Over 20% of Phishing Scams Target Banks raising Network Security Fears among SMBs

Posted by Geraldine Hunt on Sun, Jul 14th, 2013

It's been reported that one out of every five phishing attacks (20.64%) targets customers of banks and other financial organisations. The research was conducted by Kaspersky Lab into the evolving nature of phishing attacks, with threats between May 2012 and late April 2013 examined. The Kaspersky antivirus solution is one of the anti-virus components offered as part of the SpamTitan anti-spam solution.These results are not surprising – cybercriminals selling banking details or using fake online banking or shopping pages can lead to easy earnings.

These types of crimes will continue as long as they remain profitable for the scammers, cybercriminals follow the money!. It’s important for banks or financial institution to understand their adversaries - if you’re a credit union in Ohio, it’s unlikely that a hacking group will have a bone to pick with you. However, organized criminals may be very interested in your customer data. This kind of information and understanding informs company’s where they need to invest your security resources.

Business customers sue banks following successful phishing attacks

There have been cases where business customers have sued banks following a successful phishing attack. One such case is EMI who sued Comerica stating that the banks actions opened EMIs online bank account to a successful phishing attack where over $500k was stolen from the company’s account. The case claimed that an EMI employee opened and clicked on links in a phishing email that said it was from Comerica. The EMI employee provided the site with the company's online banking credentials. The employee was duped and followed the instructions in the email . Needless to say what resulted was multiple rapid transfers of funds to accounts around the world. EMI is but one of many companies across the U.S. being targeted by hackers in this fashion.

Banks would argue that this phishing attack should have been obvious to the user and anyone responsible for safeguarding the company’s network, financial records and digital credentials. Most people are now aware of the prevalence of banking phishing scams or spear phishing attempts which often appear legitimate. However some employees may not be aware of these scams and need to be educated around a range of security issues, creating a culture of security awareness in the company is an important step but crucially the most important step a company can take is to put in place robust and powerful security solutions.  This doesn’t mean that companies can afford to ignore the ‘softer’ behavioural issues associated with security, it only takes one employee to open the wrong email to give access to sensitive company data bring a whole company’s IT systems to a halt.

According to the FBI, worldwide cybercriminals earn over $100 billion per year through their increasingly sophisticated cyber attacks. SMBs are frequently more exposed to risk from cybercriminals than larger companies. Despite the widespread dangers of phishing attacks, a simple step like installing a powerful security solution to protect the company’s network will help prevent even the most inexperienced users from being scammed when conducting transactions online. Lack of proactive security measures can cost companies financially through the loss of data & system downtime!

Security Challenges SMBs face :

• Inadequate security awareness among employee
• No Dedicated IT security professional
• Limited IT security budget
• Lack of IT security policies

Big company thinking is often about maximising the IT security budget, whereas SMEs are much more frugal and need to think about the customer. SMEs require fast, cost-effective and easy to manage solutions. Small businesses are faced with many of the same risks as larger firms but without the same level of resources. In this scenario planning for security is an imperative.

Phishing volumes sky-high in 2012. 

In terms of phishing, 2012 was a landmark year, when phishing volumes were sky-high. Phishing schemes continue to evolve and grow, and they're increasingly targeting new channels, such as mobile. We have to remember that phishing is the easiest attack to launch against end-users, and we're going to see that continue through 2013 and 2014. It’s not rocket science, but more a case of delivering joined up multi-layered pragmatic security. A layered set of defences in which software, services, hardware and policies are used to protect data and other assets at the network, system and application levels is required.  An obvious – but often-forgotten – layer in this cake of protection is the common sense of your users – one of the critical layers to prevent threats from gaining a foothold. 

Would you organisation be prepared for a targeted phishing attack?