When asked why he robbed banks, American bank robber Willie Sutton notoriously answered, “Because that’s where the money is!” Banking is still a number one target for cyber crims – it’s just the money has moved online, and so have robbers.
With banking season currently underway this month, many of the big banks have reported their financial results. Yet, as an industry, the sector is facing an uptick in cyber threats, with many UK banks’ customers reporting a flurry of email and phone scams in the first two months of 2021.
While banks are diligently investing in cyber defenses, scammers instead focus on targeting individual customers, trading on the loyalty and trust they have with financial institutions to bust open nest eggs. When money is missing from accounts, banks are blamed and trust is lost.
<p style=\"font-weight: 400;\">Scam artists often trade on credibility – and online, there is a wealth of information available for criminals to steal information, identify targets, and create believable scams. Last year [2020] there were 730 publicly disclosed data breaches, with 22 billion records exposed*. Criminals will stitch together information from different attacks to create a profile of their targets. This data is used when sending messages to victims to build trust and credibility. In this way, criminals can get information they don\’t have – whether it\’s passwords, account details, or even credit card details.</p> <p> </p> <p style=\"font-weight: 400;\">Cybercriminals are inventive and persistent – they will try to elicit information needed to further their crimes in all manner of ways. One tactic is to send phishing messages – either via email, or increasingly popular via SMS, in the hopes that a small number of victims will respond. Receiving a message from an unknown bank might normally set off the scam radar for consumers, so attackers may use stolen data to target victims with familiar banks where the victim has an account. The message might even be on a topic the victim is expecting. These targeted and \"intelligent\" messages make it easy for even alert consumers to be caught off guard.</p> <p> </p> <p style=\"font-weight: 400;\">You wouldn\’t instantly trust a stranger who approaches you in the street. This should be the same for behaviour online. We all need to be extra careful dealing with unsolicited communications – whether it\’s an email, SMS message, phone call, or any other form of communication. Never accept at face value that a message sender is legitimate. Always verify an online identity with a trusted source before taking any actions that might disclose personal information.</p> <p>* Source: Tenable\’s 2020 Threat Landscape Retrospective Report </p>