FBI Warns Financial Institutions About New Cyber Threats


On September 17, the FBI, together with the Financial Services Information Sharing and Analysis Center and the Internet Crime Complaint Center, issued a fraud alert to advise financial institutions of a new trend in which cyber criminals steal financial institution employee credentials for subsequent use in conducting wire fraud. The alert identifies spam and phishing emails as the primary method by which outsiders have obtained employee credentials, and notes that small and medium sized banks and credit unions have been the most targeted institutions to date. The fraudsters also have stolen administrative credentials to third-party services and have used those credentials to circumvent financial institutions’ authentication methods. Once obtained, the credentials have been used to conduct unauthorized wire transactions. The alert notes that in some instances the unauthorized transactions have been preceded by a denial of service attack against the institution’s public website, which may have served as cover for the illicit activity by distracting the institution’s personnel responsible for detecting unauthorized activity.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BuckleySandler LLP | Attorney Advertising

Written by:


BuckleySandler LLP on:

JD Supra Readers' Choice 2016 Awards
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.