Search
× Search
Mitchell Gross
/ Categories: Blog

Phishing Attacks Target the Financial Industry

What is Phishing?

Phishing is a fraudulent way of obtaining detailed account information through unauthorized methods, the most common being fake emails that resembles a typical email from the company. In the banking sector, phishing aims to gather personal information such as banking logins, PIN, bank account number, and credit card numbers. This information is used by fraudsters to access accounts, make transfers, commit credit card fraud, or sell the information on the black market.

 Source: https://info.phishlabs.com/blog/banks-epayment-top-list-of-phishing-kit-targets

Based on the Anti-Phishing Working Group (APWG), the numbers of phishing attacks identified in 2018 increased by 46% over 2017. When compared with other industries, the financial sector is the target of most phishing crimes. Companies in the financial sector were targeted the most at 41%. Following behind is 19% of social networking services and 17% of email services. The chart above is the breakdown of phishing kit targets globally made by PhishLabs.

 

Email or Phone Inquiries are the Most Common Phishing Attack Vectors?

People who attempt phishing attacks are usually a group of professionals running illegal operations. When calling or sending emails to customers, the hackers take a common approach of asking to help customers reset or update their banking data by asking for login or other personal information. This can be done by clicking on a link or verifying personal information over the phone to an automated call or live individual.

How Can you Prevent Phishing?

People are easily enticed to click on links that seems exciting, worrisome, or inquisitive. Do not be easily provoked to click on any links until you consider who the email is from, what the intent is, and where the links or instructions are asking you to go. The following steps can protect you from fraudulent email phishing attacks:

  1. Check the source of the sender

Email address may seem like they are safe, but the name shown on the email may not be the actual email. You can click on it to see more details and phishing emails typically appear to be from a safe sender when its actually disguised as an unknown sender.  

  1. Validate the link

When hackers send phishing emails, they usually disguise their malicious link under a “legitimate” URL name. Hold the cursor over the links to see the real website you will be directed to and check if it is safe to access. If you are unsure of the validity of the link, it is best to type in the correct URL yourself and check if the same requests exist for your account.

  1. Determine the purpose for the email

Emails have an intent to them, some provide information, some are conversation based, some want to sell you something, and some want to steal your information. You need to know the premise behind the email you are receiving. If it is from Bank of America asking you to update your account, you should be suspicious. Keep in mind that the bank never requests customer data by telephone, email or letter. If there is a problem with your account, the procedure should be carried out directly at the bank or through your online banking.

  1. Check for errors in the email

Fake emails typically have fake logos, addresses, emails, links, and other terminology. You will also notice that it is common for them to have spelling errors, extra spacing, and other grammar errors.

  1. Report suspicious activity

When you confirm you received a phishing email, it is best to report it to either your email provider or to the company that is being imitated. This helps them increase their security and makes them aware of the fraudulent activity taking place.

 

You can avoid phishing by taking the time to analyze the email before accepting it is safe. If you are not expecting the email, then you should always be suspicious of every link and attachment you receive. Something that looks reliable is not necessarily safe. No matter how sophisticated your security system is, human error can still occur.

Contact us at discovery@rbadvisoryllc.com for your free cybersecurity consultation and to learn more about our Employee Awareness Training. RB Advisory is your one stop shop for all things cybersecurity.

Previous Article Understanding the Importance of Cybersecurity for Organizations
Next Article Enabling Multi-factor Authentication Prevents Your Company from Significant Monetary Losses
Print
156

Comments are only visible to subscribers.

Search Our Blog

Contact RB Advisory LLC

RB Advisory Newsletter

Terms Of UsePrivacy StatementCopyright 2019 by RB Advisory LLC
Back To Top