When A Criminal Calls

Steps to Take Against Phoned-in Threats

See Also: Webinar | Beyond Managed Security Services: SOC-as-a-Service for Financial Institutions

The recent “hostage” by phone scam that hit numerous retail stores and several banks in more than four states points to a question for other financial institutions that were not targeted. (See FBI notice: http://www.fbi.gov/pressrel/pressrel07/extortion_threats083007.htm).

What would your institution do in the event a caller phoned in a bomb threat and claimed to be ready to blow up the branch or office if money isn’t wired to an overseas account?

This combination of a physical threat delivered by electronic means with an anonymous caller makes even the most experienced law enforcement officer’s brain work overtime to solve the crime. The first step for your institution  is to have an incident response plan already in place, ready to trigger in the wake of such an event.

According to the Federal Bureau of Investigation, which is investigating the recent crimes, analysts are sifting through local police reports to identify similarities in the threats. In general, the FBI recommends that you take seriously the threat of a potential bomb at your institution. These threats may be alarming to the public, and the FBI suggested the following steps be taken when responding to a  phone-in bomb threat:

1. Questions to ask the caller:
When is the bomb going to explode?
Where is the bomb located right now?
What does it look like?
What kind of bomb is it?
What will cause it to explode?
Did you place the bomb?
Why?
What is your address?
What is your name?
What is your phone number?

2. Document the EXACT wording of the threat and caller’s response.

3. Apparent gender, race, and age of the caller.

 4. Characteristics of the caller’s voice (calm, angry, excited, accent, etc.)

5. Background sounds (street noises, static on the line, etc.)

6. Threat Language (well spoken, incoherent, taped, irrational)

7. If caller ID is available, write down the telephone number.

8. If businesses are capable of recording telephone calls, maintain them for police.

Incident response planners for institutions need to review the physical and logical security possibilities and be prepared ahead of time to respond to this and other threats to the institution. Further, if any suspicious emails are received by employees or customers of the institution, these should also be preserved as possible evidence for law enforcement officials.

 

For more information: www.fbi.gov.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.