FBI Warns Financial Institutions About New Cyber Threats


On September 17, the FBI, together with the Financial Services Information Sharing and Analysis Center and the Internet Crime Complaint Center, issued a fraud alert to advise financial institutions of a new trend in which cyber criminals steal financial institution employee credentials for subsequent use in conducting wire fraud. The alert identifies spam and phishing emails as the primary method by which outsiders have obtained employee credentials, and notes that small and medium sized banks and credit unions have been the most targeted institutions to date. The fraudsters also have stolen administrative credentials to third-party services and have used those credentials to circumvent financial institutions’ authentication methods. Once obtained, the credentials have been used to conduct unauthorized wire transactions. The alert notes that in some instances the unauthorized transactions have been preceded by a denial of service attack against the institution’s public website, which may have served as cover for the illicit activity by distracting the institution’s personnel responsible for detecting unauthorized activity.


Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BuckleySandler LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.