Skip to main content

Internet Security: Phishing Attacks

Kevin Origoni
Feb 20, 2014

Question: Recently, our firm came under a “phishing attack.” Our IT people fixed the problem, but we really don’t know what happens in a phishing attack. Can you explain it in layman’s terms? Also, How can we prevent this kind of cyber attack? Answer: Phishing is the act of attempting to acquire information such as usernames, passwords,and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Today's spear-phishing attacks are highly targeted, technically sophisticated, and represent a real threat to data security. Attackers can leverage information gleaned from social media to tailor messaging to individual targets, and can convincingly imitate legitimate senders. A successful attack compromises the target's device with malware and can be used by a criminal to gain access to the entire network - often with serious financial repercussions for the business. It’s apparent that residential mortgage lenders and originators have non-public personal information at their fingertips and it would be disastrous to have that information in the wrong hands.  How can you prevent phishing attacks on your computer? You can start by avoiding and not opening emails that contain subject lines that read: 1) Invitation to connect on LinkedIn  2) Mail delivery failed: returning message to sender 3) Dear (insert bank name here) Customer 4) Important Communication 5) Undelivered Mail Returned to Sender In sophisticated and large infrastructure environments, there is technology like firewalls and web-blockers in place that can prevent certain emails from filtering through to you, the user. Certainly, your organization should implement an Information Security Plan. This is an extensive document that ensures regulatory compliance and contains practical, preventive steps to warding off a cyber attack. However, in smaller, less-sophisticated environments, or even at your home network, you should be cognizant that your personal computer is the gateway to information that someone else may want. It’s imperative that you keep your PC’s anti-virus updated, and avoid suspicious emails that invite you to click on a hyperlink. Kevin Origoni is director/IT and Internet security for Long Beach, N.Y.-based Lenders Compliance Group.
Published
Feb 20, 2014
Fannie Mae Plans To Restart Credit Risk Transfers In 2021

Paused Since March 2020, New CRT Transactions To Begin In October

Regulation and Compliance
Sep 21, 2021
Biden Nominates McCargo To Lead Ginnie Mae

Currently Serves As Senior Advisor For Housing Finance At HUD

Regulation and Compliance
Sep 14, 2021
OCC Plans To Rescind 2020 CRA Rule

The OCC formally issued a proposal to rescind a controversial rule within the Community Reinvestment Act (CRA) that was published in June 2020.

Regulation and Compliance
Sep 10, 2021
CSBS Changes Servicer Liquidity Policy

CSBS And MBA Encourage States To Adopt Consistently

Regulation and Compliance
Sep 08, 2021
Flexibilities Move Forward

Pandemic Priorities Continue To Drive Industry Modernization

Regulation and Compliance
Sep 08, 2021
FHFA And The Enterprises Coordinate Action On Equitable Housing

Today the FHFA is announcing that Fannie Mae and Freddie Mac (the Enterprises) will submit Equitable Housing Finance Plans to the FHFA by the end of 2021.

Regulation and Compliance
Sep 08, 2021