Spyware, which collects data about a user without their knowledge and sends it back to a third party, poses a risk to financial institutions because it can allow an attacker to snatch personal data from customers such as passwords, according to the FDIC.
Furthermore, spyware programs can damage a company's reputation by allowing unauthorized access to user accounts, can abuse bank resources, and increase an insititution's vulnerability to other types of internet attacks, the agency warned.
The FDIC recommended that financial institutions: include spyware threats as part of the risk assessment process; implement policies such as banning internet downloads and visits to inappropriate web sites; educate employees and customers about spyware risks; and consider multi-factor authentication.
"The information collected through spyware can be used to compromise a bank's systems or conduct identity theft," Michael Zamorski, director of the FDIC's division of supervision and consumer protection, said in a statement. "So it is critical that banks stay vigilant about the risks involved with this malicious software."