BEDFORD, Mass. — Credit unions cannot afford to be optimistic in hopes that a phishing attack does not occur, according to Amir Orad, vice president of marketing, Consumer Solutions Division at digital security expert RSA. Orad's comments came following a report that phishing attacks on credit unions rose in September while those on banks decreased.
Nearly 50% of the brands targeted for phishing attacks in September were credit unions, a 6% spike since last month, according to the new RSA Monthly Online Fraud Intelligence Report. Meanwhile, attacks on nationwide and regional banks showed a slight decrease to 17% and 35% respectively.
Some security experts contend that credit unions are viewed as having weaker security than banks, and thus become a prime target. Orad said it's a combination of large banks having the resources to battle phishing and that there are "tens of thousands of potential [credit union] targets and as far as the bad guys go, even just 10% of that is a big enough target number for them."
Recommended For You
Most of the credit unions targeted were phished less than five times each. Phishers keep the scale of these attacks against smaller institutions low, however they tend to use more refined spam lists, the report said.
"There are three things you have to have in mind," advised Orad. "Number one, you are going to be attacked. It's not if, but when. That fact has been proven again and again across different institutions across the country. Once you have that in mind the second thing to do, which costs almost nothing, is to put an internal process into place: How can we find out if we've been attacked? What should we do? Do we have a way to report an attack? How effective will we be? That process doesn't cost a lot but it needs the proper attention."
Once an internal process is in place the next step is to invest, in advance of an attack, in anti-phishing technology. Effective technology is available from various vendors, or credit unions may decide to build their own technology although typically it is not as cost effective, Orad added.
The cost will vary with the size of the credit union. You can get a service for a few hundred dollars per month for a small group to a few thousands dollars per month if you're a large entity, Orad said. The highest cost comes when an organization is ill prepared to combat phishing, he added.
"If a credit union doesn't have a process or the technology in place the first attack will take days–five or six days–to deal with," Orad said. "In those five to six days the operational costs and branding issues can cost tens of thousands of dollars to work out. Given we've seen what happens after a first single attack, the service pays for itself."
In the last four months RSA has identified a 48% increase in the number of phishing attacks and that number should continue to rise, the RSA report detailed. Sixty-three percent of the attacks were hosted from the U.S., which is up 15% from last month. It is the highest level of attacks hosted in the U.S. this year.
The RSA Anti-Fraud Command Center detects, monitors, tracks and shuts down phishing, pharming and Trojan attacks worldwide. It has shut down over 18,000 phishing attacks to date. –[email protected]
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more inforrmation visit Asset & Logo Licensing.