Pub. 3 2015 Issue 3

Issue 3. 2015 9 How are cyber criminals attacking your customers? Financial institutions are facing a multi- tude of threats while attempting to keep customer information safe. Organizations are working diligently to counter such threats as data breaches, insider activities, and unintentional destruction of data in the environments they manage. However, one obstacle that is increasingly difficult to counter is the lack of control around information that customers may give out while browsing online, as well as what an attacker is doing with such information. Cyber criminals may ignore the finan- cial institution all together and target the institution’s customers through phishing and other means of social engineering. On top of payment processor breaches, data breaches from websites allows attackers to gather information from customers that may or may not be considered confiden- tial. Examples of information that an attacker finds more than useful could include names, addresses, and phone numbers. Recent website data breaches have shown how creative an attacker can be with this information by using black- mail techniques to customers visiting less than reputable websites. In this case, the financial institution has no defense against the customer paying the attacker to keep quiet. The Ashley Madison breach is a prime example of cyber criminals attempt- ing (and succeeding) to extort leaked customer information by threatening to contact significant others and notify them of infidelity if a ransom is not paid. Recent breaches have also shown that compromised websites can yield decrypted password hashes that may offer valuable stepping stones in the direction of the cus- tomer’s account, especially since custom- ers are known to use the same, or similar, passwords across multiple websites. The increasing popularity of mobile devic- es may also aid attackers in gaining infor- mation that could be used to help compro- mise customer accounts. These devices are not often held up to the same standards of security and protections including anti-vi- rus, encryption, device passwords, and remote wipe capabilities, which are often missing. After all, a smartphone is simply a small computer that makes calls and takes photos in addition to browsing web- sites, checking Facebook, and performing electronic banking transactions. The lack of even basic security controls opens up a greater attack area for attackers to exploit and gain information, should the customer practice unsafe browsing habits. Who should be concerned? All financial institutions should be wary of customer compromise, particularly since customers with the ability to perform wire transfers and external account transfers are often the most susceptible to the loss of customer information through alternate By Eric Chase, Information Security Consultant - Security Banking Solutions, LLC Cyber Crime and Your Customers n Cyber Crime — continued on page 10

RkJQdWJsaXNoZXIy OTM0Njg2