FBI Warns Financial Institutions About New Cyber Threats


On September 17, the FBI, together with the Financial Services Information Sharing and Analysis Center and the Internet Crime Complaint Center, issued a fraud alert to advise financial institutions of a new trend in which cyber criminals steal financial institution employee credentials for subsequent use in conducting wire fraud. The alert identifies spam and phishing emails as the primary method by which outsiders have obtained employee credentials, and notes that small and medium sized banks and credit unions have been the most targeted institutions to date. The fraudsters also have stolen administrative credentials to third-party services and have used those credentials to circumvent financial institutions’ authentication methods. Once obtained, the credentials have been used to conduct unauthorized wire transactions. The alert notes that in some instances the unauthorized transactions have been preceded by a denial of service attack against the institution’s public website, which may have served as cover for the illicit activity by distracting the institution’s personnel responsible for detecting unauthorized activity.