Digital Phishnet
The Digital Phishnet (DPN) initiative was developed jointly with various law enforcement and industry stakeholders, including Microsoft, Earthlink and Google, as a means to better collect and develop intelligence regarding the highest priority sophisticated phishing attacks (i.e. attempts to obtain personally identifiable information (PII) typically via emails misrepresenting legitimate entities). The DPN initiative also seeks to rapidly refer such matters to appropriate law enforcement and industry stakeholders for victim mitigation and subject neutralization. DPN currently leverages threat intelligence received from approximately 300 companies.
The NCFTA has received details on approximately 200,000 unique phishing attacks and additional data on more than 24,000 unique phishing kits (tools used to deploy attacks) since April 2006. Approximately 6,000 drop accounts (i.e. cyber warehouses where criminals store stolen credentials) have been identified. More than 600 investigative reports have been developed and provided to both domestic and international LE to date. In addition, compromised accounts recovered to date represent more than $220 million in economic loss prevented.
NCFTA Cyber Alerts
Tax Refund Spam
Individuals should be vigilant of emails concerning tax refunds. Fraudsters consistently send spam appearing to be from the IRS and financial institutions containing a link to a phishing website and/or malware typically during tax season in the US. Fraudsters then attempt to either socially engineer potential victims and/or infect their computers in order to gain [...]
Email Compromise and Wire Fraud
The NCFTA, along with its law enforcement and industry partners, has observed that cyber criminals are gaining access to compromised email accounts and leveraging the relationship between the email account holder and their financial advisor to request unauthorized wire transfers. The criminals either use the existing email address or slightly change the email address by adding or supplementing a letter or number. The criminals then typically attempt to socially engineer the advisor through stories of hardship or loss in order to justify the wire transfer.
Once the criminals have verified the amount in the account, they request that funds be sent to bank accounts in the US, Australia, and Malaysia. Some of the funds sent to US and Australian accounts have ultimately been sent to Malaysian accounts. Some of the money mules were recruited by romance scams on dating websites. Banks, brokerage firms, and credit unions of all sizes have been affected by this scam.
Please see http://www.ic3.gov/media/2012/EmailFraudWireTransferAlert.pdf for additional information on this scam and guidance on how to report such incidents to law enforcement.