Phishing Season is Here Again
In so many of the incidents that have occurred in the past year, it's been discovered that someone at the company opened a phishing email and clicked on an infected link. Their computer then became infected with the Zeus Trojan, a well-known malware that seeks out banking credentials on an infected computer. As a result, companies, municipal governments, even local school districts have lost hundreds of thousands of dollars from fraudulent ACH and wire transactions.
Here is where an ounce of prevention could have prevented the pound of hurt. Ever since phishing first raised its ugly head, there has been a call for better education of computer users. And yet the criminals have in turn just upped their game and redirected their efforts to attacks via instant messaging, phishing attacks on social networks, phone-based phishing and even text-based phishing.
The phishing criminals' net is hitting not just banking brands, but every imaginable entity out there.
A recent security report from RSA shows that there is a very high awareness of phishing attacks among consumers who go online. The ongoing problem isn't that security education has increased the awareness of consumers, but that phishers have turned up the volume of attacks, with email phishing appearing slicker, more realistic (and grammatically correct). The phishing criminals' net is hitting not just banking brands, but every imaginable entity out there, including federal regulatory agencies.
The Federal Deposit Insurance Corp. has been victim to phishers several times in the last year. Most recently, the agency alerted consumers that they should ignore emails that appear to be coming from the FDIC. The bogus note offers the recipients a $50 credit to their account if they'll take a five-question survey. This isn't a new phishing scam, as phishers used similar ploys to net retail consumers with bank and retail brand names.
Similarly, banks and credit unions across the country report that they're being hit, sometimes in waves, with phishing, vishing and smishing attacks.
The good news is there is action to assemble a bigger army to fight it. The industry association FS-ISAC announced it has formed a working group to tackle the problem of corporate account takeover. But they won't be just educating on corporate account takeover - this is happening to retail banking consumers, too, says Errol Weiss, the leader of the Corporate Account Takeover working group.
In the meantime, every institution needs to also take up arms against phishing in its many forms. Educate your consumer and business customers about the threats that they face. The primary message that needs to be drummed into everyone's head is this: Your financial institution will never ask you for your account information or personal information in any kind of conversation that they have initiated.
Sounds simple, but it's a solid start.