Steps to Take When Customers Receive Phishing Emails
by : Stan Jaslar
Nearly two-thirds of IT executives believe that customers are the weakest link in banking security. In fact, 46% of executives in the financial services industry report that their biggest security concern is phishing attacks directed against their customers, and 40% of banking professionals believe customers are careless online.
In this climate, your customers are likely to receive phishing emails, and you need a plan in place to protect them as well as your financial institution.
1. Remind Customers of Your Practices
Ideally, you shouldn’t wait for your customers to receive phishing emails. Instead, the best medicine is prevention. Let your customers know about the risks of phishing emails and remind them that you will not ask for certain information over email.
You probably never ask for online passwords or ATM PINs. Let your clients know that if they ever receive an email, a phone call, or a text requesting those details that it’s certainly not from your institution. Also, consider going a step further and letting your customers know that you’ll never call to sell them diamonds or other commodities, that you’ll never send a link to a page requesting their sign in details for online banking, and that you’ll never provide banking services through any other apps. Then, if customers see requests for this type of information, they will know it’s not your bank and they can take steps to report the attempted fraud.
2. Check Domain Names Carefully
On average banks send more marketing emails than companies in other industries, and if you follow the lead of other financial institutions, you probably put hyperlinks into your marketing emails. To be on the safe side, you could discontinue that practice and let your customers know that you will never email them a link, but that’s likely not a realistic option from a marketing perspective.
Instead, let your customers know that phishing emails often contain fraudulent links. Remind them to double check the domain name of any link they follow. If it’s not exactly the same as your bank’s domain name, it’s a fake. Similarly, remind them to check the sender’s address when they receive an email, and potentially even send your customers lists of legitimate addresses so they can check the list to see if an email is truly from your financial institution.
3. Don’t Log In If Anything Seems Unusual
As indicated above, a lot of phishing emails direct unsuspecting victims to a false web address. There, the victim is prompted to enter the login details for their online banking, but the site is set up so all those details go directly to a scam artist. Often, the page looks just like the bank’s actual website, but a few details are different.
The fake page may ask for extra information that is not usually included in the sign-in process. That may include the last four digits of the customer’s social security number, answers to popular security questions, or other details that could help the fraudster commit theft. Remind your customers not to sign in if anything seems different or unusual.
4. Request to Have Phishing Emails Forwarded
Educating your customers is just the beginning. Ideally, you also want to see which phishing emails they are receiving. Let your customers know they should forward phishing emails to your institution’s fraud department. You may also want to ask them to take screenshots of fraudulent websites and provide any other information they can on potential frauds.
When you know which scams fraud artists are using to target your customers, you are in a better position to educate them. You can also let the authorities know about the potential scams, and in some cases, you may even be able to track down the origin of the scam.
5. Make the Reporting Process Easy
That said, your customers may not report potential scams unless the reporting process is easy. Savvy customers will simply delete the emails and move on with their day, while less tech savvy customers may fall for the threat before they bring anything to your attention.
So that you can get as much information as possible on phishing attempts, publish your fraud department email address on your website, and choose an address that’s easy to remember such as firstname.lastname@example.org. The easier you make it, the more likely your customers will be to report issues.
When you run a financial institution, you and your customers are more likely to face fraud than businesses and customers in almost any other industry. To protect your institution, you need the right security partners. At SQN Banking Systems, we create fraud protection tools that are efficient and easy to use. To learn more, contact us directly.