Top Banking Threat Still Email Phishing, How One Bank Is Fighting Back
By: Jim Stickley and Tina Davis
April 3, 2022
One of the most prolific cyber assaults on organizations continues to be email phishing. Financial institutions in particular make lucrative, easy targets to exploit. Statista reports the first quarter of this year found nearly 25% of global email phishing targeted financial institutions. That’s huge, but what are they doing to help prevent it? A recent interview by Habitat with Meghan Hallinan, Senior VP of Commercial Private Banking at BankUnited gives insight into this ongoing threat, and how BankUnited is fighting back.
Hallinan finds email phishing is one of BankUnited’s largest digital fraud schemes, including business email compromise (BEC). Data breaches and phishing scams are how most email fraudsters gain access to financial systems. An employee who acts on an email phishing lure can inadvertently unleash ransomware, wire transfer fraud, financial identity theft, and loss of customer confidence. It’s that easy.
The Bank Fights Back
Protecting customers, their data, and finances from a variety of email phishing and other attacks is a top priority for Hallinan and BankUnited and should be for any organization. Having a dedicated fraud team is a big part of BankUnited’s cybersecurity plan. According to Hallinan, these teams do constant monitoring for unusual activities. Keeping a close eye on things also involves watching every business and personal account. If something unusual pops-up, the team flags it immediately. As part of their ongoing search for the cyber-suspicious, a fraud team member calls the customer to verify their transaction if needed.
In addition, Hallinan says, “There are several products that prevent financial transactions from leaving the bank. We have positive pay for check fraud or that are converted to Automated Clearing House, or electronic transfers. We have ACH debit blockers to protect accounts. We also have layers of security when you're sending out ACH or wire payments so that there are multiple levels of approval.”
You Can Fight Back
Since many financial institutions lack the security armor of BankUnited, a look at anti-phishing tips for these institutions helps prevent phishing attacks.
- An email requiring action from the recipient should be highly scrutinized, especially those demanding wire transfers, opening attachments, or following links. Do not do so until the sender is completely vetted, including carefully inspecting their name, email address, and domain name. Also, check the phone number on record and call the sender to verify their request.
- Confirm an email with co-workers. Hackers can spoof the sender appearing as another employee to trick you. Unless you’re 101% the email is not phishing, confirm it with the co-worker who sent it. Requests for wire transfers should be confirmed by at least two people.
- Always think before acting. Any email with a request for urgency, high-pressure tactics, or asks for sensitive information is likely an email phishing set-up. It’s well-worth taking the time to think before you act.
If nothing else, remember this: If you don’t know, ask. Chances are that you and your employer will be happy you did.