The Financial Services Information Sharing and Analysis Center (FS-ISAC) unveiled its new initiative, Stop the Scams: A Phishing Prevention Framework for Financial Services, aimed at empowering financial institutions to combat the escalating threat of phishing attacks. These scams, which exploit trusted sources like banks to steal sensitive information, have become the most prevalent form of cybercrime globally, posing significant risks to both consumers and financial firms.
Recognising the urgency of the situation, FS-ISAC's Fraud Security Working Group collaborated with leading industry members to create this comprehensive framework. Linda Betz, Executive Vice President of Global Community Engagement at FS-ISAC, highlighted the importance of collective efforts, stating, “Phishing has become a global epidemic affecting millions, yet by working together, financial firms can develop highly effective defences.”
The Stop the Scams framework outlines four crucial actions that firms can implement to enhance their phishing prevention strategies:
- Collect and Share Intelligence: Financial institutions are encouraged to gather actionable intelligence from their customers and share it across departments.
- Educate Employees and Customers: Developing educational programmes can significantly raise awareness about phishing tactics among both staff and clients.
- Catalog Communication Channels: Maintaining a detailed catalogue of legitimate communication channels used by the institution helps prevent spoofing.
- Leverage Anti-Phishing Technology: Collaborating with telecommunications providers to deploy advanced anti-phishing solutions is essential.
The framework has already shown promising results, with three major US banks reporting a reduction in text abuse incidents by over 50% shortly after its implementation. Susan Koski, chief information security officer at PNC, noted, “The actions in the Stop the Scams framework have been instrumental in significantly reducing phishing incidents and strengthening protections for our clients.”
To further enhance the framework's impact, FS-ISAC recommends two best practices: establishing a structured reporting intake process to streamline the collection of actionable intelligence and creating an “abuse inbox” to facilitate consumer reporting of phishing attempts.
As phishing threats continue to evolve, the Stop the Scams framework serves as a vital resource for financial firms seeking to protect themselves and their customers from the damaging effects of cybercrime.