NBT PROVIDES INSIGHT INTO PHISHING ATTEMPTS

By Terra Carnrike-Granata, Senior Vice President and Director of Information Security

October is National Cybersecurity Awareness Month, a collective effort between the government and industry to educate Americans on cybersecurity and ensure they have resources to be safe online. NBT Bank is taking the opportunity to educate the community on protecting themselves from an increasing number of phishing attempts.

Phishing is the fraudulent use of email to attempt to gather personal information, such as user names, passwords and bank account numbers. Those who are targeted receive an email that looks like it came from a company—like a financial institution—that may include a company heading, logo or email signature. However, usually upon close investigation, the email address is not from the financial institution. Consumers may also notice typos and grammatical mistakes or formatting that doesn’t match with previous emails from the same company.

Typically, these fraudulent emails ask the receiver to provide personal information, such as login credentials or a social security number. A legitimate message from a financial institution would never make this type of request!

But here’s the scariest part: The majority of consumers use the same user name and password for all of their online accounts. So, if a phishing scam obtains your login credentials for one site, they will likely be able to access many more of your accounts.

This is why it is critically important to use different credentials for different sites—such as social media, personal email, bank accounts, and work accounts. We need to:

• Update passwords often,
• Use multi-factor authentication whenever possible,
• And never use the same password for all of your accounts—especially for banking.

Your banking credentials should always be unique from any other online account.

Phishing is prevalent and on the rise. One in ten URLs are malicious, and the finance/insurance/real estate industry has the second-highest phishing rate, according to the 2019 Symantec Internet Security Threat Report.Eighty-three percent of businesses reported being a victim of a phishing attack in 2018, according to Proofpoint’s State of the Phish Report. And last year, end-users reported 5.5 million suspicious emails, a 180% increase year-over-year.

Banks invest in technology and people to protect against phishing and other types of fraud, but it’s important for consumers to be educated and vigilant as well. We recommend the following tips:

• Never share your personal information online with someone you don’t know.
• Do not click on any links or attachments in emails that you do not recognize.
• Delete any suspicious emails that you received.
• Check the company’s website for more information on fraud attempts and prevention (i.e. nbtbank.com/fraud)