Phishing Attacks are on the Rise, Don’t Take the Bait!
Produced by Ann Davidson, Vice President of Risk Consulting
Phishing attacks continue to be a major concern for organizations and consumers around the country.
It is imperative your institution continues educating your employees and consumers about these types of attacks, so you can all play a role in detecting and preventing these crimes.
What is a phishing attack, exactly?
Phishing Explained Simply
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication.
To perform these attacks, cybercriminals craft professional-looking and sounding communications – such as emails, social media messages, text messages, and phone calls – to trick individuals into providing private or financial information.
Click here to register for our webinar on February 12: Proven Ways to Spot Transaction Risks & Prevent Fraud Attacks
Executives of financial institutions are particularly at risk of being targeted by these cyberattacks, often in the form of “spear phishing” or “whaling” attacks.
Phishing attempts directed at specific individuals or companies have been termed spear phishing. In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success.
The term whaling has been coined for spear phishing attacks directed specifically at senior executives and other high-profile targets. In these cases, the content will be crafted to target an upper manager and the person's role in the company. The content of a whaling attack email may be an executive issue such as a subpoena or customer complaint.
Characteristics of a Phishing Email
- Message is threatening or explicitly urgent (from IRS/FBI/law enforcement, immediate action required, your account will be closed, your credit card has a large charge, etc.)
- Sent from an unusual and/or unrecognizable email address
- Poor spelling and grammar
- Asking for personal information
- You did not initiate the action
- You are asked to send money
- You are asked for personal/confidential information
Common Phishing Emails
- An email that appears to be sent from recipient’s CEO requesting the recipient to facilitate a wire transfer
- An email that appears to be sent from a vendor with banking instructions
- Suspended account email requesting updated personal information
- Locked account alert requesting verification of login credentials
Restart a membership email with a link to click that will cause the installation of malware
It is important you understand these phishing attacks, so you can arm your employees and accountholders with knowledge & tools needed to better detect and prevent these crimes.
So how exactly can you protect against this prevalent risk?
The following are steps your financial institution should take to help detect and prevent exposure to fraud caused by phishing attacks.
- Network to stay informed about trending attacks
- Train your entire staff on what to watch for and what to do to detect & prevent an attack
- Establish an employee simulation program
- Send out mock phishing emails to gauge employee awareness
- Require multiple methods of authentication for accounts and transactions with sensitive information
- Warn and educate accountholders about warning signs for phishing attacks
- Inform accountholders that you would never use outbound communications to receive private information
- Keep current on security tools and software updates
- Install anti-phishing software
- Don’t click or respond to suspicious emails, links, or attachments – ask your employees and accountholders to take the same precautions
- Monitor and audit sensitive banking changes & review reports
- Enact dual controls for processes involving sensitive information
- Set appropriate dollar limits for ACH and wire transfers
- Adopt bond insurance products that will transfer a portion of the risk
Share information about phishing attacks with your employees and accountholders ASAP to arm them with the tools they need to better detect and prevent these types of attacks – so that your financial institution remains protected.
Click here to learn more about how we can help prevent and respond to fraud loss risks, or talk with your Allied Solutions Bond Specialist.
Content in the blog posts are the opinion and views of the writer, and don't necessarily reflect the opinions or views of Allied Solutions.