Phishing Attacks Target the Financial Industry
What is Phishing?
Phishing is a fraudulent way of obtaining detailed account information through unauthorized methods, the most common being fake emails that resembles a typical email from the company. In the banking sector, phishing aims to gather personal information such as banking logins, PIN, bank account number, and credit card numbers. This information is used by fraudsters to access accounts, make transfers, commit credit card fraud, or sell the information on the black market.
Based on the Anti-Phishing Working Group (APWG), the numbers of phishing attacks identified in 2018 increased by 46% over 2017. When compared with other industries, the financial sector is the target of most phishing crimes. Companies in the financial sector were targeted the most at 41%. Following behind is 19% of social networking services and 17% of email services. The chart above is the breakdown of phishing kit targets globally made by PhishLabs.
Email or Phone Inquiries are the Most Common Phishing Attack Vectors?
People who attempt phishing attacks are usually a group of professionals running illegal operations. When calling or sending emails to customers, the hackers take a common approach of asking to help customers reset or update their banking data by asking for login or other personal information. This can be done by clicking on a link or verifying personal information over the phone to an automated call or live individual.
How Can you Prevent Phishing?
People are easily enticed to click on links that seems exciting, worrisome, or inquisitive. Do not be easily provoked to click on any links until you consider who the email is from, what the intent is, and where the links or instructions are asking you to go. The following steps can protect you from fraudulent email phishing attacks:
- Check the source of the sender
Email address may seem like they are safe, but the name shown on the email may not be the actual email. You can click on it to see more details and phishing emails typically appear to be from a safe sender when its actually disguised as an unknown sender.
- Validate the link
When hackers send phishing emails, they usually disguise their malicious link under a “legitimate” URL name. Hold the cursor over the links to see the real website you will be directed to and check if it is safe to access. If you are unsure of the validity of the link, it is best to type in the correct URL yourself and check if the same requests exist for your account.
- Determine the purpose for the email
Emails have an intent to them, some provide information, some are conversation based, some want to sell you something, and some want to steal your information. You need to know the premise behind the email you are receiving. If it is from Bank of America asking you to update your account, you should be suspicious. Keep in mind that the bank never requests customer data by telephone, email or letter. If there is a problem with your account, the procedure should be carried out directly at the bank or through your online banking.
- Check for errors in the email
Fake emails typically have fake logos, addresses, emails, links, and other terminology. You will also notice that it is common for them to have spelling errors, extra spacing, and other grammar errors.
- Report suspicious activity
When you confirm you received a phishing email, it is best to report it to either your email provider or to the company that is being imitated. This helps them increase their security and makes them aware of the fraudulent activity taking place.
You can avoid phishing by taking the time to analyze the email before accepting it is safe. If you are not expecting the email, then you should always be suspicious of every link and attachment you receive. Something that looks reliable is not necessarily safe. No matter how sophisticated your security system is, human error can still occur.
Contact us at firstname.lastname@example.org for your free cybersecurity consultation and to learn more about our Employee Awareness Training. RB Advisory is your one stop shop for all things cybersecurity.