The hugely successful efforts of three major banks to curtail phishing attacks has provided a model for financial services firms worldwide, with the industry’s cyber intelligence-sharing network the FS-ISAC this week releasing its comprehensive anti-phishing framework.
The framework provides FSIs (covering all sizes and maturity levels) actionable steps and best practice guidance to help safeguard their firms and customers against the financial and reputational harm of phishing attacks – the world’s most pervasive cybercrime.
The protective measures have delivered impressive results for the three US banks that inspired the framework, resulting in an almost immediate 50 per cent reduction in text abuse incidents.
One bank also reported a 90 per cent reduction in ‘abuse box’ reports — a facility for customers to promptly report attempted scams to the bank — following implementation of the framework.
The approach consists of four key actions:
- Collect and Share Intelligence: Gather actionable intelligence from consumers and disseminate it across relevant departments.
- Educate Employees and Customers: Develop education programs to heighten awareness of phishing tactics among both employees and customers.
- Catalogue Communication Channels: Maintain a catalogue of telephone numbers used by the institution and third-party partners to prevent spoofing.
- Leverage Anti-Phishing Technology: Collaborate with telecommunications providers to deploy anti-phishing solutions.
Phishing scams – which typically involve fraudsters using email, text messages, or phone calls that mimic trusted sources, such as banks or financial firms, to steal personal and financial information – are a pervasive threat to Australian FSIs.
According to figures from ACCC’s ScamWatch service, phishing attacks currently make up more than 40 per cent of the nearly 200,000 reports lodged with the service so far this year, with Australians reporting losses of more than $13 million to such scams through 2024.
Linda Betz, executive vice president of global community engagement at the FS-ISAC, underscored the importance of collective action in stymieing the phishing threat, with the report supporting “shared knowledge and coordinated intelligence .
