May 18, 2020
While the world adapts to a new way of living amid the COVID-19 pandemic, cybercriminals have accelerated phishing attacks and significantly increased spoofed websites. Unfortunately, they’ve dedicated much of their efforts to financial service providers, hoping that perhaps they’ve let their guard down during this unprecedented time.
Here are some specific threats to be aware of now, along with actionable tips you can use to safeguard beyond enterprise firewalls.
Phishing attacks jumped by 667% in the month of March 2020 alone according to InfoSecurity magazine. Email remains the predominant channel for phishing attacks, but social media attempts are increasing as of late. Amid the global pandemic, “Emotet” has become the primary malware being distributed via phishing attacks. It is especially dangerous because it evades detection from anti-malware products. Additionally, it has worm-like capabilities that help it spread to other connected computers; the malware can morph itself every time it moves to a new system. Because of this, standard malware detection practices may not suffice.
Banks must apply a prevention strategy to detect “Emotet” before it can become a problem. Focus on phishing prevention by deploying cyber-tools that screen and monitor activity outside of firewalls.
To improve on cybersecurity posture against the enterprise, harden email practices to strictly regulate the information coming into the system and educate staff so they understand how important they are as a first line of defense. Due to the rise of social media-driven phishing attacks, customers also need constant communication and awareness about the harm clicking on fake social media communication disguised as authentic promotional offers or servicing announcements can cause. If a customer were to click on a fake social media advertisement that contains malicious malware, for example, it could eventually deploy a keystroke copier. As a result, the customer’s online banking and other private credentials could be compromised, and account takeover could occur.
In the last few weeks, phishing campaigns have used fake domains designed to look like those owned by the U.S. Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO); they are sent via phishing emails that appear to come from the CDC. As more businesses seek financial assistance from the government, the U.S. Small Business Administration has also seen a rise in these types of attacks.
Here are some ways to keep your bank safe from cyber -attacks:
Internal and external monitoring is becoming industry best practice, and there are solutions that continuously check and alert against your verified trusted sources. FIS Digital Risk Protection (DRP) continually monitors predefined entities across data sources and ensures you receive timely alerts that go beyond the firewalls, VPN, and endpoint detection. Since its Q4 2019 market launch, FIS DRP teams have achieved a 95% takedown acceptance rate.