Do you think Internet users can recognize phishing emails and prevent a fraudster from stealing their identity for financial gain or to commit other crimes?
A federation of Belgian banks demonstrated that these techniques were feasible by engaging in the following experiment. With the help of an agency, a phishing email was sent to various bank clients. One of them was scammed by this fake email and provided personal banking information. The agency then had access to his bank account and used his credit cards to make purchases. In addition, the agency gathered information on this individual by using social networks to steal his identity. A surprising video demonstrates the ease with which they performed this scam.
This example illustrates that social engineering techniques, such as phishing emails, are still effective and can be exploited by malicious individuals to commit fraud. It is therefore important to educate staff, users and clients on these techniques so they do not fall into these traps. In this regard, users should be wary of unexpected or suspicious emails and those with a title or a subject line describing an emergency situation. Moreover, bank clients should not provide their banking information over the phone, unless they initiate the call themselves. Users should always log into their account (banking, university, etc.) by entering the web address directly into their browser bar instead of clicking on an embedded link.
To read the bank’s article, please click on the following link:
To learn more about phishing techniques, please click on following links:
- Terranova Training’s microsite on phishing awareness
- Phishing (blog)
- Are your users well educated on phishing techniques? (blog)
To learn more about Terranova Training’s simulation and phishing awareness solutions or ask for your free trial.
By Patrick Paradis, Information Security Advisor