Fraudsters Exploit New Online Security Checks With Phishing Attacks

By   ISBuzz Team
Writer , Information Security Buzz | Sep 04, 2019 04:53 am PST

Scammers are mimicking new security measures designed to keep you safe online, by sending fake emails that attempt to steal your banking credentials and personal data.  Banks, card providers and retailers across the EU are asking customers to provide up-to-date contact information, as part of new checks for online card payments known as strong customer authentication (SCA), Which? reported.

Notify of
5 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Bindu Sundaresan
Bindu Sundaresan , Director
InfoSec Expert
September 4, 2019 4:18 pm

Over recent years, hackers have evolved phishing attacks to mimic original brands or reputable websites to evade detection and, unfortunately, they are proving successful. Ultimately, they are targeted at an individual user so appropriate training and awareness is vital to remind users to remain vigilant to unsolicited or unexpected emails which ask for credentials, payment, or any other action that seems out of the ordinary.

Last edited 4 years ago by Bindu Sundaresan
Martin Jartelius
InfoSec Expert
September 4, 2019 4:12 pm

Your bank will never ask for your personal data or password is the advice to aid anti-fraud. It is sad to see an industry turning resorting to this very thing, thinking they would prevent scammers. This likely will end on most lists of worst security ideas of the year.

Last edited 4 years ago by Martin Jartelius
Tim Erlin
Tim Erlin , VP of Product Management and Strategy
InfoSec Expert
September 4, 2019 4:10 pm

As long as banks send legitimate emails as a means of communicating with customers, scammers will attempt the same with fake emails. Email as implemented today is a terrible system for conducting business. While attempts have been made to improve the technology, none of them have taken hold.

We can’t simultaneously tell consumers not to click on links in email, yet continue to send them emails full of links we want them to click on. I guarantee that somewhere this very story about fraudulent emails will get shared as a link in an email.

Last edited 4 years ago by Tim Erlin
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Leader
September 4, 2019 12:57 pm

Cyber criminals are quick to jump on any event to launch phishing campaigns, whether this be off the back of a major event like a natural disaster, or something like this, where banks are asking for details and customers are expecting the communication.

There are often telltale signs when it comes to phishing emails, Users should look out for the email address the mail has come from, hover over links to see where they are going and look out for spelling, grammar, and the tone of the email.

However, for requesting sensitive data, email is not a good medium and should not be used. Banks should remind customers repeatedly to not follow links in emails and not to provide any sensitive information via email. Rather, this information could be collected via post, in a branch, or online once a user has logged onto their online banking platform.

If banks ask for sensitive information via email, or ask customers to click on links in emails, it sets a bad precedent and primes users to be more likely to fall victim to phishing scams.

Last edited 4 years ago by Javvad Malik
Corin Imai
Corin Imai , Senior Security Advisor
InfoSec Expert
September 4, 2019 12:55 pm

This attempt to capitalise on users following security best practices – such as resetting their password or creating stronger credentials for their online payments – is a common tactic used by fraudsters, and demonstrates that caution alone is never enough when it comes to email security.

While thankfully banks are heavily invested in protecting their customers, it is also important that they make their communications with customers as difficult to replicate as possible. Banks – but, more broadly, every organisation that holds sensitive data – should avoid asking customers to complete any action as a result of an email, even if that is changing a password or downloading an app.

Meanwhile, users should protect themselves by taking the time to check the legitimacy of the messages they receive, conscious that taking a little longer to complete an action is always preferable to having one\’s financial and personal information compromised.

Last edited 4 years ago by Corin Imai

Recent Posts

Would love your thoughts, please comment.x