European Banks Need Better Phishing Protection

Phishing scams are big business, which is why we were shocked to read an article on BullGuard’s website.

It would appear as though European banks – those monoliths that we believe to be impenetrable to cyber-attacks and scams – are not doing enough to protect is from phishing scams.

We’ll let BullGuard fill you in:

Phishing scams and European banks

Up to a quarter of major European banks are not providing best practise phishing protection to their customers according to a survey from Sectigo, a cybersecurity analyst firm.

The firm looked at banking websites and rated them based on the presence of SSL certificate verifications provided by a Certificate Authority (CA), which confirm that a website is authentic and legitimate.

  • Each bank’s website was rated according to the type of certificate used to secure the home and login pages for the bank’s online banking service.
  • Full marks were awarded for the presence of Extended Validation (EV) SSL certificates and the maximum level of identity verification on the home and login pages.
  • Websites without an EV certificate on the home and/or login pages received a lesser rating.

An Extended Validation Certificate (EV) is a certificate used for HTTPS websites and software that proves the organisation that provides the sites/software are who they claim to be.

In Europe, 25% of banks did not receive the highest rating, but thankfully, there wasn’t one single bank that warranted a ‘not secure’ status.

What does this mean in practice? 

Cybercriminals often create counterfeit websites to trick people into unknowingly providing valuable information such as account logins, credit card numbers and personally identifiable information that can be used for identity theft.

  • A website using an EV SSL Certificate displays security indicators directly in the browser address bar, such as a padlock, HTTPS, and the verified company name and country.
  • A website that doesn’t display these signs suggests it’s a counterfeit website or as the Sectigo survey shows, a bank that isn’t paying full attention to its online presence.

User advice

Given the widespread use of phishing campaigns and counterfeit web pages it’s recommended that you check the following points when logging onto a site in which you might make a payment or enter sensitive data:

  • Look for the full company name at the left of the address bar to ensure the site is legitimate.
  • Don’t enter credit card numbers, personal information, logins, or other sensitive data on any web page that is not secured with a certificate that is, displaying a padlock in the browser bar.
  • Avoid clicking on links in emails that you weren’t expecting and which attempt to get you to enter personal information. These are typically phishing emails.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.  

 

8 Free-ish Anti-phishing Tools

Phishing

Here are a couple of alarming phishing stats for you to ponder:

  • 85% of organisations have suffered a phishing attack
  • An average phishing email has a 30% chance of being opened

Education is a great way to prevent falling victim, but it never hurts to have another layer of protection too.

You might be wondering why we used the word ‘free-ish’ in the title. Well, that’s because not all of the 8 are free, but they are still worth knowing about.

0Spam

This works with POP, IMAP, Gmail and AOL by downloading your email before it is delivered to you, remove the spam, and then deliver the good mail to you. It allows you to use CAPTCHA to verify senders, set up whitelists for individual emails or entire domains, customise verification emails, download lists that include a week’s spam and more.

It’s free for single email accounts receiving less than 1,000 spam messages a week. There is a premium option available too.

AlienCamel

Apart from a really cool name, AlienCamel offers you unlimited email storage (IMAP and POP) on their servers and sorts your email for you into “Pending” and “Spam” folders so you can view everything before you download it to your system.

It works with most of the popular email clients for both Windows and Mac OS X, and they are also currently testing an iPhone app. The service costs $8 USD a month, or $80 a year.

Spam Arrest

After setting up a whitelist for your contacts, every person who emails you will get an automated CAPTCHA reply that they must respond to for their email to get through to you (only on their first email).

All spam messages are held on the Spam Arrest servers for 7 days so you can see if there are any you want to let through. The service is $5.95 USD when paid monthly.

Spamfence

This free service is a little awkward because you need two email addresses with your mail provider: Mail is delivered to the first address, passed on to Spamfence to check it for viruses and spam, and then the cleaned email is delivered to the second address.

GFI MailEssentials

Using two spam detection engines, this one attempts to reduce the rate of false positives to make sure that email gets to the folder it truly belongs in. The system supports Microsoft Exchange 2000, 2003, 2007 and Lotus Domino, and offers a plethora of blacklists and whitelists based on criteria of your choosing.

Mailprotector

This one is for business and corporate users, Mailprotector tests each email for origination, routeing, construction, communication and content, and then assigns it a score based on the results. Fail the test, and it’s off to the spam folder.

SpamAssassin

This versatile spam filtering system can be placed anywhere in the email stream to do its job. Due to this feature, it can work with a great number of email setups, including Gmail. It can be used on servers running Linux, Mac, Unix or Windows.

SPAMFighter

SPAMFighter is an Exchange Module that will work with Microsoft Exchange Server 2000, 2003 and 2007 or Microsoft Small Business Server (SBS) to expunge your system of spam before it gets delivered. Besides just fighting spam, the system can also generate analytics to show you just how much email it is stopping, how many users are on the system, and more.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source - Sitepoint

How to Protect Your Computer

Antivirus software is a must, but the bad guys out there are becoming increasingly devious in their attempts to attack your PC.

The best way to protect yourself from them is to gen up on their latest techniques.

Phishing

Phishing attacks can either come from mistyped website URLs and email messages that pretend to come from legitimate sources.

The best way to defend yourself is to carefully look at the URL before typing in your details. If it is not spelt correctly, run away.

Social media and bank websites are the most common ones. Another tip is that most of these sites will use HTTPS encription, so if that’s not showing before the web address the chances are it’s a phishing site.

Malicious emails

We’ve all had them, emails will malicious links and attachments that purport to come from a bona fide source.

The best advice we can give is to never click on a link, or open an attachment, if the email has not come from someone you know.

If it looks as though it’s from you bank, Paypal, a social media site or something like that, navigate your way to the website through your browser, don’t click on the links in the email.

Fake update or error warnings

When surfing the net there’s a chance you could come across dodgy sites and pop up boxes cunningly disguised as permission requests to update your browser, or telling you you must download the latest version of the software to run a feature on the page.

Clicking any button on these notifications (including the decline button) gives the attackers authority to run code on your machine.

To dodge these threats, if you’re prompted to update your software, manually go to that software provider’s website and look for an update. Don’t every click on any buttons on the pop ups; either close the tab or window completely, or re-load the page after you’ve installed through the official website.

Being vigilant is the only way to prevent these attacks from happening. Think before you click is the best advice we can give you.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.