European Banks Need Better Phishing Protection

Phising attacks hit European banks

Phishing scams are big business, which is why we were shocked to read an article on BullGuard’s website.

It would appear as though European banks – those monoliths that we believe to be impenetrable to cyber-attacks and scams – are not doing enough to protect is from phishing scams.

We’ll let BullGuard fill you in:

Phishing scams and European banks

Up to a quarter of major European banks are not providing best practise phishing protection to their customers according to a survey from Sectigo, a cybersecurity analyst firm.

The firm looked at banking websites and rated them based on the presence of SSL certificate verifications provided by a Certificate Authority (CA), which confirm that a website is authentic and legitimate.

  • Each bank’s website was rated according to the type of certificate used to secure the home and login pages for the bank’s online banking service.
  • Full marks were awarded for the presence of Extended Validation (EV) SSL certificates and the maximum level of identity verification on the home and login pages.
  • Websites without an EV certificate on the home and/or login pages received a lesser rating.

An Extended Validation Certificate (EV) is a certificate used for HTTPS websites and software that proves the organisation that provides the sites/software are who they claim to be.

In Europe, 25% of banks did not receive the highest rating, but thankfully, there wasn’t one single bank that warranted a ‘not secure’ status.

What does this mean in practice? 

Cybercriminals often create counterfeit websites to trick people into unknowingly providing valuable information such as account logins, credit card numbers and personally identifiable information that can be used for identity theft.

  • A website using an EV SSL Certificate displays security indicators directly in the browser address bar, such as a padlock, HTTPS, and the verified company name and country.
  • A website that doesn’t display these signs suggests it’s a counterfeit website or as the Sectigo survey shows, a bank that isn’t paying full attention to its online presence.

User advice

Given the widespread use of phishing campaigns and counterfeit web pages it’s recommended that you check the following points when logging onto a site in which you might make a payment or enter sensitive data:

  • Look for the full company name at the left of the address bar to ensure the site is legitimate.
  • Don’t enter credit card numbers, personal information, logins, or other sensitive data on any web page that is not secured with a certificate that is, displaying a padlock in the browser bar.
  • Avoid clicking on links in emails that you weren’t expecting and which attempt to get you to enter personal information. These are typically phishing emails.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.