Phishing Remains Popular and Effective

Phishing, where a scammer sends an email that appears to come from a trusted source in order to trick recipients into clicking malicious links, has been around for quite a while now. Although phishing has become fairly well known, the scam continues to be a successful and widely used as a method of stealing bank credentials and other personal information.

Cyber security experts recently reported to the House Financial Services panel that criminals have tweaked their phishing tactics. Until recently, most phishing messages purported to be from a bank. But in the latest versions of this scam, the phony emails claim to be from the National Automated Clearing House Association, the Electronic Federal Tax Payment System, the U.S. Postal Service, private delivery firms, telecommunications companies and social networking websites.

According to testimony from the Financial Services Information Sharing and Analysis Center, phishing “remains the most popular attack method that criminals use to infect victims’ machines.”

To protect yourself from phishing scams, malware, and identity theft, follow these guidelines adapted from the Anti-Phishing Working Group:

1. Be suspicious of any email that demands personal financial information. Call your bank directly to determine if they legitimately need information from you.
2. Certain red flags can help you spot a phish, such as upsetting or exciting statements designed to elicit an immediate reaction.
3. Phishing messages typically ask for usernames, passwords, credit card numbers, Social Security numbers, your date of birth, or other similar personal details.
4. If you suspect that an email or chat message may not be authentic, or you don’t recognize the sender, do not click any links included in the message.
5. If possible, avoid filling out any form within an email that requires you to enter personal financial data.
6. Consider installing a toolbar in your Web browser to help protect you from fraudulent websites. These toolbars match compare online addresses against a lists of known phishing websites and will alert you before it’s too late.
7. The latest versions of Internet Explorer, Chrome, and Firefox include optional anti-phishing protection.
8. Check your bank, credit, and debit account statements regularly for any unauthorized transactions.
9. If you notice any suspicious or unfamiliar transactions, contact your bank and/or card issuer immediately.
10. Make sure to keep your browser up-to-date and install any necessary security patches.

Banks can help protect their customers by using iovation’s ReputationManager 360, which helps businesses avoid fraud loss by detecting high-risk behavior and stopping cybercriminals in their tracks. The device identification and device reputation technology from iovation assesses risk as activities take place at various points within an online site, such as account creation, logging in, updating account information, attempting a purchase or transferring funds. These checks can be customized and fine-tuned to suit the needs of a particular business, detecting fraudulent and risky behavior in order to identify and block cybercriminals for good.