Prevent Corporate Fraud with Strong IT Security Solutions | GBAF

Prevent Corporate Fraud with Strong IT Security Solutions | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Technology > HOW CAN YOUR ORGANISATION AVOID GETTING SPEAR PHISHED?

HOW CAN YOUR ORGANISATION AVOID GETTING SPEAR PHISHED?

Published by Gbaf News

Posted on April 29, 2015

4 min read

Last updated: January 22, 2026

Illustration of spear phishing attack prevention strategies - Global Banking & Finance Review — An informative image representing spear phishing attacks, highlighting the importance of security measures in corporate treasury to prevent financial fraud. This relates to the article's focus on avoiding spear phishing tactics in banking.

By Tim Wheatcroft, director, Kyriba

The importance of fraud prevention continues to grow within the corporate treasury department, as does the range and sophistication of the types of attack perpetrated.

We’ve probably all received phishing emails in the past – an email purportedly from a bank telling you to click on an embedded link in order to “confirm your security details.” The link takes the unsuspecting stooge to a malware-infected site that allows keylogging or other malicious code on your computer.

While most consumers are now savvy to this type of attack, an approach that can be far more devastating for corporate treasuries is spear phishing, which is targeted, and uses social engineering to make emails look to come from a trusted source (often a senior internal staff member), and therefore increase the click rate*.

One recent example of this, recently uncovered by Russian security software vendor Kaspersky Lab, led to an estimated £700mn ($1bn) being stolen from more than 100 banks in 30 countries, over the past several years**. The attackers targeted bank employees with malware-laced emails, and once they had system access, could steal money through a variety of methods, ranging from transfers via SWIFT, to setting up ATMs to automatically dispense cash into the hands of a waiting accomplice. All pretty terrifying for any corporate treasurer.

So, what can you do to avoid being targeted? The first and most obvious solution is for more effective IT security solutions and policies to be implemented, both to block the emails and also educate email users not to click on the links. However, as this solution will never be 100% effective, the burden is on treasury to set up processes to reduce the likelihood of funds being transferred out of the organisation through illicit electronic transactions. Some of the controls that you can put in place include.

Improved Application Security

Unauthorised access to financial systems via weak login and user authentication procedures is the most common attempt to compromise financial data and initiate fraudulent activity. Treasury requires strong security to ensure access to systems is well protected. However, many people continue to use passwords that can easily be compromised. Employing multiple levels of user authentication helps protecting treasury data from external hackers and spear phishers. The best ways to prevent financial systems from unauthorised access include:

Strong password controls
IP filtering – limit system access to pre-defined IP addresses
Two-factor authentication – using hardware token, SMS, or Yubikey
Use of a numeric keypad, where numbers within a password must be selected by mouse instead of typed

Payment Approvals

Payment approvals are already often separated from payment initiation in most organisations. However, what can be improved is to implement multiple, standardised, levels of approval and ensure approvals are electronic, tied to the separation of duties within the treasury system, and align with dollar limits. A centralised treasury system will help prevent fraud not only by implementing these procedures for payments initiation and approval, but also to ensure that the entire workflow is within treasury and finance’s control.

In fact, organisations that choose to initiate payments in their bank portal lack the electronic ‘paper trail’ for that payment, meaning that the history of the payment request is in a different system and quite possibly outside the payment approver’s viewpoint. This introduces unnecessary risk into the process as a result. Consolidating payment requests and outgoing transactions in a single system is important to effectively combat payments fraud.

Digital Signatures

Digital signatures are a critical tool to help banks authenticate imported payment files. Digital signatures, such as SWIFT 3SKey, can be applied to payments, confirming to the bank that all payments are accurate and valid. This not only helps validate the payment but also decreases propensity of non-repudiation by the bank. Digital signatures, combined with strong password controls and a centralised payment workflow within the treasury system, dramatically eliminate opportunities for payments fraud.

Improved workflows

Structured workflows that require all bank account activity to be tracked and approved using the treasury systems’ controls and limits. These workflows can be enforced by mandating centralised documentation to the bank. The requirement for corporates is that no account opening, closings, or changes can happen that do not originate from an authenticated, digitally-signed, encrypted message from the organisation’s treasury system.

* http://searchsecurity.techtarget.com/definition/spear-phishing

** http://ww2.cfo.com/cyber-security-technology/2015/02/spearfishing-attacks-infiltrate-banks-networks/