How can we protect our customers from getting phishing emails supposedly from our company where they request a bank account change? We have had 3 cases in the last year where our customers pay to a hacker account.
Sort By:
Oldest
CISO in Manufacturing8 months ago
Education and awareness. What does a legitimate request look like? Sending customers information informing them of potential fraud that you have seen happen. Asking them to verify with you (their trusted contact via phone) to ensure that request is legitimate. Ultimately thought it is the customer's responsibility as well to improve their security program as well as phishing awareness, protection, detection and response. Director of IT8 months ago
Customer education and making sure your email practices reinforce the education is helpful. From the tech front you should update your DMARC - Domain-based Message Authentication and Conformance settings. This will help protect your emails from spoofing. Its really easy for scammers to find deficient DMARC settings. There are a ton of vendors or your internal IT/IS folks can set this up. good luck Director of IT in Transportation8 months ago
It might be because bad actors are actually getting into your team's email logins and sending emails from those. If that is the case, the very best thing you can do, to protect against that and in general to protect your team's emails, is to institute two factor / multifactor authentication, requiring it of all users. That will make it nearly impossible for a bad actor to commandeer one of your email accounts to abuse it.If the bad actor is sending the email from another email address but "spoofing" the from address (or closely imitating it) it is basically up to email recipients to be suspicious of all emails like tht these days. There are things THEY can do about it, but not much you can do about it.
You could send a general email to those with whom you have such relationjships letting them know that these days such things happen, and that they should be suspicious of any such emails, using the phone to call and verify, for example.
Strategic Banking IT advisor in Banking8 months ago
This is not an easy task to protect our customers from that threat.First, we have an internal team that 'listen' to the threats. You can report them suspicious emails that link to 'fake websites'. They work with 3rd parties to have these websites being shut down. 24/7...
Second, we often communicate (media, etc.) that we will never ask them sensitive information (SIN, etc.) and no communication from us should contain links.
Third, when accessing a website that appears to be ours, they should pay attention to the security status.
Last but not least, we offer than a protection for cyberfraud.
But it's very hard to prevent such a threat.
We've seen in the past many different tricks to mask hyperlink destination. Replacing 'i' with 'l' in the URL is very basic. But other techniques are far more sophisticated.
Director of IT in Healthcare and Biotech8 months ago
I realize that each organization is different but here at 6 things you can do:1. Inform and train your customers about phishing attacks and how to spot them. Send frequent emails, social media updates, or blog posts on phishing strategies and warning signals.
2. Establish email authentication: Verify email authenticity using SPF, DKIM, and DMARC. These techniques prohibit domain spoofing targeting your organization.
3. Strong encryption: Encrypt sensitive consumer data in databases or networks to prevent unwanted access.
4. Give clients explicit instructions: Explain how you will manage bank account changes and sensitive information updates. Stress that you would never request such information by email or other insecure ways.
5. Track client accounts: Watch for questionable customer account activity including frequent unsuccessful login attempts or rapid personal information changes.
6 . Assess third-party vendors: Check the security procedures of external service providers that handle client data to verify they follow industry standards.