The CyFin initiative is dedicated to identifying, mitigating, and neutralizing cyber threats targeting the financial services industry. As a predecessor to the initiative, the Stock-Aid initiative was started in February 2007 in an effort to provide a collaborative forum in combating online stock manipulation schemes. The “account compromise” aspect of this initiative stemmed from phishing and identity theft scenarios and via the use of key loggers loaded on victim computers through a variety of social engineering schemes. This initiative grew to more than 75 members and convened 12 joint conferences to further develop/refine common objectives. Numerous noteworthy investigations were developed and advanced via NCFTA partnerships with domestic and international law enforcement, and millions of dollars in compromised accounts were secured before significant financial losses could occur. Several examples include:
Cyber threats to the brokerage industry, as with other financial services or e-commerce stakeholders, are increasing in complexity and scope. In recognition of this, Stock-Aid and other overlapping initiatives involving phishing, identity theft and credential fraud, must be able to adapt and change in order to effectively mitigate and neutralize these current and emerging threats.
Beyond stock manipulation, other cyber-facilitated schemes impacting many public and private organizations have evolved to include: Electronic Funds Transfer (EFT) fraud, ACH-related scams, increased use of sophisticated money mule networks, and the use and abuse of a growing number of telecommunication (mobile banking, SMS, VOIP) and other utilities. Recent initiative-specific focus group meetings have also confirmed the need to evolve each project to incorporate additional SMEs (stakeholder companies) relative to this expanding threat.
To address this ever-changing landscape, and to ensure that timely intelligence regarding emerging schemes is received and shared in a timely manner, the NCFTA has combined several ongoing and increasingly overlapping initiatives into one broader “umbrella” initiative named CyFin. This name was chosen to reflect the broader topic of “Financial Crimes over the Internet” and, in part, to reflect increased tendency of international organized cyber-criminals to rapidly “siphon” victim accounts via a variety of social engineering techniques as well as the use of malware and keystroke loggers.
In moving this initiative forward, refined information sharing and triage tools have been developed, and teams of dedicated analysts and investigators have been assigned to this endeavor. Partners in this effort include a growing list of financial services organizations, on-line merchants, anti-virus companies, payment/payroll processors, and telecommunications providers. Similarly, a growing team of federal and international law enforcement is regularly enlisted in support of this cause.
FOR IMMEDIATE RELEASE Contact: Fleishman-Hillard Alex Kepnes, 703-575-8900 [email protected] PENNSYLVANIA GOVERNOR TOM CORBETT, FBI, DEPARTMENT OF HOMELAND SECURITY, AND UNITED KINGDOM OFFICIALS TO ADDRESS GOVERNMENT AND INDUSTRY COLLABORATION ON FIGHTING CYBER THREATS Forum to Focus on Steps Industry and Government Must Take to Address Cyber Threats at National, State and Local Levels [...]
Individuals should be vigilant of emails concerning tax refunds. Fraudsters consistently send spam appearing to be from the IRS and financial institutions containing a link to a phishing website and/or malware typically during tax season in the US. Fraudsters then attempt to either socially engineer potential victims and/or infect their computers in order to gain [...]
The NCFTA, along with its law enforcement and industry partners, has observed that cyber criminals are gaining access to compromised email accounts and leveraging the relationship between the email account holder and their financial advisor to request unauthorized wire transfers. The criminals either use the existing email address or slightly change the email address by adding or supplementing a letter or number. The criminals then typically attempt to socially engineer the advisor through stories of hardship or loss in order to justify the wire transfer.
Once the criminals have verified the amount in the account, they request that funds be sent to bank accounts in the US, Australia, and Malaysia. Some of the funds sent to US and Australian accounts have ultimately been sent to Malaysian accounts. Some of the money mules were recruited by romance scams on dating websites. Banks, brokerage firms, and credit unions of all sizes have been affected by this scam.
Please see http://www.ic3.gov/media/2012/EmailFraudWireTransferAlert.pdf for additional information on this scam and guidance on how to report such incidents to law enforcement.