It’s impossible to think of a field that doesn’t need to worry about protecting against phishing attacks. Still, the financial sector must consider a few unique concerns due to the assets it holds and the nature of services provided to customers. Here are the main issues worth keeping in mind.
Why Finance Is on Phishing Attackers’ Minds
Financial assets are a focal point for cybercriminals, and phishing attacks often target related information such as banking login credentials, PIN codes, credit card and account numbers, and more. In 2021, credential theft was considered the most coveted piece of information, and the recent shift to online services offers cybercriminals more ways to obtain them. Cybercriminals are focused on this information because it opens the door to many other data types and assets, by enabling overall identity proof and theft.
Executives in the finance industry are a particular target for cybercriminals. These attacks, referred to as whaling attacks, aim to gain access to data or sensitive information through higher level managers. Whaling attacks target the financial industry 300 times more often than any other industry, as with only one successful attack cybercriminals can gain millions.
To learn more about whaling attacks in the finance industry download our eBook.
What enables cybercriminals to reach financial service providers?
- People trust banks with their information: Research found that customers trust the financial sector and banks in particular more than any other industry that processes their personal data. While almost 70% still worry about identity theft in general, the financial sector enjoys more access to data thanks to that increased trust. Customers expect banks to keep their data secure and assume that serious measures are taken in order to do so. As a result, when banks ask their customers to provide personal information, audiences are likely to supply the requested access to data. Cybercriminals are well aware of this behavior and exploit any vulnerability they find.
- Financial institutions struggle to balance trust and awareness: On the one hand, financial service providers want their customers to stay aware and alert to avoid online scams. On the other hand, they don’t want to damage the high level of trust we’ve mentioned, leading customers to think twice before offering their consent to data access requests. Banks and other financial institutions struggle to find the balance between these two conflicting desires, and the result is that not enough is done to warn users and protect them.
- Many financial companies are unprepared to deal with client-side threats: Banks fight external threats that target their servers and employees but fail to protect actions taken by the users themselves. For example, a keylogger script on a bank's website might capture users’ personal data. This has a lot to do with the previous issue we mentioned - banks should raise users’ awareness of these dangers, but sometimes refrain from doing so.
The Price of Finance Phishing: Understanding the Consequences
- Stolen assets: Cybercriminals often use customers’ personal details to commit identity theft and access bank accounts. After all, just one successful attack could cost a company significant revenue losses. In the U.S. alone, identity fraud losses reached a total of $56 billion in 2020.
- Individuals become the main target: Instead of targeting financial institutions, which may have advanced security systems in place, cybercriminals find it easier to go after the C-level executives. Whaling techniques are valued at $26 billion per year, and cybercriminals have a shocking 20% success rate against even the most advanced security systems.
- The viral effect: When cybercriminals find their way to users’ data, they utilize it to unlock other accounts and obtain further information. Using social media to breach the company through its employees makes use of highly effective social engineering techniques. This could also involve impersonating a company to obtain sensitive information through phishing techniques, thereby causing damage to the company’s reputation.
- CISO’s greatest concern: CISOs naturally want to ensure they are aware of any cyber issues that put the company and its customers at risk. With advanced phishing techniques and cybercriminals being so persistent, they can more and more easily attack both employees and customers, which not only damages the company’s reputation, but potentially puts sensitive data into the wrong hands. CISO’s want to stay ahead of this risk at all times. CISO’s are concerned with the threat of phishing attacks that are not caught in time - the last thing they need is to find out about an incident through employees, customers or in the more severe cases, through a ransom demand.
In the first half of 2021, compared to the same period last year, the number of web application incidents in the financial industry increased 38%. Since the pandemic, the overall level of digital literacy has improved, therefore we can expect these numbers to grow further if nothing is done. But there’s a lot we can do about it. Anti-phishing solutions require more than multi-factor authentication, as cybercriminals have become far more sophisticated, however protecting businesses and users against phishing attacks is within reach.
Financial businesses should embrace advanced anti-phishing technology solutions to keep customers’ data safe. Comprehensive phishing takedown services can prevent attacks and minimize damages, giving customers a reason to continue trusting their bank. Interested in learning more?
