Social Engineer Claims Easy Pickings at Credit Unions and Banks

By

From the October-15, 2008 issue of Credit Union Times Magazine

BATON ROUGE, La. -- More than a thousand bank and credit union branches turned over account records, Social Security numbers and more without a fight, according to a five-year report from a social engineering security firm.

TraceSecurity, a Baton Rouge-based provider of IT risk assessment and security compliance solutions to more than 800 banks and credit unions, said it found that 95% of the sensitive data behind those walls could have been robbed on average in 30 minutes or less, representing personal identities of tens of millions of consumers.

"Personally, I've been able to bypass security policies, procedures and technology of any bank or credit union where I've performed social engineering engagements 100% of the time," said Jim Stickley, co-founder and chief technology officer of TraceSecurity.

Stickley said his claims are based on results from a core group of his company's customers, ranging up to $2.7 billion in assets and located in 48 states. An average of four branches each were included in the report.

The company--whose flagship offering is an automated compliance management solution--used network penetration testing along with social engineering in the form of phishing, pharming, pretext calling and on-site impersonation of trusted third-parties such as fire marshals and pest exterminators.

Stickley said backup data tapes were the easiest target for theft and that his team also has walked out with loan applications, laptops, cell phones, PDAs and keyboard data that included a variety of identifying information and account numbers.

He said that in five years he and his team were only questioned twice--once by a bank employee married to a fire marshal, the other time when a pest inspector showed up wearing a similar uniform to one Stickley had worn on the front cover of a recent industry magazine.

"Financial institutions are often under attack via physical breaches or the Internet," said Stickley, whose company (www.tracesecurity.com) also works with health care, government and insurance organizations.

"It takes only one branch location for all customers' sensitive data to be at risk, and recent data breaches have shown these losses can amount to billions of dollars--a huge cost for what's usually a small, avoidable error," said Stickley, who's also the author of a new book, The Truth About Identity Theft.

--mrapport@cutimes.com

Comments

More News

Resource Center

View All »

How Enterprise Software Helps Financial Services Firms Improve Efficiency and Reduce Costs

This white paper describes how enterprise software solutions, when built on a flexible and adaptable technology platform, can help financial services firms streamline workflows, consolidate...

Getting Ready for IFRS

This white paper describes how your company can make the transition to IFRS in a timely and cost efficient manner as well as what your...

CUT Daily eNews

Credit Union Times delivers breaking news and information you need to make the right decision for your organization - FREE. Sign up now!

Career Listings
Recent Career Listings
Browse Career Listings