The Financial Services Information Sharing and Analysis Center this week published a framework of recommended best practices to help financial services institutions counter phishing attacks. The report — “Stop the scams: A phishing prevention framework for financial services” — lists strategies to counter phishing, noting that three U.S. banks reported a 50% reduction in text abuse scams after implementing its recommendations.
According to an FS-ISAC summary, the framework’s recommendations fall into four broad categories: collecting intelligence from consumers and sharing it among a firm’s departments, employees and customer education; maintaining a catalog of telephone numbers used by the institution and third-party partners to prevent spoofing; and collaborating with telecommunications providers to deploy anti-phishing solutions.
The framework also recommends that institutions implement two best practices. First, institutions should design a fraud and phishing intake process with clear, concise questions to gather actionable intelligence while minimizing the burden on consumers. Second, they should set up an “abuse box” infrastructure, enabling consumers to report phishing attempts.
In related news, the American Bankers Association’s media campaign — #BanksNeverAskThat — provides banks with free resources to educate customers about phishing threats.