|
Be Prepared – Organize and pre-position assets
|
|
|
Designate responsible “owner” within the organization and assemble response team – number one responsibility is to create channels and procedures for disseminating news and updates on attacks internally
|
|
|
Make it easy for customers to report attacks – phishing@bank.com and info on website.
|
|
|
Prepare messaging and PR – Warning for website, customer support scripts, press info
|
|
Take steps to protect your site and customers
|
|
|
Make sure you have Track 2 CVC/CVV coding ENABLED – This is the #1 issue for banks and credit unions. Phishers are relentless when this is a problem – expect several attacks per day since they can cash out accounts directly with impunity.
|
|
|
Pre-emptively register and/or recover high risk domain name variants – own your bankname in major variants (net/org etc.), along with high-risk terms (e.g. bank-login.com) - See our Domain Control section for details.
|
|
Monitor for active attacks - internal initiatives can catch 90+% early
|
|
|
Analyze returned e-mail “blow back” for bounced phishing spam - 90% of all phishing e-mails use the target company’s own domain as the “from” address. (See the research.)
|
|
|
Monitor for customer reports – phishing@bankname.com and other channels
|
|
|
3rd Party Monitoring for variety of vectors (web logs, spam, domains, etc.) catches another 10% of phishing attacks.
|
|
React swiftly and decisively to attacks
|
|
|
Report to blocking services – keep customers from ever seeing site. Internet Explorer 7, Firefox 2.0 and a large and growing number of toolbar providers and ISPs can be blocking within minutes of trusted report. Report your sites for immediate blocking via our Hunt - Block - Kill™ account. Request an account invitation today.
|
|
|
Get the site down quickly. An experienced internal team or vendor should kill sites in under 24 hours worldwide. Our PowerShark service delivers rapid site shutdown at a low cost.
|
|
Educate your customers, and be smart yourself
|
|
|
Periodically send general information and policies regarding phishing to customers in all mediums and place phishing information prominently on company website and user areas
|
|
|
Standardize outbound messaging and marketing and use good e-mailing tactics to make sure you don’t help train your customers to be fooled.
|
|
|
Join the Anti-Phishing Working Group (APWG) to stay on top of new developments in phishing.
|
