AOH :: IS1225.HTM

Financial Crisis Leaves Bank Branches Open to Social Engineering, Targeted Attacks

Financial Crisis Leaves Bank Branches Open to Social Engineering, Targeted Attacks
Financial Crisis Leaves Bank Branches Open to Social Engineering, Targeted Attacks

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By Kelly Jackson Higgins
Senior Editor
Dark Reading 
OCTOBER 8, 2008

Heightened concern over the growing financial crisis is making banks 
more vulnerable to targeted social engineering and spear-phishing 
attacks, researchers said this week.

Penetration testers who work with bank clients say the fragile state of 
the banking community is making it easier for them to dupe 
understandably anxious bank employees. Bank employees are overly eager 
or easily coerced into cooperating with =E2=80=9Cauditors,=E2=80=9D or into clicking on 
links purportedly from the bank about its own financial welfare.

=E2=80=9CIt=E2=80=99s definitely easier now to do some of these client-side attacks [on 
banks] because people [bank employees] are paying a lot of attention to 
their internal emails about the [financial] status of the bank,=E2=80=9D says 
Chris Nickerson, who performs so-called =E2=80=9Cred team=E2=80=9D testing of physical 
and electronic security as well as social engineering weaknesses for 
banks and other organizations.

Nickerson says he=E2=80=99s seen an increase in his bank clients=E2=80=99 employees 
falling for these targeted or spear-phishing attacks in his testing. =E2=80=9CIt 
used to be around 60 to 70 percent, and now it=E2=80=99s a 70 percent=E2=80=9D rate of 
users falling for the phony scams he conducts, says Nickerson, CEO of 
Lares Consulting.

And breaching a bank=E2=80=99s physical security is also easier now, according 
to Errata Security. In a social engineering ploy for a mid-sized bank 
last week, Errata CTO David Maynor was mistaken for a federal auditor 
and allowed access to the branch manager=E2=80=99s unoccupied office. He made 
off with a computer backup tape containing account transaction data.


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 

Site design & layout copyright © 1986-2015 CodeGods