Scan the financial world's security headlines and we presently are awash in big-time cyber threats, from Project Blitzkrieg to Gauss – but just maybe a bigger worry is a whole lot simpler.
Targeted phishing aimed at bank and credit union employees continues to grow, it continues to get more sophisticated, and it continues to result in millions of lost dollars.
It's not razzle dazzle but it is a proven way to steal.
Question: would you click on an email from your boss with the header: Urgent – Need Response Immediately?
One financial institution employee in two will click on that email, and they may regret their decision because the emails may carry malware that could involve transmitting user name and password to criminals, who will loot the credit union or its members' accounts.
“When we start training employees, the susceptibility rate usually is around 58%,” said Rohyt Belani, CEO of PhishMe, a Chantilly, Va., training company that claims three of the four biggest banks as customers. Belani also said the company has many credit union customers – he declined to name names – among its 175 active accounts.
What PhishMe does is simple. Employees at clients get periodic targeted phishing emails, sent by PhishMe. Those who click to open immediately get a mini training session (90 seconds to perhaps three minutes, said Belani).
The process is repeated – again and again.
After 18 months of training, susceptibility plummets to the 4% to 8% percent range, said Belani.
The point: employees can be taught, through bite-sized educational interludes, what to click on and what to forward to security.
But this is a never-ending fight. Phishing emails continue to morph as the senders get smarter.
A frightening prediction from Belani: “In 2013 we will see more targeted malware SMS sent to employees' cellphones.” His belief: as Bring Your Own Device (BYOD) has spread to more institutions, security for those devices has not kept pace.
He sees criminals targeting financial institution employees, grabbing their contacts list off their phones, and using that data to send out more and more precisely targeted phishes.
Would you click on a link in an SMS that seemed to come from your credit union's CEO?
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
