Phishing, Spoofing, Smishing: The Financial Fraud Trifecta
Malicious actors often use one or more of three common compromise methods: phishing, spoofing and smishing. Smishing (or SMS phishing) is similar to the more familiar phishing except that customers receive a text message with a link instead of an email.
In all cases, spoofed websites are the destination for these links; attackers mimic the style, font, color and design of legitimate bank websites to convince customers that they can safely enter their account information.
On their own, each of these attack types represents a potential compromise. When paired, the likelihood of success increases significantly. For example, if cybercriminals get clients to click through with convincing emails, they can send them to spoofed bank home pages that look legitimate. Once credentials are entered, however, attackers have full access to customer accounts.
What Fake Websites Mean for Banks
For banks, fake websites and the malicious messages that send clients to them are a growing problem. In part, this is because banks are often behind the curve when it comes to detection: Unless a customer reports it, banks may be unaware of a site’s existence. By the time the bank discover it, customers have been victimized.
Tracking down these sites one by one is a time-consuming game of whack-a-mole, especially for IT teams already tasked with defending business data.
As noted by American Banker, however, the Consumer Financial Protection Bureau is working on guidance that may see banks held accountable for certain types of fraud tied to digital payment scams. Even if banks are unaware of what’s happening, they could still be on the hook for customer damages.
How Banks Can Fight Back Against Spoofed Websites
BlueVoyant, a CDW partner, offers a solution to this challenge with its Digital Risk Protection platform, which can help banks stay ahead of these inventive imitators. DRP is an end-to-end digital risk solution that helps banks both detect and eliminate cyberthreats before they impact customers.
Key features of the platform include:
- Digital brand protection, which actively monitors for brand impersonators using spoofed web domains, social media fraud or malicious apps to lure unsuspecting customers. In addition, BlueVoyant will go beyond simply monitoring the existence of these sites, assisting organizations with taking them down — even running “stings” aimed at helping to catch the bad guys.
- Data leakage detection, which gathers intelligence from the clear, deep and dark web to detect potential compromise.
- Account takeover monitoring, which sends alerts to banks from BlueVoyant experts if compromised data or credentials are sold or exchanged. DRP can also take action to remediate the exposure.
- Fraud campaign discovery, which monitors groups across instant messaging applications such as WhatsApp, Telegram and Discord to discover stolen data and leaked bank account information.
DRP is priced on a per-user basis, making it easier for banks to balance security benefits and budgets.
Spoofing, phishing and smishing continue to cause trouble for banks — problems they’re often unaware of until fraud has already occurred. With DRP from BlueVoyant, financial firms can take control of their digital presence and take steps to eliminate potential imitators.