Educause Security Discussion mailing list archives
REN-ISAC ALERT: wire transfer phishing targeting university presidents and VPs
From: Doug Pearson <dodpears () REN-ISAC NET>
Date: Fri, 27 Feb 2015 15:58:31 -0500
ALERT: wire transfer phishing targeting university presidents and VPs REN-ISAC is receiving reports from its members concerning a resurgence of phishing attacks aimed to cause fraudulent wire transfers of funds. In most of the reports, the message appeared to come from the university president, by name, to a vice president, by name, asking for "help [to] process an outgoing wire transfer". One report involved the combination of CEO and CFO. Attacks are occurring today and extend back at least two weeks (one outlier as far back as November). We recommend you share this awareness alert among executive and security staff, and particularly with persons who have authority to conduct wire transfers. This attack, in some ways, parallels phishing attacks against institutional online banking conducted in 2010-2011. At that time we published technical and CIO/business officer Alerts [1][2] about the attacks. Those Alerts are still relevant and may prove helpful in defense against the current attacks. In those Alerts we recommended: + Make sure your peers have a copy of this message. + Make certain that systems used in performing financial transactions are protected by strict technical controls and receive periodic validation. + Make certain that personnel involved in performing online financial transactions have the necessary security awareness and training. Those persons should receive targeted training on phishing and this threat. + Make committed and purposeful use of banking transaction initiator/approver roles. Most banks offer sophisticated role-based controls, but it's up to the institution to put them to effective use. + Have written policies defining the controlled environment in which online banking transactions can be conducted, e.g. what systems can be used, how they must be maintained, required personnel training, etc. + Routinely audit compliance with established technical controls and policies. + WE STRONGLY RECOMMEND THAT all online banking operations should be conducted on special-use computers that are used SOLELY for banking transactions. No other use of the machine should be permitted - no e-mail, no web browsing, no general-purpose business use - nothing but institutional online banking transactions. And to those recommendations we add: + Never rely solely on received e-mail for instructions to conduct financial or other sensitive transactions. Always conduct an out-of-band (OOB) verification, e.g. via phone call. If you are the source of such instructions, take the initiative to conduct OOB verification with your recipients, and train them to that kind of expectation. If you have questions don't hesitate to e-mail me directly or via soc () ren-isac net. [1] http://www.ren-isac.net/alerts/banking-attacks_cio-bo_201001.html [2] http://www.ren-isac.net/alerts/banking-attacks_technical_201001.html On behalf of the REN-ISAC team, Doug Pearson Technical Director, REN-ISAC http://www.ren-isac.net 24x7 Watch Desk +1(317)274-7228
Current thread:
- REN-ISAC ALERT: wire transfer phishing targeting university presidents and VPs Doug Pearson (Feb 27)