Tips to prevent your emails from being phishedPublished on 07 Dec 2010
Get in touch with us
Keen to find out more or get an expert's opinion?
A phishing email masquerading as a bank’s eStatement alert – would you know the difference?
A case in point. Recently an HSBC eStatement alert was replicated by phishers. It looked exactly as one would expect an eStatement notification to look; the logo was in the right place and the images as well as links were directed to the HSBC site. The exception was the “Proceed to the HSBC website” link which went to a compromised website housing a man-in-the-middle phishing exploit.
Customers wouldn’t have thought twice about clicking on the link and entering their login details, the details of which would have been captured by the phishers.
The following statistics were extracted from the latest AWPG Global Phishing Survey (October 2010):
“Millions of phishing URLs were reported in the 1st half of 2010, but the number of unique phishing attacks and domain names used to host them was much smaller. The 1st half 2010 data set yields the following statistics:
- There were at least 48,244 phishing attacks. This is down significantly from the record 126,697 observed in 2nd half 2009, and the fewest in any period since the 1st half 2008. The decrease in attacks was due to reduced activity by the Avalanche phishing gang.
- The attacks occurred on 28,646 unique domain names. This is virtually unchanged from the 28,775 seen in 2nd half 2009, and down from the 30,131 observed in 1st half 2009. The number of domain names in the world grew from 168 million in mid-2008 to 192 in late 2009 to 196 million in May 2010″
As indicted in our Industry Trends graph alongside; the total number of phishing attacks are declining. However this does not negate the fact that phishers are getting smarter and producing emails that are almost indistinguishable from the authentic version.
To prevent phishing, customer protection must be maximized
Emails should be digitally signed, come from SPF and DKIM protected domains and have personalization such as your full name and the display of partial customer data on the face of the email. This assures customers that the sender knows who they are sending the email to.
Security is a key factor for both the sender and recipient, here is more information on these protection devices.
The obvious solution is email delivery
Emailing the customer a Secure PDF eStatement each month is a much simpler and safer option. There is no website to visit, no links to click on, no registration and this option is available to everyone that has an email address (estimated at 84% of economically active customers in the UK).
Across the globe, some of the biggest banking brands have already seen the light and are ‘pushing’ eStatements to their customers, we think it’s just a matter of time until the whole market follows suit.