It’s becoming too easy for criminals to get their hands on your banking information, due to your employees’ ignorance of phishing scams.
Malware attacks have soared recently, targeting banks for the purpose of stealing online banking information. Over 200,000 new infections occurred between July and September 2013—the highest jump in the past 11 years, according to a TrendsLab Security report. Cyber-criminals are ubiquitous on this planet, and phishing is a favorite among their arsenal of attacks, a way to gain access to computers, as well as infecting a computer.
ZeuS (aka Zbot) is a common malware planted on websites. If a website is infested with ZeuS, or other malware, and you visit that site, your computer will become infested with ZeuS. Once settled in, ZeuS steals online banking credentials, and then transmits these details to a remote server, where the cyber-criminals can access it. But for ZeuS to spread, that means someone is opening a phishing email and clicking on the link that leads to the virus-inhabited website.
Who’s clicking on these links? Unfortunately, some of your employees probably are. According to a recent eWeek article, 18 percent of phishing messages are opened in the workplace—and yes, this includes clicking the accompanying malicious link.
That’s not all—sometimes the numbers can go even higher. According to the report, one particular phishing campaign yielded a 72 percent clicking response on the link.
Furthermore, the report states, 71 percent of users’ computers have a higher susceptibility of infection due to having outdated versions of popular software such as Microsoft Silverlight and Adobe Acrobat.
How To Stop Your Employees
Monthly training of employees to avoid suspicious emails helps knock down the percentage of clicks to 2 percent, much better than quarterly training does (to 19 percent). The report adds that cleaning recipients’ invaded computers costs the company, even though 57 percent of companies rated phishing attacks as “minimal.” However, even “minimal” impact still means a lot of cleanup for a high volume of attacks, involving IT staff response and employee downtime during system restoration.
Those who take the bait are costing you money, and the potential risk to your business is enormous. The Anti-Phishing Working Group recommends the follow tips. Share them with your employees ASAP.
- A big red flag should go with emails that request personal financial information. If the name of the company bank is mentioned, arrange a phone call to that bank regarding the suspicious email.
- Be leery of exciting or worrisome statements designed to rattle emotions rather than sink in logically; think before you click!
- Be highly suspicious of a message asking for a password, username, credit card information, date of birth or other very private details of yourself or your company.
- If you don’t recognize the sender’s name or address, or have no idea what the message could pertain to, simply ignore it altogether. It’s never urgent to click a link; you won’t get fired if you don’t.
- Never enter confidential financial (or personal) data in a form inside the email.
- A special toolbar, installed in the Web browser, can help protect you from fraudulent sites. The toolbar compares online addresses with those of known phishing sites and will provide a prompt alert before you have a chance to click or give out private information.
- The latest versions of Chrome, Firefox and Internet Explorer have optional anti-phishing protection.
- Bank, debit and credit account statements should be regularly checked for suspicious transactions.
- If any transactions look suspicious or unfamiliar, alert appropriate personnel to contact the relevant financial institution.
- The computer browser should always be kept up-to-date. Security patches should be installed.
Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Protect Yourself from Phishing
Everyone has received very obvious “phishing” e-mails: Messages in your in-box that have outrageous subject lines like “Your Account Will Be Suspended,” or, “You Won!” While some phishing attacks are obvious, others look harmless, such as those in a person’s workplace in-box, seemingly from their company’s higher-ups. Researchers point out that an e-mail may appear to come
- Phishing works and here’s why
A phishing e-mail is sent by a cyberthief to trick its recipient into revealing sensitive information so that the crook could steal money from the recipient or gain access to a business’s classified information. One way to lure an employee is for the crook to make the e-mail appear like it was sent by the
- 10 Ways To Prevent Phishing
Identity Theft Expert Robert Siciliano The Anti Phishing Working Group published a new report seeking to understand such trends by quantifying the scope of the global phishing problem, especially by examining domain name usage and phishing site uptimes. Phishing has always been attractive to criminals because it has low start-up costs and few barriers to entry.
- Are You Protected From Zeus?
In Greek mythology, Zeus is the father of all gods and men. Today in the tech world, Zeus is the father of all computer viruses. The Zeus Trojan virus, which has been around since 2007, has been described as one of the most powerful, sophisticated, and evasive viruses ever. Many antivirus programs have had difficulty
- Phishing Alert: 8 Tips to protect yourself from Attacks
It’s as easy for hackers to phish out your personal data as it is to sit in a canoe on a still pond, cast the bait and wait for the fish to bite. So many people fail to learn about phishing scams, a favorite and extremely prevalent scam among cybercriminals. A type of phishing scam is to