Published: April 24, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
Cybercrime is a conflict between two players. The experts focused on finding ways to foil attempts by cyber criminals to access information related to client accounts and the cyber criminals themselves. They are continually in search of loopholes in security solutions to access sensitive personal information. And if research from Akamai is true in their annual “State of the Internet” report, then cybersecurity teams are fighting a desperate fight against professional malware groups intent on using a variety of tactics. Comparing losses due to cybercriminal activity in 2022 with the losses incurred in 2021 paints a sobering picture of a cybercriminal fraternity that is very successfully exploiting security weaknesses.
What are these aforementioned tactics? Well, they include, but certainly are not limited to ransomware and modern phishing attacks in increasingly sophisticated efforts. These all can extort cash or untraceable virtual currency from custodians of sensitive client data or they can simply obtain that data, including login details and other personal information to use themselves or to sell on the dark web.
Threat actors are increasingly finding their attacks on one of the most secure data environments in the world foiled. That is the Financial Services (FinServ) industry. This level of protection requires them to pivot to even more sophisticated tactics to get sensitive data from FinServ clients, customers, and members themselves.
However, the change in direction towards a focus on customer accounts by the attackers has resulted in a disturbing trend.
Cybersecurity experts at FinServ companies are working overtime to increase the robust nature of detection and remediation. However, they seem to be fighting an uphill battle. Zero-day vulnerabilities are being exploited quickly and efficiently - with thousands of attacks each hour. Credential stuffing attacks are getting bigger. Phishing is increasing its reach by taking on texts (smishing) and voice calls (vishing).
And they are not done there. Website scraping is an automated way that cyber thieves can collect large amounts of data from websites. Essentially, they use tools that search for the type of information they want and then scrape it into their servers to collate it and use it for whatever is their intent. In this case, they look to gather login credentials and other useful personal details from FinServ members, customers, and clients.
Fortunately, by staying on top of the latest threats and keeping a keen eye out for phishing in all its forms are the best ways to avoid becoming a victim.
Keeping an eye out
Watch for typos in email messages, as well as incorrect grammar.
If there is a link in a message, don’t just click it. Go directly to the website manually or don’t click it at all, especially if the link goes to a form asking for your login credentials.
Don’t give out any personal information to a caller on the phone if you didn’t initiate the call.
If you are asked to verify credentials, go directly to the website that you trust. Bookmarking these frequently used links is the best way to do this.
Don’t react to a threatening link or email. Always use information you find or know rather than what you get in email, texts, or voicemail.
Contact your financial institution and ask for advice whenever there is doubt. If there is truly a reason to worry, they will be able to help you.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com