Virtual Cyber & Technology Risk Management Forum

How .BANK Addresses Domain Security

7

 .BANK’s Verification Process ensures there are no bad actors in the .BANK space  .BANK’s monitored Email Authentication requirement ensures that bad actors can’t spoof your domain from a non .BANK domain  “.BANK” at the end of a domain provides immediate authentication, validating the email(s) and website(s) are legitimate  fTLD requires 2-factor authentication to modify domain information  fTLD requires DNSSEC  fTLD verifies domain contact information at least annually  fTLD monitors domains that are at risk of being non-renewed  fTLD enables ‘role name’ and ‘role email addresses’ to protect privacy in Whois  fTLD provides Registry Lock through registrars  fTLD has placed both .BANK & .INSURANCE on the HSTS preload list ensuring all .BANK sites load exclusively with HTTPS

COVID-19 Scams Benefit From

8

 COVID thematic subject lines for phishing related to ‘PPP loans’, ‘U.S. Government Stimulus Payments’, ‘Mainstreet Lending Program’, ‘Small Business Loans’, ‘Relief Funds’ and other personal/business financial needs  Remote workers that aren’t necessarily practicing the same level of cybersecurity hygiene  Email communication replacing face-to-face communication that occurs in offices  Significantly higher volume of customer email with greater urgency as customers do genuinely need help  Executives , and other employees not accustomed to answering customer emails ‘ pitching in ’  Customer anxiety around business & personal finances