Fraudsters are using new online security checks to trick banking customers into handing over their financial details and personal data.
Banks, card providers and retailers across the EU are currently in the process of emailing customers asking them to provide up to date contact information, as part of new checks for online card payments known as strong customer authentication (SCA).
Criminals keen to take advantage of this flurry of online activity have been imitating the emails being sent out by banks in the hope of snaring unsuspecting victims.
Consumer group Which? warned that attackers are imitating emails from Santander, HSBC and Royal Bank of Scotland.
The emails state that if the recipient fails to confirm their details then their bank account will be suspended. To update their details, they are encouraged to click on a link included within the email.
If the user clicks on the link, they will be directed to a fake site set up to harvest their banking details. Which? believes we will see more of these scams over the next 18 months during the phased implementation of SCA.
Image: Example of a phishing email (Source: Which?)
What is SCA?
As part of the EU Payments Services Directive (PSD2), additional security measures are being introduced for any online transactions over 30 euros.
Customers will need to provide two of three possible methods to confirm their identity. This could be a one-time passcode, a unique password or biometric data such as a fingerprint, facial recognition or voice recognition.
PSD2 Strong Customer Authentication will come into effect from September 14, 2019. However, the Financial Conduct Authority has delayed enforcement of the new regulation by 18 months, giving businesses more time to comply with the new system.
Unfortunately, this will also give attackers more time to launch their phishing scams in the hope of tricking more victims.
How to spot a phishing email
Despite the increasing sophistication of these emails, there are often lots of subtle signs that can alert you to the presence of a phishing email.
Metaphish provides a robust defence against phishing attacks by training employees how to identify and respond appropriately to these threats. Get in touch for further information on how we can help protect your business.