good news: The bogus number was shut down sometime during over that weekend. "I did get a call from RingCentral's fraud department later in the week to report that they had investigated the number and had determined it as fraudulent and had shut it down."

Lamb thinks his bank is luckier than some - it hasn't suffered any reputational damage from the recent attacks. But he warns other institutions: "The reason the criminals keep coming back to a financial institution is that they've had success. A key part of stopping these attacks is customer education."

It is sometimes difficult to get the message through to customers - or even to typify the common victims. "We've even found that it's not the youngest or oldest customers that fall for these calls," Lamb says, "but the middle age people who don't think and then give out their information."

So far, Lamb says, only a handful of customers have fallen for the scams, and "many of them realized they suspected something suspicious and called the bank right away."

Time is of the essence, so Lamb recommends that institutions be ready to jump to action when alerted to an attack. His tips:

  • Have an incident response plan prepared ahead of time. Tool kit should include law enforcement contacts, as well as local service providers' contact information;
  • Cultivate and maintain good relationships with law enforcement;

  • Remember what you learn from previous incidents - keep records;

  • Most important -- educate your customers. They are your front line in these incidents.

See also: How to Respond to Vishing Attacks

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.