REN-ISAC is receiving reports from its members that there have been numerous phishing attacks aimed to cause fraudulent wire transfers of funds.
In most of the reports, the phishing message appeared to come from the university president, by name, to a vice president, by name, asking for “help [to] process an outgoing wire transfer”. One report involved the combination of CEO and CFO. Attacks are occurring today (February 27, 2015) and extend back at least two weeks (one outlier as far back as November). We recommend you share this awareness alert among executive and security staff, and particularly with persons who have authority to conduct wire transfers.
REN-ISAC is recommending:
- Make sure your peers have a copy of this message
- Ensure that systems used in performing financial transactions are protected by strict technical controls and receive periodic validation
- Make certain that personnel involved in performing online financial transactions have the necessary security awareness and training. Those persons should receive targeted training on phishing and this threat.
- Make committed and purposeful use of banking transaction initiator/approver roles. Most banks offer sophisticated role-based controls, but it’s up to the institution to put them to effective use.
- Routinely audit compliance with established technical controls and policies.
- It is strongly recommended that all online banking operations should be conducted on special-use computers that are used SOLELY for banking transactions. No other use of the machine should be permitted – no e-mail, no web browsing, no general-purpose business use – nothing but institutional online banking transactions.
If you have any questions or receive any suspicious emails, please send a message to firstname.lastname@example.org.