Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Newswire

Security News -- Cyber Security

FBI: Cyber Criminals Target Financial Institutions

New Newswire Feature Image 3/8/2012
September 18, 2012

The FBI says today that cyber criminals have stepped up their efforts to steal money and gain access to banks and other financial institutions using spam, phishing emails, keystroke loggers and Remote Access Trojans (RAT), according to an article from Network World.

Specifically, the fraudsters are looking to compromise financial institution networks and obtain employee login credentials, the Network World article reports. The stolen credentials are used to initiate unauthorized wire transfers overseas; amounts have varied between $400,000 and $900,000, and, in at least one case, the criminals raised the wire transfer limit on the customer's account to allow for a larger transfer. In most of the identified wire transfer failures, the perpetrators were only unsuccessful because they entered the intended account information incorrectly, the FBI states.

In the bank fraud, the FBI says cyber criminals "used spam and phishing e-mails to target their victims. Once compromised, keyloggers and RATs installed on the financial institution employee's computer provided the attackers with complete access to internal networks and logins to third party systems. Variants of Zeus malware were used to steal the employee's credentials in a few reported incidents. In some instances, the [attackers] stole multiple employee credentials or administrative credentials to third party services and were able to circumvent authentication methods used by the financial institution(s) to deter fraudulent activity. This allowed the intruders to handle all aspects of a wire transaction, including the approval. The unauthorized transactions were preceded by unauthorized logins that occurred outside of normal business hours using the stolen financial institution employees' credentials. In at least one instance, attackers browsed through multiple accounts, apparently selecting the accounts with the largest balance."

According to the article, the FBI made a number of recommendations for financial institutions to help prevent security problems:

  • Educate employees on the dangers associated with opening attachments or clicking on links in unsolicited emails.
  • Do not allow employees to access personal or work emails on the same computers used to initiate payments.
  • Do not allow employees to access the Internet freely on the same computers used to initiate payments.
  • Do not allow employees to access administrative accounts from home computers or laptops connected to home networks.
  • Ensure employees do not leave USB tokens in computers used to connect to payment systems.
  • Review anti-malware defenses and ensure the use of reputation based content and website access filters.
  • Ensure that workstations utilize host-based IPS technology and/or application whitelisting to prevent the execution of unauthorized programs.
  • Monitor employee logins that occur outside of normal business hours.
  • Consider implementing time-of-day login restrictions for the employee accounts with access to payment systems.
  • Restrict access to wire transfer limit settings.
  • Reduce employee wire limits in automated wire systems to require a second employee to approve larger wire transfers.
  • If wire transfer anomaly detection systems are used, consider changing "rules" to detect this type of attack and, if possible, create alerts to notify bank administrators if wire transfer limits are modified.
  • Secure and/or store manuals offline or restrict access to the training system manuals with further security, such as enhanced access controls and/or segregation from the payment systems themselves.
  • Monitor for spikes in website traffic that may indicate the beginning of a DDoS and implement a plan to ensure that when potential DDoS activity is detected, the appropriate authorities handling wire transfers are notified so wire transfer requests will be more closely scrutinized.
  • Strongly consider implementing an out of band authorization prior to allowing wire transfers to execute.
  • Limit systems from which credentials used for wire authorization can be utilized.
KEYWORDS: bank security cybercrime financial sector fraud detection fraud trends

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Security Newswire

    Cyber Criminals Target Japan Disaster Donators

    See More
  • Untitled.png

    Lessons learned from COVID-19: How cybercriminals took advantage of financial institutions

    See More
  • finance-sec-freepik5927.jpg

    Ransomware actors use financial events to target companies

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing