Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Don’t take the bait – how to spot the warning signs for phishing scams

Andrew Avanessian, COO at Avecto

Social engineering, a common technique used by cyber criminals to deceive and manipulate individuals into disclosing sensitive information, used to have a reputation for being nothing more than a quick and simple email scam. Nowadays, the financial services sector is one of the highest targets in the world of cyber crime, due to the highly sensitive nature of the information that companies process and store. And so this simple scamming tactic has evolved to become one of the most sophisticated threats facing the industry.

The use of emails, attachments, social media platforms and phone calls to trick people into handing over confidential details is commonplace.

Research from Positive Technologies found that more than one in ten employees fall for social engineering attacks, and this number is likely to increase as the attacks become more advanced.

While scams such as fake phone bills or emails from unknown addresses asking you to click on links are now obvious, social engineers are becoming much subtler, and in turn convincing, in their approach. It all starts with an email address and employee name, which can easily be found online.

Then, using the masses of data openly available on the internet, and technology that can infiltrate devices in new ways, cyber criminals can craft tailored communications designed to trick a recipient into downloading malware, or even to convince an employee to hand over sensitive information or bank details. While many people may assume they’d recognise malicious scams, modern threats are extremely difficult for most people to spot, particularly when hackers will often ask for seemingly benign details about people, rather than financial details. Personal information is an increasingly valuable tool for hackers, and can result in very tailored attacks, making it even more important to keep all forms of personal data safe.

Examples of modern social engineering attacks include emails which appear to be from a senior staff member, using the same language that they would normally use, asking specifically for something you’ve been working on. Another may be an SMS message on your phone that appears in the same thread as messages from your bank.

By exploiting an individual’s trust and curiosity, social engineering attacks can be uniquely effective at infiltrating an organisation. Within the financial sector, there is still a common misconception that organisations are more secure than those in other sectors due to their compliance with stringent regulations. While this may be somewhat true, they are not automatically safeguarded from social engineering scams, and attackers can still strike unwilling victims.

All it takes is one employee clicking on one email link for malware to be downloaded and spread through an entire corporate system. Hackers will often try to get their victims to download an attachment, such as a Microsoft Word document, which allows them to easily launch malware within a company network. Therefore, combating these attacks should start with staff education. Encouraging employees to be more suspicious with regards to unsolicited communication, being wary of who adds them on social media and training them to spot potentially malicious content goes some way toward alleviating the risk of these attacks. Encouraging staff to regularly change their passwords and asking them to report anything they are suspicious about also helps to promote a healthy security culture within an organisation and keep the rest of the workforce alert to likely scams in order to prevent further breaches.

That said, it is important to remember that when it comes to cyber security, people are and will always be the weakest link. This is especially the case for junior members of staff who may have unnecessary access to sensitive corporate information. They may not be aware of the potential consequences of information such as company, staff or banking details falling into the wrong hands, and may be more likely to fall for communications purporting to be from a CEO or senior staff members demanding sensitive details to be sent over.

With hackers devising increasingly creative methods to obtain corporate information and using sophisticated software to launch attacks, sometimes education will never be enough on its own. Organisations, therefore, need to remain vigilant to these threats and proactive in their defence strategy. Preventing users from accessing data outside of their responsibility can help to alleviate the pressure significantly. Restricting employee access to the data needed to carry out their role means that if a hacker were to launch an attack successfully, the amount of data that they would be able to access would be greatly reduced. Combining this with application white listing, which can prevent unknown or malicious apps from launching, can stop social engineers in their tracks.

All of these methods lay the foundations for a robust security posture on which to build. Being aware of security threats, along with the different forms they can come in, ensures that financial organisations can start to take the simple proactive steps necessary to keep themselves, along with their employees and sensitive information, safe.