With so many threats and distractions in the media, let’s not lose sight of phishing. It’s obvious the bad guys haven’t. And why should they? Phishing remains a very effective attack strategy for which there are few defenses. For example, many Target customers couldn’t tell the difference between legitimate and fraudulent emails offering free credit monitoring. In reality, these were phishing emails that followed the company’s recent security breach.
The biggest phishing targets
A recent study (by Kaspersky) offers vital information about phishing. According to the study, ‘Financial Cyber Threats in 2013,’ one-third of all phishing attacks detected last year were aimed at financial institutions. Apart from the top 25 banks, the most popular phishing attacks included PayPal, American Express, Visa, Western Union, Authorize.net and MasterCard. Statistically, PayPal was the top target, followed by American Express, Visa and MasterCard. Amazon was the top targeted store for phishing campaigns, followed by Apple’s iTunes, eBay and Alibaba.
Social sites get top billing
Perhaps a more interesting finding from the study: financial institutions were not the top target overall. That honor went to social networking sites — a reminder that thieves recognize the value of currencies other than money. Your social presence, profile and even your contacts may be of even more value.
Your social vulnerabilities
Most consumers can get their money back in cases of phishing that leads to financial fraud. But it’s not so easy to change who you are, what you do, and those you know. It’s a phenomenon I’ve seen grow in the last year. Personal information is sought out more by cybercriminals because it allows identity thieves more opportunities to use a victim’s information. And by compromising one victim, thieves can gain access to hundreds or even thousands of others. In an industry where return on investment counts, that kind of access really does matter. Thieves are targeting the weakest link in the chain so they can own every link.
The easy scam
Sergey Lozhkin, senior security researcher at Kaspersky Lab summed up the issue in a press release announcing the study. “Phishing attacks are so popular because they are simple to deploy and extremely effective. It is often not easy for even advanced Internet users to distinguish a well-designed fraudulent site from a legitimate page, which makes it even more important to install a specialized protection solution. In addition, phishing causes reputational and financial damage to organizations that see their brands exploited in phishing attacks,” he said.
Impact on banks
Phishing presents a number of problems, especially for financial institutions. There are few technologies that can prevent it from happening. If the phishing email gets through to the user, the last line of defense is his or her awareness and vigilance. If that fails and the user falls victim, chances are the financial institution will be blamed. And at the very least, the confidence and trust of the victim will be severely impacted by the incident.
Talking to customers
It’s so important for financial institutions to talk to their customers as often as possible about security. Be their friend, mentor, advisor and early warning system. It might not cost more than an email to get their attention, and if you’re successful, everyone wins. Besides, what other options do banks and credit unions have?
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.