If you didn’t know, October is Cybersecurity Awareness Month in the US. This year’s theme is “Do Your Part. #BeCyberSmart.” The goal is to encourage organizations and employees to take ownership of protecting their part of cyberspace, stressing accountability and proactive actions that enhance security.
In the payments and point of sale world, PCI DSS and related standards create a framework that, when followed, do an admirable job of protecting merchants from cyber criminals. Unfortunately, even the most robust security measures can be thwarted by one employee clicking on an email link they shouldn’t. These cyber criminals have caught on to this effective attack vector, known as phishing. Recognizing that phishing has become a serious threat, we wanted to share some details regarding these attacks as well as actions you and your customers can take.
Phishing is an attack whereby a bad actor sends emails or messages that look authentic to the user(s) receiving it. The message typically plays on a sense of urgency (e.g. subject lines like "URGENT: Billing Information Audit") and appears to be from a trusted source.
The real goal of the email is to gain access to IT assets or to steal information. Common motives of phishing attacks include:
- Conducting financial crimes, such as convincing someone to wire transfer money
- Gaining access to accounts (such as email, company, or gateway accounts)
- Accessing and stealing emails (also called email harvesting) to use for other advanced phishing campaigns on parties that may trust you.
Identifying phishing attacks
While phishing tactics continue to evolve, here are some common indicators:
- Displayed Name vs. Sender/Reply-to email address
Always look at the full email address of the sender in addition to its displayed name. The displayed name can be easily changed by attackers to show whatever they desire, so ensure that the return/reply-to email address and display names match what you expect
- Encrypted file with a password in body
Extra scrutiny should be placed on any email that includes an unsolicited attachment, especially if the file is encrypted or hidden within compression (i.e., .ZIP files) and there is a password included in the email body. Encrypting attachments is a common way to bypass email anti-virus scanners
- Double-check any links
Before clicking any links, make sure to hover mouse over the link until the full address is shown. Check that the domain of the link is owned by someone that is expected
Thwarting phishing attacks
From an outsider’s perspective, phishing appears to be a threat that’s no threat at all. Aren’t phishing emails obvious? Won’t employees and customers be wise enough to identify these threats? Unfortunately, phishing has gained popularity among criminals because it works. Therefore, it’s good to share this information and help raise awareness among email users. If you suspect something is off about an email:
- Make the safe choice and check its authenticity.
- Don’t open any attachments or click any links. Instead, visit the authoritative website you know that is attached to that requested process.
- Contact the sender by an alternative method. Reach out to the sender using an existing contact method. If they included a contact phone number in the email, don’t trust it until you can independently verify the number.
- Report the email in accordance with internal security policies. Security professionals can investigate the email contents more closely.
Turn on Two-Factor Authentication
Despite your best efforts and earnest attempts at following best practices by your users, criminals are relentless and, frankly, talented at getting access to credentials. In these instances, you can strengthen security by adding another step to the authentication process. Called multi-factor authentication (MFA) or two-factor authentication (2FA), the security strategy adds the need for an additional piece of information (or token) beyond a username and password. In the event a password and username are stolen, the 2FA token, which is randomly generated and changed frequently, will protect the account from being accessed.
Many IT solutions and software include the option for 2FA/MFA, but it’s not always enabled by default. 2FA is an available security feature on all NMI accounts. If you have any questions or require assistance implementing 2FA, please contact NMI Gateway Support.
Security isn’t a destination, but rather a perpetual journal. Following these best practices is just one aspect of a holistic security strategy that must be followed strictly. While Cybersecurity Awareness Month lasts only 31 days, the task of securing IT assets and information never ends.
Fill out the form below and we will get in touch with you shortly
The Generational Shift in Consumer Shopping Behaviors
With every generation, consumer behaviors change. Gen Z (ages 18-24) and Zillennial (25-26) shoppers grew up online. Many don’t remember a tim...Learn More
An Introduction to Payment Terms and Concepts
The payments space has a language all of its own. Who are acquirers? What’s a payment terminal? What about a PayFac? Whether you’re a new busi...Learn More
How NMI is Making 2023 the Best Year Yet for Our Partners
The payments industry has changed dramatically over the past several years. In 2020, consumer expectations shifted, and we saw a sudden rise i...Learn More
What You Need to Know About Buy Now, Pay Later Legislation
What if you could finance and pay for a purchase over time without a credit check or signing up for a personal loan? Buy Now, Pay Later (BNPL)...Learn More
4 Steps to Make Your ISO Business More Profitable in 2023
As headlines warn of a potential recession, consumers are tightening their belts in preparation for a challenging year. While so much negative...Learn More
NMI Achieves Milestone Year in 2022 With Industry Recognition, Acquisitions and New Partnerships
Through acquisitions and continued platform investments, the company will continue to support partners from sign-up to pay-out across the comm...Learn More
The Evolution of Public Parking Payments
Parking payment solutions have evolved significantly since their inception. The first parking meters were installed in Oklahoma City in 1935 (...Learn More
The State of Public Transportation in the United States, the United Kingdom and Europe
'A developed country is not a place where the poor have cars. It's where the rich use public transportation.' - Gustavo Petro Public transpor...Learn More
Adding Value to Payment Solutions: 3 Ways to Generate More Revenue
Generating more revenue can be tricky - especially as consumers and businesses tighten their belts and cut back on spending. Should you add mo...Learn More
New NMI Report Finds Convenience and Speed Drive Consumers’ Eagerness to Try New Payments Innovations
SCHAUMBURG, IL – JANUARY 17, 2023 – NMI, a leading full commerce enablement technology company, today released its inaugural Payments Innovati...Learn More