sb-as logo
Story image

Email attacks targeting financial services up 60% - Proofpoint

01 May 2019

Cybersecurity and compliance company Proofpoint has released its Email Fraud in Financial Services Report, revealing a 60% year-over-year increase in imposter email attacks targeting financial services firms in Q4 2018.

The global report, based on an analysis of more than 100 financial services companies in 2017 and 2018, underscores that cybercriminals continue to primarily target people, and not infrastructure, with advanced and highly targeted attacks.

“While email fraud is not unique to financial services organisations, this industry’s employees hold the keys to one of the most potentially lucrative paydays for cybercriminals,” says Proofpoint Asia-Pacific and Japan Vice-President Tim Bentley.

“One wrong click can expose an entire brand and its customers to substantial risk and even bigger losses.”

“It is critical that organisations prioritise the implementation of solutions that defend against these attack methods, specifically against domain spoofing, display name spoofing, and lookalike domains, and train employees to identify and report socially-engineered attacks across email, social media, and the web.”

Email fraud is a broad category that includes business email compromise (BEC), a form of wire fraud, and other threats in which the attacker uses some form of identity deception to manipulate an individual.

These attacks are socially engineered to target specific people within financial services organisations who can execute requests on the attacker’s behalf. 

The key findings in Proofpoint’s 2019 Email Fraud in Financial Services Report include: 

  • Within targeted financial services firms, 56% saw more than five employees targeted by BEC attacks in Q4 2018.
     
  • The largest volume of email fraud attacks targeting financial services companies arrived on weekdays between 7am and 2pm in the target’s time zone, with Mondays being favoured by fraudsters to send their nefarious campaigns.
     
  • In Q4 2018, 39% of email sent from domains owned by financial services companies externally appeared suspicious or were categorised as unverified.  That figure includes 68% sent to employees appeared suspicious, 36% sent to customers, and 19% sent to business partners.

Effective security against these types of socially engineered attacks requires a people-centric approach, including robust email defences and inbound threat blocking capabilities, combined with cybersecurity awareness programs that train users to spot and report malicious emails.

Businesses must assume that someone within their organisation will always click and craft a security strategy that caters to their most attacked and vulnerable individuals and also protects against both internal and external impersonation attacks.

Story image
UiPath and eSentire bring hyperautomation to Microsoft Security
UiPath and eSentire have announced a strategic partnership to deliver end-to-end security policy automation across multiple Microsoft Security services.More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More
Story image
Cybersecurity market continues meteoric ascent
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More