Fraudsters Exploit New Online Security Checks With Phishing Attacks

Scammers are mimicking new security measures designed to keep you safe online, by sending fake emails that attempt to steal your banking credentials and personal data.  Banks, card providers and retailers across the EU are asking customers to provide up-to-date contact information, as part of new checks for online card payments known as strong customer authentication (SCA), Which? reported.

Experts Comments

September 04, 2019
Bindu Sundaresan
Director
AT&T Cybersecurity
Over recent years, hackers have evolved phishing attacks to mimic original brands or reputable websites to evade detection and, unfortunately, they are proving successful. Ultimately, they are targeted at an individual user so appropriate training and awareness is vital to remind users to remain vigilant to unsolicited or unexpected emails which ask for credentials, payment, or any other action that seems out of the ordinary.
September 04, 2019
Martin Jartelius
CSO
Outpost24
Your bank will never ask for your personal data or password is the advice to aid anti-fraud. It is sad to see an industry turning resorting to this very thing, thinking they would prevent scammers. This likely will end on most lists of worst security ideas of the year.
September 04, 2019
Tim Erlin
VP of Product Management and Strategy
Tripwire
As long as banks send legitimate emails as a means of communicating with customers, scammers will attempt the same with fake emails. Email as implemented today is a terrible system for conducting business. While attempts have been made to improve the technology, none of them have taken hold. We can’t simultaneously tell consumers not to click on links in email, yet continue to send them emails full of links we want them to click on. I guarantee that somewhere this very story about fraudulent .....Read More
As long as banks send legitimate emails as a means of communicating with customers, scammers will attempt the same with fake emails. Email as implemented today is a terrible system for conducting business. While attempts have been made to improve the technology, none of them have taken hold. We can’t simultaneously tell consumers not to click on links in email, yet continue to send them emails full of links we want them to click on. I guarantee that somewhere this very story about fraudulent emails will get shared as a link in an email.  Read Less
September 04, 2019
Javvad Malik
Security Awareness Advocate
KnowBe4
Cyber criminals are quick to jump on any event to launch phishing campaigns, whether this be off the back of a major event like a natural disaster, or something like this, where banks are asking for details and customers are expecting the communication. There are often telltale signs when it comes to phishing emails, Users should look out for the email address the mail has come from, hover over links to see where they are going and look out for spelling, grammar, and the tone of the email......Read More
Cyber criminals are quick to jump on any event to launch phishing campaigns, whether this be off the back of a major event like a natural disaster, or something like this, where banks are asking for details and customers are expecting the communication. There are often telltale signs when it comes to phishing emails, Users should look out for the email address the mail has come from, hover over links to see where they are going and look out for spelling, grammar, and the tone of the email. However, for requesting sensitive data, email is not a good medium and should not be used. Banks should remind customers repeatedly to not follow links in emails and not to provide any sensitive information via email. Rather, this information could be collected via post, in a branch, or online once a user has logged onto their online banking platform. If banks ask for sensitive information via email, or ask customers to click on links in emails, it sets a bad precedent and primes users to be more likely to fall victim to phishing scams.  Read Less
September 04, 2019
Corin Imai
Senior Security Advisor
DomainTools
This attempt to capitalise on users following security best practices - such as resetting their password or creating stronger credentials for their online payments - is a common tactic used by fraudsters, and demonstrates that caution alone is never enough when it comes to email security. While thankfully banks are heavily invested in protecting their customers, it is also important that they make their communications with customers as difficult to replicate as possible. Banks - but, more.....Read More
This attempt to capitalise on users following security best practices - such as resetting their password or creating stronger credentials for their online payments - is a common tactic used by fraudsters, and demonstrates that caution alone is never enough when it comes to email security. While thankfully banks are heavily invested in protecting their customers, it is also important that they make their communications with customers as difficult to replicate as possible. Banks - but, more broadly, every organisation that holds sensitive data - should avoid asking customers to complete any action as a result of an email, even if that is changing a password or downloading an app. Meanwhile, users should protect themselves by taking the time to check the legitimacy of the messages they receive, conscious that taking a little longer to complete an action is always preferable to having one's financial and personal information compromised.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.