Gladiator Technology Services, Inc. Shuts Down More Puddle Phishing Scams

Gladiator delivers security solutions to help financial institutions secure their information technology systems and accountholder information per FFIEC regulations. According to Matt Riley, Chief Technology Officer/VP Security for Gladiator, We are seeing more instances of puddle phishing - scams that target smaller organizations such as community banks and credit unions. Large institutions have been dealing with phishing scams for years and most have implemented complicated processes to help prevent these scams. That is why we believe criminals are shifting their attention to multiple, smaller targets instead of one or two major organizations. Riley adds, In recent investigations, weve found hacked servers running numerous phishing scams simultaneously, targeting multiple financial institutions and e-commerce organizations, all in a single effort. As we brought down one fraudulent site, a duplicate site running the same code would appear on another hacked server. Phishing sites were going up in the Netherlands, Romania, Germany, and other countries. Our experience in dealing with phishing and our relationships with Internet Service Providers and security organizations around the world, allowed us to bring all of the sites down quickly and determine which customers might have been affected. In these situations, it is very important that organizations have a formal Incident Response Plan in place so they can respond quickly to these types of incidents, said Jackie Marshall, SVP of Regulatory Compliance. Also, per regulatory guidance, an institution is required to notify their primary federal regulator as soon as possible (at the beginning of an investigation) when becoming aware of an incident involving potential or actual unauthorized access to or use of sensitive customer information. Filing a Suspicious Activity Report and contacting affected customers may also be in order based on the nature and details of the attack. Gladiators Regulatory Compliance department is able to review the details of a financial institutions Incident Response Plan/Procedures or write the Plan for them. In addition, Gladiator provides phishing takedown services, so if a financial institution suspects that they are being phished, they can call Gladiator for help.