BankOnIT Insights

Information Security Brief - April 2025

Written by BankOnIT Insights Department | Apr 10, 2025 4:23:54 PM

Here Are Some Simple Tips To Avoid Phishing Attempts

This is important: If you receive a malicious email, it is very likely to come from someone you know, like or trust.

Cyber attackers are constantly looking for ways to access financial institutions and the biggest most popular entry point is through email. Cyber attackers are targeting the email accounts of people you know, like or trust at entities such as trade associations, vendors, auditors and regulators. Taking over an email account of an individual at one of these entities allows the attacker to send malicious emails that are actually from the email account of the individual’s account that has been breached, but it is not the person you know sending it - it’s the cyber attacker.

Don’t Take the Bait. Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.

1. Recognize

Look for these common signs:

  • Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
  • Requests to send personal and financial information
  • Untrusted shortened URLs
  • Incorrect email addresses or links, like amazan (purposefully misspelt links are often sent by cyber attackers maliciously)
  • A common sign used to be poor grammar or misspellings although in the era of artificial intelligence (AI) some emails will now have perfect grammar and spelling, so look out for the other signs.
2. Resist
  • If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish to protect yourself and others.

3. Delete

  • Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.

PS – Many organizations have suffered from email breaches, and regulatory agencies are not immune. Read more from the OCC here: https://www.occ.gov/news-issuances/news-releases/2025/nr-occ-2025-30.html
View full post