Of late, banks have become very vulnerable to malware attacks. According to a report by Invisible Web Unmasked, over 200,000 new attacks occurred from July to September 2013.
This was made possible by the failure by the bank decision makers (and other businesses) to instill anti-phishing mind-set in employees.
Despite the available information on malware attacks, many businesses still fail to teach their employees about phishing scams.
One type of phishing scam favored by many cybercriminals is to lure users onto a malicious websites. One such example is ZeuS which is planted on websites and is able to ‘steal’ users’ online banking information then forward the information to the thief’s server.
This malware thrives on user’s gullibility to open a phishing e-mail and then click on a link to the malicious site. Once clicked, the malware will automatically download and install onto the system.
These gullible users might be your employees.
It has been reported that 18 percent of phishing e-mails are opened on the job. Many people in the workplace are being lured into clicking on these malicious links.
Employees fall victim when are fiddling around with personal affairs on mobile devices or the company computer. Sometimes they click on the links believing that they are business related.
This calls upon the management to mandate monthly training sessions for employees to make them understand what phishing is all about and how to avoid suspicious links.
The management must ensure that this training is continuous since cyber-criminals keep developing new malwares now and then. At the same time new employees may be recruited who need the training.
Without this training, employees may believe that the management routinely communicates with them via e-mails with links.
To prevent your business device from being infected ensure that you use up-to-date versions of software.
According to the Anti-Phishing Working Group, employees should observe the following;
• Use a password manager to access online statements instead of clicking on the links in statements.
• Keep the computer browser up-to-date.
• If a form inside an email requests personal information, enter delete to chuck the email.
• Consider never clicking on links in emails. To visit a site, do a web search to find it.
• Use anti-spyware, antivirus and anti-phishing software and a firewall.
• Do not open the spam folder that is where most of e-mails with suspicious links go.
• Be careful about email from an unfamiliar sender. If there is important news, someone will notify you in person or via a voice phone call.
• Don’t trust an email from an employee that requests personal information, particularly financial data, or to donate to a charity. Even if the message contains the name and logo of the business’s bank, phone the bank and inquire about the email.
• Be suspicious of an email requesting credit card information, a password or a username.
• Be wary of an email subject line that’s of an urgent nature, particularly if it concludes an exclamation point. Never rush to click on an email no matter how urgent the subject line appears.