Top 5 Threats to the Financial Industry on Social and Digital Channels

4 minute read

Financial Services are always early adopters when it comes to cyber security. They need to: they’re incredibly lucrative targets and cyber criminals only use cutting edge attacks when going after the greatest of targets. In the world of social and digital channels, perhaps security fastest growing threat vector, cyber criminals have found an all new medium to go after the financial industry.

Over the past 4 years, ZeroFox has worked with dozen of financial institutions big and small, from regional banks to several in the Fortune 50. Social and digital risks impact these organizations across the board. Here are some of the most common threats to the financial industry.


The cyber criminal’s bread and butter, spearphishing, performs incredibly well on social media. Social media is an inherently trusted platform, lacks security visibility, and broadcasts its users to nefarious actors. A cybercriminals can footprint an entire financial institution with no more than a LinkedIn query.

Attackers create fake accounts — be in an impersonations of the financial institution’s executive or a new hire — and engage with their target at the company. These targets are often other executives or anyone with access to sensitive data, such as financial advisors, IT, operations, risk offices or HR.

Consumer fraud

In terms of sheer volume of threats, customer fraud takes the cake. There’s an absurd amount of financial fraud on social and digital media, so much in fact that we wrote an entire whitepaper of one type of scam, on one network, using one tactic (money flipping, on Instagram, spoofing bank logos, respectively).

Attackers create accounts that advertises fraudulent services, often claiming to be affiliated with the bank. They target customers of bank, especially those they perceive might be in dire financial straights, such as single mothers or members of the military. The actual fraud can take several different forms, such as card cracking, money flipping and work from home scams. The banks often end up eating the cost of the attack after a customer reports the fraud. The amount of time remediating stolen financial information is also costly at scale.

Money Scam on Instagram

Fake account and social engineering

Spoofing accounts on social media is trivial. It takes no more than 15 minutes and an internet connection. Spoofed accounts hijack either a bank’s logo, look and messaging or the actual photo of someone who works at the bank. The account gathers followers to helps its credibility before engaging with people at the bank. The spoofed accounts it not the payload in and of itself, but a well done fake profile can wreak havoc when it comes to social engineering ploys. It can distribute spearphishing links, as discussed above, malware exploits, adware and more.


Every highly regulated industry is forced to grapple with the new realities of social media. Things posted publicly are held to the utmost scrutiny. Interestingly, regulatory bodies have not issued net new regulations for social media, but rather retrofitted old regulations to social media. The same rules apply around fair disclosure, FFEIC, PCI and more.

For a comprehensive look at social media compliance, read out white paper, Maintaining Compliance in the Social Media World.

Data leakage

Once an attacker has breached a financial institution and exfiltrated critical data, whether the initial breach occurred through social and digital channel, they will almost always post and advertise the stolen good on social and digital channels. Data loss has taken on a whole new scale in the social media age. The records may be posted on a bin site, like ghostbin or pastebin and advertised on more mainstream networks like Twitter and Facebook. This step in the black market cybercriminal economy functions just like the free market — advertisers using highly-public platforms to sell their wares.

Banks can benefit from scouring digital for channels for a leaked data. When malware can go unnoticed on servers for months or even years, this method is often the first way to identify a breach.

For a comprehensive look at social media DLP, check out our white paper, Data Loss in the Social Media Age.

To find out more about the ZeroFox Platform, which provides automated threat detection and remediation across social, digital, deep & dark web, mobile and collaboration platforms, visit

See ZeroFox in action