Tien Truong Nguyen, 34, was found guilty of stealing personal bank information from unsuspecting online users after sending those users to spoofed bank sites that collected account log-in and password details.
The judge's sentencing in the case highlights a win for the good guys, says Neil Schwartzman of CASL Consulting, which specializes in online security.
"It is certainly a good and welcome start, and a clear signal to those who want to commit bank robbery online that they can and will go to prison for a good long time," he says. "I think as more of these crimes are finally being brought to court, naturally enough, judges and prosecutors are beginning to have the requisite knowledge about the impact of the theft, as well as an understanding of the technology behind them."
Since the arrest and sentencing of Albert Gonzalez, the mastermind behind the Heartland Payment Systems breach that led to the compromise of more than 130 million payment cards, the courts appear to be taking cyberattacks on financial information much more seriously. Gonzalez got 20 years for his cybercrime. If sentenced today, most experts agree the ruling would have been much steeper.
Phishing Attacks: Growing Global ConcernPhishing has quickly emerged as one of the financial world's greatest threats. And regulators, law enforcement agencies and the courts are taking online schemes and phishing attacks very seriously.
Increasing incidents of corporate account takeover spurred the Federal Financial Institutions Examination Council to issue updated guidance for banks and credit unions to follow for authenticating online banking transactions and accounts. [See the updated FFIEC authentication guidance.]
"Transnational criminal organizations have taken advantage of our increasingly interconnected world to expand their illicit enterprises," said President Obama during his announcement of the strategy. The strategy's 56 priorities include enhancing intelligence and information sharing and protecting the nation's financial system and strategic markets.
Neal O'Farrell, executive director of the Identity Theft Council, a grassroots support network for victims of ID theft, says banks and credit unions are at the center of the phishing debate, since financial details are what cybercriminals most often seek. "Most of the phishing I've seen recently has been focused on credential ID theft, since it's the most profitable," he says. "That should be concerning to financial institutions."
Customer awareness is the best line of defense, which also is noted in the new FFIEC guidance as being a critical piece of layered security. But most institutions are failing when it comes to customer education, O'Farrell says. "The phishing only works if the consumer participates," he says. "They have to click on something; they have to open something; so, based on that assumption, shouldn't we be doing more to educate them?"