5 Ways to Reduce the Threat of Phishing Within Your Bank

by Brad Garland
Phishing remains a major threat for both individuals and the businesses that serve them. According to the Anti-Phishing Working Group’s Global Phishing Survey, at least 123,972 sites around the world were used to launch phishing attacks targeting banks in the last half of 2014. In the first half of 2015, almost 41 percent of phishing attacks targeted banks.reduce phishing in your bank

Those attacks were split into two categories: mass phishing, which lures customers to fake sites asking for their credit card information, and spear phishing, which targets individuals directly in an attempt to get them to send money to a fake account or compromise their identity.

It’s crucial that your bank’s financial technology security services be working effectively with your customers to avoid a security breach.

1. Know If Your Customers Are Getting Phished

You must be aware when your customers are targeted by phishing attempts, and that means your customers need to be able to report it to you. Make sure they know what phishing is and how to recognize it — but most importantly, ensure they know what communication looks like when it comes from you, and what types of information you will and will not ask from them.

2. Have a Response Plan

Once a phishing attempt is identified, your computer security systems must respond immediately. Have procedures in place to “tag” phishing websites and report them to Web hosts, ISPs, and law enforcement and other authorities.

3. Ensure Your Online Interactions With Customers Are Always Secure

While it can be useful to maintain a constant stream of communication with your customers via email, don’t overdo it. It’s all too easy for one fraudulent phishing email to get “lost in the crowd,” and your customers won’t realize the link they’re about to click is a phishing link. A good way to ensure a level of secure communication is to utilize an email encryption tool or your online banking banking application. The additional security of the multi-factor authentication and secured messaging will help reduce the risk.

4. Identify and Educate Potential Spear-Phishing Targets

The most vigorous phishing attempts are usually targeted at people with access to large accounts, especially when that person’s access is publicly visible, as in the case of a high-ranking company official. Ensure you can identify those customers and then work with them directly to ensure they’re informed of the risk and know how to respond. Ensuring dual controls for submission & approval for both the customer and bank when able can add a layer of control.

5. Use Very Strong Authentication, Web and Email Filters

Don’t forget the security fundamentals. Your authentication procedures should be robust and well tested, and your Web and email filters should be monitored carefully to ensure they’re doing what you need them to.

Contact us today and request a risk management consulting session for your bank.
Click me