As more financial institutions rely on digital platforms to grow business and engage with customers, whether through social media support or mobile applications, it’s critical that security and marketing teams alike understand the opportunity and risk these platforms uniquely present. Financial Services organizations have a massive footprint and attack surface on social media and external digital platforms — all of which is ungoverned, unmonitored and unprotected by the existing security perimeter. Protecting customers, employees and information is possible through monitoring, identification and remediation of digital threats.
Top threats facing Financial Services
Due to the nature of financial services and associated customer data, it’s critical that financial institutions understand the threats facing their business on social and digital channels in order to effectively address them and safeguard customers and employees. Some of the top threats that ZeroFox has found affecting the FinServ space include:
- Financial fraud and scams: Unfortunately, financial scams run rampant on social media, including hashtag hijacking, money flipping scams, fake couponing and more.
- Impersonations: Bad actors create social media profiles that look exactly like your organization, an internal department or executive in order to abuse the visual trust social media users (in this case, your customers) often exhibit.
- Fraudulent mobile applications: Mobile apps remain an effective way to steal credentials and PII from your customers. Malicious overlays, impersonated brand apps and fake profiles are spread across a multitude of mobile app sites.
- Phishing, malware and spoofed domains: Phishing and spoofed domains are a tried-and-true tactic used by cybercriminals. Bad actors target your customers on social media with phishing links to sites impersonating your brand in the hopes of receiving account credentials, financial information and PII.
- Information leakage: The end goal of most of the above threats is to gain access to your information or accounts. This information is often sold on the deep and dark web or released more broadly across the web.
While there are many threats on social and digital channels, there are plenty of legitimate and cost-effective ways to mitigate these and other risks. Below are a few simple steps you can take to protect your employees and customers from digital threats.
Protecting your customers from digital threats
Protect owned accounts
The first step towards protecting customers (and employees!) against threats on social and digital channels is to identify where your customers are engaging with you. Defining your owned digital presence helps you take control of what is being said, about you and by you, to the market. Take stock of owned accounts on social media and put protections, in the form of strong passwords, role-based access, and automated notifications of potential account hacking, in place.
Ensure you have two-factor authentication enabled for all accounts, especially those accessed by multiple people. Password managers help ensure your passwords are both maintained and strong. Understand the risk that hacked accounts present – a bad actor with access to your owned social accounts may direct message followers and customers asking for credentials, post offensive or malicious content on your behalf, or targeting your employees into providing proprietary information.
Monitor for leaked information and protect customers from scams
When a threat does occur, it’s important to identify and address it early. Start by creating a social media and digital protection plan, inclusive of who owns what, so you can quickly respond to any incidents. Investing in a tool that monitors and alerts you to threats on social and digital channels removes the manual work of sifting through millions of posts, comments and profiles for potential threats.
Educate your employees and your customers
Ultimately, if you are unable to prevent or stop every scam targeting your customers and employees, you should invest in educating them on the warning signs related to these attacks. Employee trainings on social media security best practices help to keep staff informed of potential threats. Similar training offerings can be provided to customers, related to both social media security and account security.
Learn how you can protect your customers
ZeroFox recently hosted a webinar with ThreatQuotient on how financial services organizations can protect their business and their customers from financial fraud and other threats on social media and digital channels. We discuss the top threats to monitor and top tactics to address these threats at scale.
The webinar includes information on:
- Understanding of top trends and threats facing financial institutions on social and digital channels
- Knowledge of key tactics for addressing social and digital threats
- Tools available to your organization for mitigating risk
Listen to the recording here and make sure to join us for our next live webinar.