Case Study
Death to Phishing
What happens after a phishing attack? Here's one midsize bank's phishing incident response plan.
By Sarah D. Scalet
October 01, 2005 — CSO —
One quiet Monday in July 2004, at the height of the summer vacation season, a call center representative at a midsize U.S. financial institution answered a peculiar call.
The customer on the line was suspicious of an e-mail she had received from the bank.
The e-mail contained a link to a website where the customer was asked to enter her debit card number, card expiration date, PIN and e-mail address. But the message was full of typos and grammatical errors, and it didn't seem quite right for the bank to request that information.
The call set off a confused chain reaction. The customer forwarded the e-mail to the call center representative, who forwarded it to the call center manager. The manager sent it to someone in the online banking department, who forwarded it to her upper management and to the corporate security department. By the time the e-mail made its way to information security, there were several screens of forwarding information above the original message.
Of course, you've figured out that the e-mail was not from the bank at all, nor was the first curious caller its only recipient. The e-mail was a crude phishing attack. At bank headquarters, chaos erupted. The call center was slammed with inquiries from customers who had submitted their information to the fake website, then had misgivings and picked up the phone.
As word of the spoofed e-mail and website spread throughout the bank⬠we'll call it Bank XYZ, which agreed to share its story on the condition of anonymity⬠one frantic phone call led to another. What could the bank do? Employees couldn't send customers an e-mail that would only confuse matters. They didn't want to issue a public statement that might cause panic. And they had no idea how many customers might have responded to the message but not called the bank. Within hours, the groups involved gathered on a conference line.
"You just want to put me back in that nightmare, don't you?" says information security analyst Tricia Jones (all bank employee names in this article are pseudonyms), when asked about the call. Roughly 25 or 30 people were on the line. They ranged from executives and attorneys to business-unit managers and technical people. One person called from a boat; another called from a six-hour drive back from vacation. The tension was palpable. Executives wanted to know how broad the attack was and its potential damage. The call center needed to know what to do for customers who had fallen for the scam. Some of the people on the line still didn't even know what phishing was.
phishing
Log Management in a Cyber World
With so many potential cyber villains poking around the gates, enterprises must have strong protections and pristine visibility into what's happening on the network. Explore the increasing importance of log management as cybercrime and other malicious threats grow.
Comparing Research in Motion and Microsoft Mobile Solutions
Organizations must look carefully at the requirements of mobile devices and accompanying middleware that can increase cost, complexity and administrative overhead. This white paper provides an independent analysis and detailed comparison of RIM and Microsoft's mobile solution.
- Continuous PCI Compliance and Security with Tripwire Solutions
- PCI DSS Compliance in the UNIX/Linux Datacenter Environment
- The Pursuit of a Standardized Solution for Secure Enterprise RBAC
- Building a Secure and Compliant Windows Desktop
- Root Access Risk Control for the Enterprise
- Cyber Crime: A Clear and Present Danger
Stay current with insightful news and analysis on information security, business continuity, identity and access management, loss prevention and more with CSO newsletters!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
