The Agency Insider with Linda McGlasson

Phishing Plays us All for Phools

Phishing Plays us All for Phools

It doesn't surprise me to hear that even top law enforcement officials don't bank online because they almost fell for a phisher's line of "Your bank account has been compromised, click here to reset your password..."

FBI Director Robert Mueller says his wife doesn't let him bank online anymore because he almost fell for that line.

In the time it takes you to read this line, there's probably been at least one person who's opened an email that looks like its coming from their bank. And that's just here in the U.S. Right now they're typing in their account number, credit card number, PIN, mother's maiden name - well, you get the idea.

The news Mueller broke on Wednesday that his FBI agents and law enforcement officials in Egypt smashed a phishing ring of 100 criminals here and in Egypt is great. It is encouraging to see that the long arm of the law is getting a longer international reach. More of this kind of law enforcement cooperation must happen to better fight the international cyber crime rings that circle the globe.

The bad news is that the 100 people indicted represent just a small percentage of the cyber criminals out there targeting your institution's customers. A look at the latest report from the Anti Phishing Working Group shows that cyber crime perpetrated through these kinds of schemes has increased almost 600 percent over last year's numbers.

Is this a sign that the cyber criminals are winning? The short answer is yes. In talking with several experts in the malware space in the last few months, the cat and mouse game we're engaged with against the cyber criminals lurking out on the "Wild Wild Web" is getting even more pitched, based on the level of fervor at which they are hitting us and our customers. They are arming themselves with a new array of malware, Trojans, automated phishing attacks, botnets, and an army of criminal-minded programmers who are wreaking havoc on the Internet, all with the one goal in mind -- making money through their criminal activities.

The biggest targets of these criminals are your customers, both private citizens and commercial account holders. These criminals target the average person who just wants to take care of a few errands, pay some bills and get back to living their average life, watching their kid play in a soccer game, walking their dog, buying groceries and making dinner. These criminals are looking also to cash in on the unsuspecting small business owner or small corporation that falls for the "spear phishing" email that appears to come from their bank, asking to update their online banking account information.

The best place to begin arming your customers against these criminals is with a combination of education, awareness and common sense. Educate your customers -- make them aware of the wily phishers' ways. Tell them to practice common sense when opening emails that appear to be coming from your institution. Tell them to call your institution's customer service number to verify that the email is "really" from your institution. (Most likely you've already told them not to expect contact through email, but just in case, tell them again that you won't contact them through email for anything regarding their account, including passwords, PIN numbers, or authentication questions.)

The 100 phishers netted in "Operation Phish Phry" are only the start. Make sure your customers are armed with the information they must have the next time they open their inbox, so they won't bite the phisher's hook.



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.