Skip to content

Protecting your bank from phishing attempts

FRBservices.org's July 15 FED360° newsletter includes an article, "Gone phishing—Tips to help protect your organization from phishing attempts." Phishing is used by threat actors in attempts to acquire sensitive information using a fraudulent solicitation, via email or on a website (or through text messages) in which the fraudster poses as a legitimate business or reputable person. The article offers tips to help protect banks and other organizations from phishing attempts:

  • Educate your staff on what phishing is, how to spot it and how/where to report it when it occurs.
  • Consider having occasional "testing" phishing exercises.
  • Have clear and well documented policies on how to manage phishing attempts to ensure staff respond appropriately
  • When possible, use technology to aid in the identification of phishing emails though the classification of internal versus external email sources
  • Add warning messages to the header of all incoming emails from external senders, alerting employees to review external messages with extra care
  • Maintain contemporary anti-virus and anti-malware scanning software to offer additional protections in the event staff inadvertently click on suspicious links embedded in the body of an email
  • Stay on top of the evolving phishing tactics by consulting with your information security staff to monitor trends and adjust internal policies and procedures accordingly
  • Restrict or remove email and web browsing on systems routinely used for payments processing
Filed under: 

Training View All

Penalties View All

Search Top Stories