With more consumers reliant on mobile banking through apps and online portals, financial service institutions must grapple with the rapid adoption of new technology and their associated risks. More than other comparable industries, financial service (FinServ) institutions, including banks, credit unions, loan providers and credit card companies, incur substantial risk when it comes to this new public attack surface. Financial services involve the exchange of money and sensitive information that if exposed or stolen could put both consumers as well as the integrity of the institution at risk.
The financial services industry continues to be impacted by both the benefits and the risks of digital transformation. FinServ institutions must acknowledge that in this world of digital business, cyberattackers now have equal access to consumers. Public platforms like social media, websites, mobile apps and support portals provide new vectors on which to host attacks and, unsurprisingly, attackers are utilizing new methods for fraud and impersonation to take full advantage.
The latest ZeroFox Alpha Team threat report update analyzes three of the top emerging and persistent digital attack tactics facing the financial services industry based on data from ZeroFox’s own FinServ customer ecosystem over the course of 12 months. The three categories of attack within the report include phishing, fraudulent mobile apps, and financial fraud and scams.
Over the past five years, phishing attacks have spiked dramatically. Phishing domains now make up a much larger percentage of total malicious websites than malware-related sites.
With this surge of phishing activity, the ZeroFox Alpha Team has seen a growing number of phishing kits developed and sold online. Phishing kits provide a complete scam waiting to be stood up. This allows phishing kit operators to run scams without having to worry about managing infrastructure or needing to design their own scams.
ZeroFox identified over 443,000 phishing domains in the time period covered by this report, almost twice the number identified in 2019. Of those domains, over 75% were hosting live content, actively putting financial customers at risk.
Fraudulent Mobile Apps
Customer support teams engage with customers through mobile apps and provide real-time support through social channels, and many customers have come to expect that they can conduct banking and financial planning entirely online. As banking mobile applications have come to be popular with customers, they have also become a lucrative attack vector. Attackers create malicious copycat applications that look like the banking and finance apps they are impersonating, in the hopes that victims will mistakenly download them. These malicious impersonators phish for banking credentials or exfiltrate sensitive information from the victim’s phone.
ZeroFox identified nearly 1500 malicious mobile apps in the time period covered in this report, representing an increase of over 3 times the number identified by ZeroFox in 2019.
Financial Fraud and Scams
Scammers promote a variety of financial scams on social media. One of the most popular of these, called money flipping, involves scammers alleging that they can transfer supposedly unclaimed funds if a banking customer hands over their login information. Another extreme financial scam method, known as money muling, involves a scammer convincing a victim to act as a middle man for an illegal funds transfer. Often, this is done under romantic or career-related pretenses. Some of these mules, however, may or may not know that they are part of a money mule network.
In total, ZeroFox identified 383,000 scams on social media in the time period covered by this report. This is four times as many scams as were identified in the ZeroFox 2019 Financial Services Digital Threat Report. With the onset of COVID-19 related business closures, the global unemployment continues to rise. Economic downturn provides a viable attack surface for scammers, who may target those in financial distress due to the pandemic.
Read the full report
FinServ institutions, and their consumer bases, are frequently targeted with digital attacks due to the nature of the business and handling of funds. As events like the Coronavirus pandemic have taken place, both the span of the attack surface and the frequency of attacks has increased. Learn more about the top threats facing FinServ in our full threat report, available here.