QUESTION:
Recently, our firm came under a “phishing attack.” Our IT people fixed the problem, but we really don’t know what happens in a phishing attack. Can you explain it in layman’s terms? Also, How can we prevent this kind of cyber attack?
Recently, our firm came under a “phishing attack.” Our IT people fixed the problem, but we really don’t know what happens in a phishing attack. Can you explain it in layman’s terms? Also, How can we prevent this kind of cyber attack?
ANSWER:
Phishing is the act of attempting to acquire information such as usernames, passwords,and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Today's spear-phishing attacks are highly targeted, technically sophisticated, and represent a real threat to data security.
Attackers can leverage information gleaned from social media to tailor messaging to individual targets, and can convincingly imitate legitimate senders. A successful attack compromises the target's device with malware and can be used by a criminal to gain access to the entire network - often with serious financial repercussions for the business.
It’s apparent that residential mortgage lenders and originators have non-public personal information at their fingertips and it would be disastrous to have that information in the wrong hands.
How can you prevent phishing attacks on your computer?
You can start by avoiding and not opening emails that contain subject lines that read:
1) Invitation to connect on LinkedIn
2) Mail delivery failed: returning message to sender
3) Dear (insert bank name here) Customer
4) Important Communication
5) Undelivered Mail Returned to Sender
2) Mail delivery failed: returning message to sender
3) Dear (insert bank name here) Customer
4) Important Communication
5) Undelivered Mail Returned to Sender
In sophisticated and large infrastructure environments, there is technology like firewalls and web-blockers in place that can prevent certain emails from filtering through to you, the user.
Certainly, your organization should implement an Information Security Plan. This is an extensive document that ensures regulatory compliance and contains practical, preventive steps to warding off a cyber attack.
However, in smaller, less-sophisticated environments, or even at your home network, you should be cognizant that your personal computer is the gateway to information that someone else may want. It’s imperative that you keep your PC’s anti-virus updated, and avoid suspicious emails that invite you to click on a hyperlink.
Kevin Origoni
Director/IT and Internet Security
Lenders Compliance Group
