FS-ISAC, the member-driven, not-for-profit organisation that advances cybersecurity and resilience in the global financial system, has published Stop the Scams: A Phishing Prevention Framework for Financial Services.
This comprehensive framework aims to help financial firms counter a surge in phishing attacks, the most reported type of cybercrime worldwide. With phishing scams increasingly impacting both firms and consumers, Stop the Scams offers critical, actionable steps to help firms safeguard themselves and their customers against the financial and reputational harm caused by phishing.
Phishing scams typically involve fraudsters using email, text messages, or phone calls that mimic trusted sources, such as banks or financial firms, to steal personal and financial information. Victims of these scams may face significant financial loss, while their financial service providers may bear responsibility for reimbursing or supporting them. Recognising the need for a cohesive solution designed to help financial firms of all sizes and maturity levels reduce phishing reports, FS-ISAC’s Fraud Strategy Working Group collaborated with leading member firms to develop Stop the Scams.
The steps in the Framework have already delivered impressive results, with three major US banks reporting a reduction in text abuse incidents by over 50% shortly after implementation. The core approach consists of four essential actions:
• Collect and Share Intelligence: Gather actionable intelligence from consumers and disseminate it across relevant departments.
• Educate Employees and Customers: Develop education programs to heighten awareness of phishing tactics among both employees and customers.
• Catalog Communication Channels: Maintain a catalogue of telephone numbers used by the institution and third-party partners to prevent spoofing.
• Leverage Anti-Phishing Technology: Collaborate with telecommunications providers to deploy anti-phishing solutions.
Linda Betz, Executive Vice President of Global Community Engagement at FS-ISAC, emphasised the significance of collective action, stating, “Phishing has become a global epidemic affecting millions, yet by working together, financial firms can develop highly effective defences. Our Stop the Scams framework provides a strategic roadmap, supporting firms in fighting phishing through shared knowledge and coordinated intelligence that can shift the balance against cybercriminals.”
To further maximise the Framework’s effectiveness, FS-ISAC recommends two best practices:
• Establish a Structured Reporting Intake Process: Design a fraud and phishing intake process with clear, concise questions to gather actionable intelligence while minimising the burden on consumers.
• Build an Abuse Inbox for Reporting: Set up an “abuse box” infrastructure, enabling consumers to report phishing attempts. This approach allows financial services firms to gather timely threat insights, benefiting both internal teams and the broader financial sector.
“The actions in the Stop the Scams framework have been instrumental in significantly reducing phishing incidents and strengthening protections for our clients amid the fast-changing threat landscape and rapidly evolving technologies such as generative AI,” said Susan Koski, Chief Information Security Officer at PNC. “We hope that sharing these steps in a comprehensive framework will be a transformative step forward in the industry’s battle against these attacks.”