From Bank Info Security
FFIEC Controls Do Little to Prevent New Non-Tech Attacks
A $46.7 million business email compromise scheme that targeted Ubiquiti Networks Inc. shows just how little cybercriminals have to do to fool employees into unknowingly committing wire fraud. Ubiquiti, a wireless networking technology provider, announced last week that it had been targeted by an email impersonation scheme that convinced employees in its finance department to fraudulently schedule wire transfers to overseas accounts.
But John LaCour, CEO of online security firm PhishLabs, says even though these compromises are not quite so technical, by following basic procedures noted in the FFIEC’s guidance for transaction verification, many wire fraud losses could be avoided. The problem is that the commercial customer, not the bank, is the one in these most recent incidents that is bypassing the controls. This is why customer education is so important, LaCour says.