02:05 PM
BS&T Staff
BS&T Staff
Connect Directly

OCC Issues Guidance On Web Spoofing

When a bank gets "phished" or "pharmed," what's the next step?

When a bank gets "phished" or "pharmed," what's next?

The Office of the Comptroller of the Currency (OCC) has issued guidance on how banks should mitigate risks to themselves and to customers from "Web-site spoofing," and how to help law enforcement authorities with their investigations.

Following are some of the takeaways from the OCC guidance.

First, the procedures that a bank should establish in advance of a spoofing incident:

  • Assign certain bank employees responsibility for responding to an incident.
  • Determine incident response protocol with outsourcing vendors, and integrate their procedures with internal procedures.
  • Establish contacts with FBI and local law enforcement authorities in advance of any spoofing incident.
  • Use customer education programs, such as statement stuffers and Web-site alerts, to explain Internet-related scams and safe computing practices.

Best practices in incident detection and information gathering:

  • Monitor returned e-mail, Web-server logs, and call center traffic for indicators of spoofing attacks.
  • Search the Internet for unauthorized identifiers associated with the bank.
  • Provide telephone contact numbers for customers to report phishing incidents.
  • Collect information about spoofing incidents, including how it was discovered, copies of the e-mail received, IP address for the spoofed sites, the Web-site address and registration information, and the geographic locations of the IP address.

Finally, the key steps to take in response to an incident:

  • Communicate promptly with the ISP hosting the fraudulent Web site.
  • Contact the domain name registrars.
  • Obtain a subpoena to identify the owners of the domain from the ISP.
  • Work with law enforcement and other anti-phishing channels.

Read the full OCC bulletin.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.