You Work While They Phish
Here is a recent email that ended up in my spam box.
IMPORTANT CHANGES COMING TO ONLINE BANKING - PLEASE READ
We've been working to implement new security enhancements to help deter fraud and ensure that we are providing you with the highest level of security while you are banking online. In the coming weeks, you will begin to notice a few changes to your online banking experience. Please note that for your protection, these new features will be required, but it will only take a few minutes of your time to walk through the set-up.
Most of the security enhancements are occurring behind the scenes. With the exception of a few initial steps on your part, you won't notice a change to the way you regularly manage your finances online.
The only thing you are asked to do is to update your personal information so our new security enhancements will be more effective.
To do that please click here and login to your Service CREDIT UNION online account.
You will notice one important change to the service prior to setting up your service questions and personal image: starting soon, when you log on to online banking, you will enter your user id on one screen and then enter your password on the next screen. In the background, we will be validating your user id.
Look for more information on these enhancements in the coming weeks.
Please do not reply to this message. For any inquiries, Contact Customer Service.
Service CREDIT UNION, N.A. Member FDIC, Equal Housing Lender
?2006 Service Credit Union. All rights reserved.
No, I do not have an account at the Service Credit Union. Nor do I think they are FDIC insured. But will a real customer of this institution pick up on the insurance, or will they divulge their confidential information first?
While you are working on your multi-factor authentication procedures, there are phishers working on getting your customers information. They hope this will lead to getting your money. We know this because phishing is working on fewer people, but those falling for it are losing more money. And who pays these customers back -- you do. It is your money.
As you work on multi-factor authentication or resolving customer losses next weekend, think about this. Symantec has researched the frequency of phishing attacks and sees a 30 percent dip in attacks over the weekends. We used to see many of these late Friday so the bank had a harder time reacting. Fortunately we're seeing fewer attacks against the banking industry. But that doesn't mean there are none. This is evidenced by the email I copied above and likely by your in-box as well.
Some considerations as we move into the year end when customers are vulnerable:
1 - Contact your customers and tell them how, when and why you'll contact them.
2 - Let customers know what information you won't ask them to verify in an email and if your email will be addressed to them personally. "Dear Andy" tells me they know me, "Dear Customer" or nothing at all tells me they don't.
3 - Educate customers and employees on how to report suspicious e-activity. Do you have a toll-free number and a web site link on your homepage? Do you offer seasonal security speakers to groups or invite groups into the bank?
4 - Have a written plan in place defining your phishing response plan.
IMPORTANT CHANGES COMING TO ONLINE BANKING - PLEASE READ
We've been working to implement new security enhancements to help deter fraud and ensure that we are providing you with the highest level of security while you are banking online. In the coming weeks, you will begin to notice a few changes to your online banking experience. Please note that for your protection, these new features will be required, but it will only take a few minutes of your time to walk through the set-up.
Most of the security enhancements are occurring behind the scenes. With the exception of a few initial steps on your part, you won't notice a change to the way you regularly manage your finances online.
The only thing you are asked to do is to update your personal information so our new security enhancements will be more effective.
To do that please click here and login to your Service CREDIT UNION online account.
You will notice one important change to the service prior to setting up your service questions and personal image: starting soon, when you log on to online banking, you will enter your user id on one screen and then enter your password on the next screen. In the background, we will be validating your user id.
Look for more information on these enhancements in the coming weeks.
Please do not reply to this message. For any inquiries, Contact Customer Service.
Service CREDIT UNION, N.A. Member FDIC, Equal Housing Lender
?2006 Service Credit Union. All rights reserved.
No, I do not have an account at the Service Credit Union. Nor do I think they are FDIC insured. But will a real customer of this institution pick up on the insurance, or will they divulge their confidential information first?
While you are working on your multi-factor authentication procedures, there are phishers working on getting your customers information. They hope this will lead to getting your money. We know this because phishing is working on fewer people, but those falling for it are losing more money. And who pays these customers back -- you do. It is your money.
As you work on multi-factor authentication or resolving customer losses next weekend, think about this. Symantec has researched the frequency of phishing attacks and sees a 30 percent dip in attacks over the weekends. We used to see many of these late Friday so the bank had a harder time reacting. Fortunately we're seeing fewer attacks against the banking industry. But that doesn't mean there are none. This is evidenced by the email I copied above and likely by your in-box as well.
Some considerations as we move into the year end when customers are vulnerable:
1 - Contact your customers and tell them how, when and why you'll contact them.
2 - Let customers know what information you won't ask them to verify in an email and if your email will be addressed to them personally. "Dear Andy" tells me they know me, "Dear Customer" or nothing at all tells me they don't.
3 - Educate customers and employees on how to report suspicious e-activity. Do you have a toll-free number and a web site link on your homepage? Do you offer seasonal security speakers to groups or invite groups into the bank?
4 - Have a written plan in place defining your phishing response plan.
posted by Andy at
8:06 AM
|
0 comments
