Credit Unions Should 'Increase Phishing Identification' in 2020

on 6:51 PM

With the cyberthreats of Iranian operatives still hanging over organizations, a number of incidents affecting financial service companies, some predating the latest Iran-U.S. crisis, but all raising eyebrows, made news recently.

ZDNet reported a security researcher with the Twitter handle @vrNicknack alerted Troy Hunt, the Have I Been Pwned? search engine operator with a notice received from P&N Bank, a division of Police & Nurses Limited and operating in Western Australia. The notice warned of an information breach “of certain personal information” occurring through its customer relationship management platform as a result of online criminal activity. The cyberattack occurred on or around December 12 when the bank performed a server upgrade. Speculation is a company P&N Bank hired to provide hosting provided the entry point.

Stephan Chenette, co-founder/chief technology officer at AttackIQ, said, “The financial industry is one of the largest targets for cybercriminals and unfortunately, breached data from those types of organizations can be damaging for years to come.” Chenette noted the number of accounts is unknown, P&N Bank is one of the largest banks in Western Australia. As a result, a complete set of personally identifiable information is available on the dark web, further exposing the account holders to future fraud or phishing attacks. “Organizations must take proactive approaches to protect their data. This should include mapping organizational capabilities and security controls to specific attack scenarios to measure their preparedness to detect, prevent and respond to these threats.” Additionally, organizations should do their due diligence in ensuring third-party partners are practicing adequate security measures and extend testing to partners as well.”

In another incident, Bleeping Computer reported a group tracked as Ancient Tortoise is targeting accounts receivable professionals, tricking them into sending over aging reports (collections of outstanding invoices) and consequently amassing data on customers they can scam in future attacks.

Click to continue reading this article from Credit Union Times