“A new impersonation scheme is taking aim at business executives to perpetuate ACH and wire fraud, says Bank of the West's David Pollino, who explains steps institutions should take now to protect their customers.
Federal authorities and researchers in recent weeks have issued warnings about this new form of attack, which involves hackers infiltrating e-mail networks to perpetrate fraud and cyber-espionage, says Pollino, Bank of the West's enterprise fraud prevention officer.
In a new interview with Information Security Media Group, Pollino explains why Bank of the West has labeled the new attack scheme as "masquerading."
Masquerading, as Bank of the West defines it, involves the takeover of a C-level executive's e-mail account, usually through a network attack. These attacks are waged against the bank's commercial customers, not the bank itself. But the attacks may include spear-phishing, to takeover a legitimate e-mail account, or the creation of a similar domain, so that fraudulent e-mails sent from that domain appear at a glance to be legitimate , Pollino says .
Once the cybercriminals have control of the executive's e-mail account, they use it to send out e-mails to lower-level employees and/or even banking institution staff instructing them to perform some task with a sense of urgency, Pollino says. Because of that urgency, typical security practices are often bypassed or overlooked, he adds.
The hackers literally "masquerade" as the executive, convincing lower-level employees to share confidential information and/or schedule fraudulent wire and ACH transfers, Pollino says.”
read more>>
