Stop the Scams: FS-ISAC’s New Phishing Prevention Framework Helps Financial Sector Counter Surge in Scams

Guidance by FS-ISAC’s Fraud Security Working Group equips financial firms with key strategies for reducing fraud and protecting consumers   

Reston, VA, US, November 19, 2024 – FS-ISAC, the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, today has introduced Stop the Scams: A Phishing Prevention Framework for Financial Services. This comprehensive framework aims to help financial services firms counter a surge in phishing attacks, the most reported type of cybercrime worldwide. With phishing scams increasingly impacting both firms and consumers, Stop the Scams offers critical, actionable steps to help firms safeguard themselves and their customers against the financial and reputational harm caused by phishing. 

Phishing scams typically involve fraudsters using email, text messages, or phone calls that mimic trusted sources, such as banks or financial firms, to steal personal and financial information. Victims of these scams may face significant financial loss, while their financial service providers may bear responsibility for reimbursing or supporting them. Recognizing the need for a cohesive solution designed to help financial firms of all sizes and maturity levels reduce phishing reports, FS-ISAC’s Fraud Strategy Working Group collaborated with leading member firms to develop Stop the Scams.

The Framework has already delivered impressive results, with three major US banks  reporting a reduction in text abuse incidents by over 50% shortly after implementation. The core approach consists of four essential actions:

  • Collect and Share Intelligence: Gather actionable intelligence from consumers and disseminate it across relevant departments.
  • Educate Employees and Customers: Develop education programs to heighten awareness of phishing tactics among both employees and customers.
  • Catalog Communication Channels: Maintain a catalog of telephone numbers used by the institution and third-party partners to prevent spoofing.
  • Leverage Anti-Phishing Technology: Collaborate with telecommunications providers to deploy anti-phishing solutions.

Linda Betz, Executive Vice President of Global Community Engagement at FS-ISAC, emphasized the significance of collective action, stating, “Phishing has become a global epidemic affecting millions, yet by working together, financial firms can develop highly effective defenses. Our Stop the Scams framework provides a strategic roadmap, supporting firms in fighting phishing through shared knowledge and coordinated intelligence that can shift the balance against cybercriminals.”

To further maximize the Framework’s effectiveness, FS-ISAC recommends two best practices:

  • Establish a Structured Reporting Intake Process: Design a fraud and phishing intake process with clear, concise questions to gather actionable intelligence while minimizing the burden on consumers.
  • Build an Abuse Inbox for Reporting: Set up an “abuse box” infrastructure, enabling consumers to report phishing attempts. This approach allows financial services firms to gather timely threat insights, benefiting both internal teams and the broader financial sector.

“The actions in the Stop the Scams framework provide concrete steps for helping to reduce phishing incidents and strengthen protections amid the fast-changing threat landscape and rapidly evolving technologies such as generative AI,” said Susan Koski, Chief Information Security Officer at PNC.  “We hope that this comprehensive framework will advance the industry’s battle against these attacks.”  

Stop the Scams: A Phishing Prevention Framework for Financial Services is available for download here

About FS-ISAC

FS-ISAC is the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, protecting the financial institutions and the people they serve. Founded in 1999, the organization’s real-time information-sharing network amplifies the intelligence, knowledge, and practices of its members for the financial sector’s collective security and defenses. Member financial firms represent $100 trillion in assets in 75 countries.

Contacts for Media
media@fsisac.com

                                                                                                   +++