The financial services industry is currently under cyber attack as many established companies like HSBC, JP Morgan, and PayPal, as well as several less established financial institutions, experienced multiple data breaches.
The first quarter of the year 2019 saw a 77,400 percent increase in the number of damages the industry suffered from cyber attacks, an increase from only $8 million in the same quarter of 2018 to $6.2 billion this year, according to Forgerock. Most of these attacks originated from mobile phishing since mobile devices have become the most preferred device used by a company’s employees, contractors, and IT personnel.
Mobile phishing has become a popular means to attack financial institutions since there’s been a significant rise in the popularity of BYOD culture as more and more people gain access to their financial accounts through mobile devices. Many cyber criminals have also resorted to conducting phishing through mobile phones since they can no longer do so through emails.
Shift to Mobile Phishing
Many email platforms today can detect the cyber criminals’ phishing attempts due to the development of various anti-phishing technologies for them. Still, the same cannot be said for mobile devices when the attacks focus on mobile SMS.
Many mobile phone users have difficulties when handling their phones since they tend to be crowded platforms with a small screen that’s filled with a plethora of apps, leading to many inaccurate taps by users. The incorrect taps can increase the likelihood that a mobile phone user will fall victim to phishing attacks as they accidentally click links that compromise their cybersecurity.
Cyber criminals also send messages that mimic banks to prompt users to verify their PIN to ensure that it hasn’t been breached. Some even send messages that give a prompt from the supposed Internal Revenue Service to click on a link to send information and to avoid prosecution because one’s IRS filing is overdue.
How Mobile Phone Users can Avoid Phishing
Mobile phone users can minimize the risk of mobile SMS phishing by merely deleting the message, instead of replying to the text as it verifies that the number is active. People will need to know the telltale signs that a message is from a scammer.
One example to know if a message is from a legitimate bank is by checking if the message is asking the user to send any personal or sensitive information via text or not. If it does, then the text message is from a scammer. A bank may ask people to confirm if they made a particular transaction deemed questionable or to get in touch with its call center, but it won’t prompt a user to give sensitive information.
How Financial Service Companies can Mitigate the Risk of Mobile Phishing
Due to the prevalence of mobile phishing attacks occurring not only among ordinary people but also financial services firms, companies are providing phishing awareness training for their employees to attempt to mitigate the risk. While the training is useful, it isn’t foolproof since employees are only humans that can quickly get distracted and become prone to phishing attacks.
Because there is a growing trend for the Bring Your Own Device or BYOD culture among workplaces to let their employees use their own devices for work-related purposes, firms will need to set up sufficient BYOD policies in place to secure their cybersecurity. Such strategies will likely include basic security standards, role clarification with the IT department, use of Mobile Device Management Software, and others. By having sufficient BYOD policies, employees will know what to do when they receive text messages containing prompts like clicking a link, calling a phone number, or replying.
One other way to protect a company is by setting up a secure enterprise messaging solution to monitor and track messages directed at phishing sites.Having a robust and reliable messaging platform that allows a firm to capture and track messages that employees received on their mobile devices also adds a layer of protection for a financial service firm’s cybersecurity.
TeleMessage is a robust, secure enterprise messaging solution that features built-in protection against malicious links by restricting use solely to authenticated users. Our Mobile Archiving Platform also provides centralized control over the mobile communication taking place within your business as well as capturing and supervising text messages across BYOD or company-owned devices
Using such a platform allows a company to enforce granular policies and flag and review text messages at a faster, more straightforward, and more consistent rate in the long-run.
Contact us today to learn more about our enterprise messaging solutions.