Email security, Vulnerability Management, Threat Management

How financial institutions can mitigate business email compromise risks

A woman with brightly colored fingernail polish uses a smartphone
A visitor tries out a smartphone at a consumer electronics and appliances trade fair. (Photo by Sean Gallup/Getty Images)

As financial institutions have become a greater target for cybercriminals, business email compromise (BEC) has become a more significant issue for banks, investment firms and other financial firms.

According to the FBI, BEC cost $43 billion globally between June 2016 and December 2021. BEC and phishing attacks have targeted funds by exploiting social engineering tactics to have victims initiate bank transfers to cybercriminals. In an FBI public service announcement, the organization shared that the Internet Crime Complaint Center (IC3) has viewed an uptick in BEC complaints involving cryptocurrency.

The banking industry made up 11% of targets for phishing attacks in 2021, and other financial sector players remained top targets as well, with e-commerce making up 17% of phishing targets.

“As business email compromise and socially engineered attacks proliferate,” said DJ Sampath, CEO Armorblox, “the financial industry is faced with a set of challenges that make them uniquely vulnerable to these kinds of advanced threats.”

Sampath offered this guidance to financial institutions and financial technology companies looking to mitigate BEC risk:

  1. Email communications frequently exchange information about invoices and requests for wire transfers. Knowing this, attackers target employees at financial firms with attacks that spoof these commonly known business workflows.
  2. With a large focus on customer satisfaction, employees at financial firms are naturally inclined to respond fast to questions and inquiries. This makes them vulnerable to complying with socially engineered email attacks that use language as the main attack vector — we see this with VIP impersonation and recon email attacks.
  3. Financial firms have access to sensitive information about high-net-worth individuals, making them at the receiving end of a high volume of account compromise attempts. Even when an organization might have a strong email security defense, attackers can still compromise them through vendors, suppliers, distributors, or other entities that they work with.

Related

US automaker subjected to FIN7 attack

BlackBerry researchers disclosed that a major U.S.-based multinational automaker had been targeted by the FIN7 hacking group in a spear-phishing attack late last year that sought to facilitate systems compromise with the Anunak malware, BleepingComputer reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.