• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

SecureWorks Warns of Phishing Schemes Using Dual Authentication Signup Process to Scam Bank and Credit Union Customers

Posted on: Wednesday, 29 November 2006, 15:01 CST

ATLANTA, Nov. 29 /PRNewswire/ -- SecureWorks, the largest managed security provider in the financial market providing security to over 1,600 clients nationwide, announced today that it has taken down several phishing schemes which are using the dual authentication signup process to lure banking and credit union customers to bogus phishing websites.

The phishers are scamming their victims by directing them to sign up for their bank or credit union's new dual authentication solution intended to help protect their online banking activities from fraud. The phishing scam directs the institution's customers, via an email, to enter their account number and pin so that they can register for their new "dual authentication code and phrase." The email lets them know that a dual authentication code and phrase is now required to do their online banking, as directed by the FFIEC.

In October 2005, the FFIEC issued a guidance requiring banks and credit unions to strengthen how Internet banking users authenticate who they are, to help combat "new or changing risks such as phishing, pharming, malware, and the evolving sophistication of compromise techniques." The guidance requires financial institutions to have this in place by December 31, 2006. Now it appears that this very requirement has been used in the evolution of sophisticated compromise techniques-hackers have become regulation savvy!

"We thought this latest phishing scam was extremely clever and quite ironic considering the phishers used the dual authentication guidance, which was developed to protect online banking from fraud, to try and scam their victims," said Erik Petersen, VP of Professional Services for SecureWorks and director of SecureWorks' phishing takedown services.

"The phishers behind these attacks used a combination of phishing and hacking to launch their attack," according to Petersen. "SecureWorks discovered that the phishers hacked vulnerable computers and used them as platforms to host the bogus phishing sites. The compromised host servers were located in Europe and the Far East and were being used as fallback host servers, so when one phishing site was taken down a duplicate phishing site popped up. SecureWorks suspected the phishers were probably using a botnet to control the compromised servers. SecureWorks also found that the phishers were using the compromised servers to host scams against several different financial institutions, not just one.

SecureWorks has relationships with US CERT, as well with many of the foreign CERT Teams and many of the Incident Response Teams located within the world's largest ISPs. Using these connections, SecureWorks was able to get the compromised servers in Europe and the Far East taken down.

Phishing Continues to Grow

SecureWorks' professional services team was hired to take down over 50 phishing incidents in the past year, averaging close to one scheme a week. SecureWorks also successfully blocked over five and a half million phishing emails sent to its banking, credit union and utility clients' employees.

"The majority of the phishing schemes we took down were launched against small and mid-size financial organizations," continued Petersen. "The phishers are definitely targeting the smaller organizations, as well as the larger banks and retailers. Unfortunately, as consumers become more educated, phishing schemes become more innovative. Financial institutions, of all sizes, need to be constantly on lookout for these phishing scams. If they don't have the resources in-house to deal with them, they need to have an experienced IT security provider as a backup - who can quickly and effectively take down the scam."

Phishing---How Organizations Can Protect Themselves 1. Block off your email server against phishing attacks by dropping and filtering fraudulent emails. You can do this yourself, or employ a service to do it for you. 2. Send emails from the same "From" domain as your website, & monitor bounces from that address sent back to your mail server. 3. Use transaction-based, rather than session-based, authentication. 4. Disable mail relay from email servers. 5. Educate your customers never to access your website from a link provided in an email, but only by typing in the actual URL.

SecureWorks provides emergency phishing takedown services to clients and prospects. If a financial institution suspects that they are being phished, they can call SecureWorks 24 hours a day, seven days a week at 1-888-277-9355 for immediate assistance.

About SecureWorks

SecureWorks provides the most effective managed security services and offers three flexible delivery options: managed, monitored and self-service. SecureWorks leverages its advanced security research, integrated security management platform, and 24x7 security experts to protect clients from internal and external threats and to facilitate compliance. SecureWorks won SC Magazine's 2006 MSSP of the Year and Best Intrusion Prevention awards, Frost & Sullivan's 2006 Entrepreneurial Company of the Year award and was named to the Inc 500 Fastest Growing Private Companies List.

SecureWorks

CONTACT: Elizabeth W. Clarke of SecureWorks, +1-404-486-4492, oreclarke@secureworks.com

Web site: http://www.secureworks.net/

Source: PRNewswire

More News in this Category