Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

Don’t take the bait – how to spot the warning signs for phishing scams

Don’t take the bait – how to spot the warning signs for phishing scams

Andrew Avanessian, COO at Avecto

Social engineering, a common technique used by cyber criminals to deceive and manipulate individuals into disclosing sensitive information, used to have a reputation for being nothing more than a quick and simple email scam. Nowadays, the financial services sector is one of the highest targets in the world of cyber crime, due to the highly sensitive nature of the information that companies process and store. And so this simple scamming tactic has evolved to become one of the most sophisticated threats facing the industry.

The use of emails, attachments, social media platforms and phone calls to trick people into handing over confidential details is commonplace.

Research from Positive Technologies found that more than one in ten employees fall for social engineering attacks, and this number is likely to increase as the attacks become more advanced.

While scams such as fake phone bills or emails from unknown addresses asking you to click on links are now obvious, social engineers are becoming much subtler, and in turn convincing, in their approach. It all starts with an email address and employee name, which can easily be found online.

Then, using the masses of data openly available on the internet, and technology that can infiltrate devices in new ways, cyber criminals can craft tailored communications designed to trick a recipient into downloading malware, or even to convince an employee to hand over sensitive information or bank details. While many people may assume they’d recognise malicious scams, modern threats are extremely difficult for most people to spot, particularly when hackers will often ask for seemingly benign details about people, rather than financial details. Personal information is an increasingly valuable tool for hackers, and can result in very tailored attacks, making it even more important to keep all forms of personal data safe.

Examples of modern social engineering attacks include emails which appear to be from a senior staff member, using the same language that they would normally use, asking specifically for something you’ve been working on. Another may be an SMS message on your phone that appears in the same thread as messages from your bank.

By exploiting an individual’s trust and curiosity, social engineering attacks can be uniquely effective at infiltrating an organisation. Within the financial sector, there is still a common misconception that organisations are more secure than those in other sectors due to their compliance with stringent regulations. While this may be somewhat true, they are not automatically safeguarded from social engineering scams, and attackers can still strike unwilling victims.

All it takes is one employee clicking on one email link for malware to be downloaded and spread through an entire corporate system. Hackers will often try to get their victims to download an attachment, such as a Microsoft Word document, which allows them to easily launch malware within a company network. Therefore, combating these attacks should start with staff education. Encouraging employees to be more suspicious with regards to unsolicited communication, being wary of who adds them on social media and training them to spot potentially malicious content goes some way toward alleviating the risk of these attacks. Encouraging staff to regularly change their passwords and asking them to report anything they are suspicious about also helps to promote a healthy security culture within an organisation and keep the rest of the workforce alert to likely scams in order to prevent further breaches.

That said, it is important to remember that when it comes to cyber security, people are and will always be the weakest link. This is especially the case for junior members of staff who may have unnecessary access to sensitive corporate information. They may not be aware of the potential consequences of information such as company, staff or banking details falling into the wrong hands, and may be more likely to fall for communications purporting to be from a CEO or senior staff members demanding sensitive details to be sent over.

With hackers devising increasingly creative methods to obtain corporate information and using sophisticated software to launch attacks, sometimes education will never be enough on its own. Organisations, therefore, need to remain vigilant to these threats and proactive in their defence strategy. Preventing users from accessing data outside of their responsibility can help to alleviate the pressure significantly. Restricting employee access to the data needed to carry out their role means that if a hacker were to launch an attack successfully, the amount of data that they would be able to access would be greatly reduced. Combining this with application white listing, which can prevent unknown or malicious apps from launching, can stop social engineers in their tracks.

All of these methods lay the foundations for a robust security posture on which to build. Being aware of security threats, along with the different forms they can come in, ensures that financial organisations can start to take the simple proactive steps necessary to keep themselves, along with their employees and sensitive information, safe.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post