2011: The Year of the Fish?

According to The Fraud Blog's Tracy Kitten, bank security personnel are gearing up for a year in which they expect a lot more bad guys will "go phising" (and "vishing"). Like most fraud, phishing attacks are increasing in number and sophistication. Banks know these are a problem, but fighting back is becoming increasingly difficult. […] About half of the respondents to our Faces of Fraud Survey say phishing and vishing are major concerns. Interestingly, only 20 percent say they feel prepped to fight and prevent those attacks against their customers and brands. We've discussed "phishing" on this blog many times, as well as "vishing." Vishing is phishing using a telephone rather than e-mail. Like many phishing attacks (particularly "spear-phishing"), the fraudster callers use various guises to appear to be legitimate representatives of some business (even the intended victim's bank) who have a "need to know" your personal information. Apparently, they're successful often enough to keep them coming back for more. Among the causes of concern, according to an ISACA survey cited by Ms. Kitten, is the increased use of mobile channels to access online banking. Another heightened risk is the increased use of social networks, where "phishers" love to troll. Using a mobile device to access a social network, then clicking all the links that catch your eye, is the equivalent of Lady Gaga wearing her meat dress on a stroll through the Lion enclosure of the Bronx Zoo. Yet, you can bet your bottom dollar that plenty of pinheads are doing just that, even as we speak. The riskiest online behaviors: Clicking on an e-mail loop to access a shopping site, which 52 percent of ISACA survey respondents admit to doing; and mixing personal networking with business. Fifty-two percent admit to using a work computer or smart phone to access social networking sites for personal use. "It is kind of the flip of using personal stuff for business and then using business stuff for personal — clicking on links." Here's more: Results from another recent survey, this one from the Anti-Phishing Working Group, reveal that 54 percent of household and business PCs are infected with some kind of malware, most likely from users clicking on links and accessing sites that make them vulnerable. Tracy says that banks shouldn't blame it all on the consumer. For one thing, the ploys are becoming increasingly sophisticated, so much so that she almost fell for one herself. Moreover, the number of attacks has been increasing by leaps and bounds. According to another study, this one released in October by Symantec, the number of phishing attacks launched on consumers has jumped from one or two a week in 2005 to more than 70 per day. Educating consumers goes only so far, contends Ms. Kitten.She thinks financial institutions ought to be investing heavily in technology that doesn't "allow those phishy e-mails through in the first place." From what security experts in the field tell me, technology exists that could virtually eliminate this kind of fraud. But banks and credit unions are not investing in the right solutions. They depend too much on anti-virus software, which is insufficient. I'm interested in hearing what sort of technology solutions a bank would implement that would prevent a customer from receiving a phishing e-mail. I'm also interested in hearing what such technology might cost the average community bank. With all the Dodd-Frank costs and expenses that are being heaped on banks in the name of "reform," spending more money to protect customers from being victimized by they're own gullibility and risky behavior is a proposal that might not make it out of the starting gate at many institutions.

Read more detail on Recent Banking and Finance Law Posts –

This entry was posted in Banking and Finance law and tagged , , . Bookmark the permalink.

Leave a Reply