TRENDING:

FDIC Hit by New Phishing Attack

Fraudulent E-mail Sent Out to Customers Jeffrey Roman (gen_sec) • June 3, 2011    
FDIC Hit by New Phishing Attack
The Federal Deposit Insurance Corp. has fallen victim to another phishing attack, according to an e-mail alert sent out to customers.

The fake e-mail, coming from "alert@fdic.gov" with the subject line: "FDIC: Your business account," is the second scheme in a month launched by cyberhackers feigning to be from the FDIC. [See Phishing Scheme Uses FDIC.]

This newest attack entices consumers to click a link for details about "important information from your financial institution."

The FDIC warns consumers to consider the e-mails fraudulent.

Preventing ID fraud requires a partnership between the financial institution and the consumer. And that is creating opportunities for banks, says James Van Dyke, the president and founder of Javelin Research & Strategy. "So many things go on every time a legitimate transaction happens that the consumer isn't even aware of," he says. "Then you have all these new types of consumer-adopted solutions, like identity-protective services and people signing up for online banking alerts and all those things. What we rarely see, though, is a connection or integration between those two."

A report issued in November 2010 by the Government Accountability Office revealed that the FDIC needed to mitigate control weaknesses. According to the report, the FDIC didn't always:

  • Sufficiently restrict user access to systems;
  • Ensure strong system boundaries;
  • Enforce consistently strong controls for identifying and authenticating users;
  • Encrypt sensitive information;
  • Audit and monitor security-relevant events.

An audit in March by the GAO said the FDIC took corrective actions that effectively resolved a significant deficiency in internal controls related to security in its financial systems.

Previous
The Burden of Breach Notification
Next
1 Bank, 1 Credit Union Fail

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

Integrating Generative AI Into the Threat Detection Process
Integrating Generative AI Into the Threat Detection Process
Why Legacy Medical Systems Are a Growing Concern
Why Legacy Medical Systems Are a Growing Concern
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
Top Privacy Considerations for Website Tracking Tools
Top Privacy Considerations for Website Tracking Tools
Why Health Entities Need to Implement NIST Cyber Framework
Why Health Entities Need to Implement NIST Cyber Framework
What's Inside Washington State's New My Health My Data Act
What's Inside Washington State's New My Health My Data Act
Checking Out Security Before Using AI Tools in Healthcare
Checking Out Security Before Using AI Tools in Healthcare
CyberArk CEO Touts New Browser That Secures Privileged Users
CyberArk CEO Touts New Browser That Secures Privileged Users
Efficient Management of Enterprisewide Data Protection
Efficient Management of Enterprisewide Data Protection
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Closing Privacy 'Loopholes' in Reproductive Healthcare Data

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.