The Agency Insider with Linda McGlasson

Phishing Season is Here Again

Phishing Season is Here Again

At the root of the ACH and wire fraud striking small businesses is the social engineering crime called phishing.

In so many of the incidents that have occurred in the past year, it's been discovered that someone at the company opened a phishing email and clicked on an infected link. Their computer then became infected with the Zeus Trojan, a well-known malware that seeks out banking credentials on an infected computer. As a result, companies, municipal governments, even local school districts have lost hundreds of thousands of dollars from fraudulent ACH and wire transactions.

Here is where an ounce of prevention could have prevented the pound of hurt. Ever since phishing first raised its ugly head, there has been a call for better education of computer users. And yet the criminals have in turn just upped their game and redirected their efforts to attacks via instant messaging, phishing attacks on social networks, phone-based phishing and even text-based phishing.

A recent security report from RSA shows that there is a very high awareness of phishing attacks among consumers who go online. The ongoing problem isn't that security education has increased the awareness of consumers, but that phishers have turned up the volume of attacks, with email phishing appearing slicker, more realistic (and grammatically correct). The phishing criminals' net is hitting not just banking brands, but every imaginable entity out there, including federal regulatory agencies.

The Federal Deposit Insurance Corp. has been victim to phishers several times in the last year. Most recently, the agency alerted consumers that they should ignore emails that appear to be coming from the FDIC. The bogus note offers the recipients a $50 credit to their account if they'll take a five-question survey. This isn't a new phishing scam, as phishers used similar ploys to net retail consumers with bank and retail brand names.

Similarly, banks and credit unions across the country report that they're being hit, sometimes in waves, with phishing, vishing and smishing attacks.

The good news is there is action to assemble a bigger army to fight it. The industry association FS-ISAC announced it has formed a working group to tackle the problem of corporate account takeover. But they won't be just educating on corporate account takeover - this is happening to retail banking consumers, too, says Errol Weiss, the leader of the Corporate Account Takeover working group.

In the meantime, every institution needs to also take up arms against phishing in its many forms. Educate your consumer and business customers about the threats that they face. The primary message that needs to be drummed into everyone's head is this: Your financial institution will never ask you for your account information or personal information in any kind of conversation that they have initiated.

Sounds simple, but it's a solid start.



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.