From BankInfo Security
News reports of suspected attacks against JPMorgan Chase, and perhaps other banks, serve as an important reminder for financial institutions of all sizes to ramp-up their security efforts, especially to guard against phishing attacks.
Just days before news of the apparent hacking attacks against U.S. financial institutions grabbed headlines, researchers at online security firm, Proofpoint, discovered a large-scale, credential phishing scheme aimed at JPMorgan Chase customers.
“Even though this campaign was aimed at end-users, it could be at the root of the apparent hacking of JPMorgan Chase,” said John LaCour, CEO of PhishLabs, in a recent article by BankInfo Security. “An employee may have been fooled by the same scheme, or the compromise of a customer may somehow have resulted in the compromise of an employee,” he says.
“If that’s accurate, the point is that technical controls are not enough – and that all users have to know that they’re part of the defense plan. Unfortunately, bank employees have to make the right decision 100 percent of the time and the bad guys only need to find their way in one percent of the time,” continued LaCour.