While it seems phishing attacks have been around since sliced bread and everybody knows how to avoid them, the sad reality shows that it’s far from the truth. According to Verizon Data Breach Investigation Report from 2021, 96% of phishing attacks come in by email, 3% via phone calls, and 1% via SMS. More importantly, 65% of all successful phishing attacks were delivered by spearfishing or whaling. As a result, fraudsters were able to access sensitive data — like bank account details, payment data, or account credentials.
What does it mean? It means that every business should closely observe the behavior of their customers to timely detect and prevent account takeover attempts. After all, even if your customer was deceived into disclosing their sensitive data, you still bear full responsibility for any malevolent activity that will occur at this account.
Covery, an enterprise-grade online fraud prevention tool, has in-depth experience in dealing with phishing. This article briefly covers the main types of phishing attacks and the way Covery anti-fraud system can help with their detection and timely fraud prevention.
What phishing attacks are there?
Phishing is a well-known type of online fraud, where scammers try to lure victims into uncovering some valuable data — bank account details, email address credentials, SSN, you name it. Due to similarities with real fishing, the process of throwing vast amounts of lure and trying to catch an inattentive victim is called phishing.
The most common example is an email or call that comes seemingly from your bank with a request to prove ownership of your account, as due to some botched database update they now have to verify their customers manually. This email or SMS will contain a link, by following which a victim will get to a phony bank website, where they will have to enter their account details. After that, they will be redirected to a real bank page, where they will be able to successfully login into their real accounts — and will consider the incident sorted. As you understand, the fraudsters will get the victim’s bank details as a result.
Such emails or SMS can have titles that require immediate action, like
- URGENT! Your account has been suspended
- Attention! Your Amazon Prime subscription is void unless validated
- Important! Please finish your account registration
- etc.
The key features here are the perceived importance of urgent action, with request coming from a trustworthy source.
There also are calls from “your bank’s customer service” (voice phishing or vishing) or SMS messages (smishing). All of these are essentially one and the same, though emails lead in popularity.
Other two important types of phishing attacks are spearphishing (phony emails that seem to come from a trusted source — like your manager inside your company, or government agency, etc.) and whaling (attacks aimed at important figures, like company CEOs. bank directors, etc.)
You’d be surprised if you knew how many people use “123456” or their birthdate as their passwords for each and every account they own… As a result, by gaining even a single set of credentials, fraudsters can breach the whole database of online profiles — banking accounts, social networks, online service subscriptions, etc.
How can a business prevent this online fraud then?
What are the ways to prevent phishing?
Unfortunately, there are no ways to ensure your customers don’t become victims of phishing attacks. However, any business is required to protect the security of their customers’ data.
To make this possible, you need an anti-fraud system like Covery, which is capable of monitoring user conduct in real-time due to features like device fingerprinting, Trustchain, and behavioral analysis. Here is how it works.
Device fingerprinting is a digital intelligence technology that keeps track of every device interacting with your platform. It builds digital profiles of such devices and tracks their behavior.
For example, it can provide a log of activity of a user named Peter Brownson, who lives in Austin, Texas, and logs in to your platform Monday through Friday at 9 in the evening to spend about half an hour browsing and finally pay about $150. He does it from his laptop/mobile with a specific set of OS, browser version, hardware and software identifiers, from a specific IP address, etc.
Now let’s say that this same set of credentials is used to log in in the wake of night, from Nicaragua and the user immediately tries to reset the password or transfer money/bonuses to another account or bank card. Obviously, an account takeover is in progress — and Covery denies access to this account, while also trying to reach the owner by other means — via email or SMS or by calling the number on file — to perform authorization. This helps keep your customers’ accounts safe and eases the postmortem recovery, while also ensuring a positive customer experience.
Trustchain is another fraud prevention tool from Covery, which tracks more than 13 identifiers of every active session. By combining this data with device fingerprints, Trustchain allows to identify every user — and immediately flags any device markers that were previously used in any online fraud schemes.
You can check against a database of more than 500 million records, which is continuously updated by all members of Covery community. This way you will learn, for example, that this person is a regular at several online casinos and has credit accounts opened in several banks. If you are a eCommerce business, this information might not seem too important, but for a microfinance company this can be essential.
Behavioral analysis is based on Trustchain and device fingerprinting results. This feature helps track normal activity patterns of every user and alert you if something goes awry — like the account takeover attempt we described earlier. It can be combined with predefined risk logic scenarios to enable adequate autoamted response to any situation.
Covery comes with 15 such scenarios addressing the basic needs of 23 industries, not to mention a flexible risk logic rule engine. Every Covery customer can build any number of scripts and scenarios that uniquely suit their needs and ensure automated handling of potentially fraudulent cases.
Conclusion
Phishing is an ever-present threat, and fighting it is an effort-consuming work. Covery can provide the tools for automating a huge bulk of work for this task. Of course, this should be combined with informational strategy, to ensure your customers are aware of possible fraud and won’t fall for it.
But it’s better to deploy Covery just in case — to assure you will not follow in the footsteps of many companies who lost their client databases to account takeovers and otehr security breaches.
Besides, this is merely one facet of a much bigger picture. Covery can help your company in a wide variety of ways — from KYC/AML checks automation to ongoing transaction monitoring and chargeback management. Want to know more? Order a free demo and see for yourself!
FAQ
How can you prevent phishing attacks?
As a business, your best bet would be to use anti-virus software on your email server and to deploy an anti-fraud system to prevent account takeovers.
What are ways to prevent phishing?
The best ways are to periodically inform your customers of potential phishing dangers and timely freeze the accounts where the suspicious activity takes place, to prevent malevolent takeovers resulting from phishing attacks.