FBI Issues Alert on Hackers Targeting Credit Union Employees

Agency says phishing, malware used to drain accounts and send money overseas.

By Robert McGarvey | September 20, 2012 at 03:29 AM

The FBI has issued a fraud alert that warns financial institutions that some cyber criminals have shifted their point of attack away from financial institution customers and members instead are directly targeting credit union and bank employees and their computers.

The alert pulled no punches: "Recent FBI reporting indicates a new trend in which cyber criminal actors are using spam and phishing e-mails, keystroke loggers, and Remote Access Trojans (RAT) to compromise financial institution networks and obtain employee login credentials. The stolen credentials were used to initiate unauthorized wire transfers overseas. The wire transfer amounts have varied between $400,000 and $900,000, and, in at least one case, the actor(s) raised the wire transfer limit on the customer's account to allow for a larger transfer."

The FBI indicated that the primary targets have been employees at small to medium-sized banks and credit unions.

In an interview, George Tubin, a security expert with Trusteer, bluntly said: "Financial institutions are not prepared for this."

For years the focus has been on guarding against infected computers used by members or customers. When the infection is inside the corporate firewall – on employee computers – defenses are less well defined, said Tubin.

Tubin added that from where he sits the two best lines of defense by credit unions are to, first, educate employees about malware ("they need to know not to click on links") and, secondly, to implement technology inside the institution that continuously searches for malware before it has actually compromised any machines.

"We need to focus on the root cause and that is malware," said Tubin.

He added: "For the FBI to issue a warning, this has to have reached a critical mass" – that is, there need to have been enough instances before the FBI takes this kind of action.

NOT FOR REPRINT

Credit Union Management

1 Tennessee’s Y-12 Federal Credit Union Welcomes New CEO Dustin Millaway

2 Credit Union Loan Originations Recover: A Strong 'Rebound'

3 Cornerstone Financial Credit Union Introduces Buy Now, Pay Later Service

4 Credit Unions Push Back Against Proposed California Privacy Regulations

5 Credit Union of Texas Launches Spanish-Language Brand Todos Unidos

Insurance
Complex Claims & Litigation Forum 2025
February 24, 2025 - Las Vegas

This conference aims to help insurers and litigators better manage complex claims and litigation.
More Information
GlobeSt. Multifamily Spring 2025
April 01, 2025 - New York

Join the industry's top owners, investors, developers, brokers & financiers at THE MULTIFAMILY EVENT OF THE YEAR!
More Information
GlobeSt. Net Lease Spring 2025
April 01, 2025 - New York

This conference brings together the industry's most influential & knowledgeable real estate executives from the net lease sector.
More Information