In February, Daily Safety Check’s Security Operation Center’s Phishing and Botnet Threat Assessment revealed that a number of Midwest-based Financial Institutions were the target of a sudden rash of fake Wire Transfer requests. According to the data, Bank of the West, Commerce Bank, Huntington, Bank Midwest as well as the Online Banking Platforms Net Teller and FundsXpress were all specifically targeted. 

"While phishing scams are nothing new, this tactic did not go for Online Banking credentials or attempt to “hijack” computers, instead it just focused on email account passwords, which tend to be less complex and less frequently changed than banking credentials" said Jim McKenney, an online banking security expert. "It is the strength of that relationship which is preyed upon, which is the opposite of other scams."

The tactic is to take over a customer’s email account and then send a legitimate email to the target’s bank, using the targets previous email or contact list.  Since the criminal replies to emails in previous customer-bank correspondence, the email looks and feels genuine to the bank employee. It is typical that a “bait” email is initially sent and then after a bank employee responds, a transaction request is sent.  In some instances, it takes a few emails using first names, previous transaction amounts, bank account numbers and other personal information all which, incidentally, can usually be found in the customers email inbox or sent items.  

"Believe it or not this tactic can be highly effective, especially when the target has a strong relationship with their bank, corresponding with them on a regular basis" says McKenney,  "Even a simple 'Please' seems to be highly effective for that reticient bank employee.

Daily Safety Check expects that banks and consumers can expect this "simple" approach to continue and rapidly spread to other regions.