As financial institutions continue to engage with customers digitally, they must equip themselves to handle the sophistication and scale of threats they will encounter. ZeroFox’s 2019 Threat Report entitled Financial Services Digital Threat Report | 2019 reported a 56% annual increase in digital threat activity targeting the financial services sector. While digital platforms have proven essential for financial organizations that engage customers through online portals, social media support, and mobile apps, criminals also exploit this no-cost social landscape, with its low technical barriers, ease of target acquisition and payload delivery, and broad access to potential victims that these platforms provide. Through impersonation and fraud, attackers gain access to financial customers, their information and their money, and leave FinServ institutions with damaged reputations, liabilities, and monetary losses in their wake.
The report enumerated substantial risks both Financial Services (FinServ) organizations and their customers face when interacting digitally:
- Financial Services Digital Threat Activity Grew 56% Year over Year
Across ZeroFox’s customer ecosystem, the financial services industry is in the top 3 most targeted industries for digital attacks. Further, FinServ security events increased 56% from the previous year, and takedowns (e.g., the removal of spurious content from social media posts and threads or removal of imposter domains and accounts) increased 188% year over year.
- Brands Incur Abuse and Manipulation Activity on Average 2-3 Times Daily
This category of attack activity was the most popular, generating over 250,000 detected events. While 90% of these events were name impersonations, many are not easily detected due to advanced disguising techniques attackers utilize.
- System and Information Exploitation Grew 26% within the Past Year
Attackers are increasingly adept at compromising systems, and social media has increasingly become the conduit. They also blatantly market their heists both publicly and privately, across all digital channels. Malicious domains top the list of attack techniques at 57% share, with another 18% coming from information disclosures found on paste sites, most of which are accessible to the public.
- FinServ Organizations Endure almost 3 Takeover Attempts per Month
Corporate social media account takeover attempts occur nearly 30 times per year on average for every institution (nearly 3 per month). Additionally, on average 4 credential compromises (of which 2.3 originate from breach databases) occur per executive annually, which often lead to takeover or impersonation. Each FinServ organization has on average 30 targeted executives.
- 75% of Financial Fraud and Scams Occur on Mobile Apps and Social Media
Fraud accounted for 40% of all digital attack activity against financial services organizations and their customers. In total, there were over 87,900 unique financial fraud scams observed. Of these, 37% were money-flipping scams, 28% were customer giveaway/coupon scams, and 27% were crypto-currency related scams. Rogue Mobile Apps accounted for a portion as well – there were 489 fake mobile app incidents identified during the period.
The report analysis conducted by ZeroFox Alpha Team researchers was based on comprehensive threat data collected across ZeroFox’s ecosystem of financial services customers, including banks, brokerages, cryptocurrency exchanges, credit unions, credit reporting agencies, insurance providers, and investment firms. Spanning a 12 month period, 2.9 billion pieces of content were analyzed which led ZeroFox to detect over 8.9 million security events and conduct over 98,000 takedowns.
A Contested Digital Landscape
In the modern digital world, financial services organizations must realize that their customers operate in a contested environment and that cybercriminals are the same ‘distance’ to customers as the financial institutions themselves. The overlapping common ground is where attacks occur. While customers engage on digital platforms, cybercriminals flock to both the surface and dark web, messaging groups, and even social media to market their portfolios of tools, including attack infrastructure and malware, and to dump data, sell stolen financial information, and network with other criminals. Closed dark web forums provide an outlet for attack planning and monetization – in the form of selling information and hacking-as-a-service capabilities. Threat actors use social media to connect and collaborate with each other, just like the rest of us. Criminal groups on social media platforms allow actors to network, promote their services, and even boast about previous attacks. Domains and the email addresses derived from them are used as staging grounds to host a web or mail server in order to impersonate legitimate brands to conduct attacks.
The High Cost of Digital Fraud
Financial institutions almost always fully bare the costs of liability, account replenishment, and goodwill reestablishment after a successful fraud campaign – which often far exceed the actual dollar value from account losses due to the scam itself. Industry estimates place this cost at $3.92M per breach in 2019. Data breach regulatory fines have increased as well, with many regulatory bodies such as the Federal Trade Commission (US), Financial Conduct Authority and Prudential Regulation Authority (UK) issuing multi-million dollar penalties. Compliance regulations such as GDPR or PCI-DSS add to the costs for certain disclosure violations. For the protection of their customers, responsible FinServ organizations are obligated as well as regulated to take strong preventative measures and rapid remediation action when it comes to system compromise or data disclosure regardless of source.
Despite the risks of being present on these platforms, the digital world provides FinServ organizations the opportunity to better connect with consumers, engage customers, and to extend and control their marketing and messaging. By monitoring their digital presence and mitigating the risk associated with it, financial institutions are able to optimize their utilization of the digital space and do so safely.
Regardless of the source of or reason for a disclosure, FinServ customers expect their financial services institution will take every precaution and make every remediation effort necessary to protect their account and personal information from misuse. They are entrusting these organizations with some of their most valuable assets: their identities, money and investments.
You can access the full report at ZeroFox Financial Services Digital Threat Report | 2019