For financial services firms, cyber-attacks are the bank robberies of the digital age. Since the advent of computers, criminals no longer need balaclavas, guns or a getaway car on standby. Today’s cyber-criminals can conduct attacks from behind a computer screen. For obvious reasons, financial firms have always been a prime target for cyber-criminals. Unfortunatley, due to the sensitive nature of the information they process, banks are faced with a barrage of phishing and impersonation attacks on a daily basis.
Although banks have always been at risk of fraudulent attacks, since the start of the Covid19 pandemic, cyber-criminals have really upped the ante against the sector. According to research conducted by Carbon Black, attacks on banks and other financial institutions spiked by 38% between February and March, this accounted for 52% of all attacks observed. Over the past year, there have been countless targeted scams, involving both consumers and employees. These have ranged from BEC spoofing attacks, to smishing fraud and wire transfer scams.
Like with many industries, email is now the primary method of communication used for internal comms, suppliers and their customers. Unfortunately, fraudsters are keen to exploit any email security weaknesses. Recent research by Bitdefender discovered that email spoofing involving banks, dramatically surged during lockdown. As the pandemic struck, fraudsters quickly responded to the sudden rise in online banking and shopping.
For example, in September, over one third of incoming emails relating to financial services was marked as spam. A month later, more than half were identified as fraudulent. Not only are consumers faced with a huge volume of scam emails, they are also becoming more difficult to distinguish from legitimate bank correspondence. Hackers use brand colours, identical formatting and mimic industry language. The cyber-criminals of this new decade are a far cry from the ‘shadowy lone figure in his bedroom’ stereotype. They now belong to organised criminal enterprises- which are run like efficient businesses.
The threat of domain spoofing and Business Email Compromise attacks
Domain spoofing is a malicious method used when conducting phishing scams. Although many businesses assume that email providers will automatically block email impersonation- this isn’t the case. If you haven’t implemented SPF, DMARC and DKIM, domain spoofing is a relatively simple tactic to implement. Using publicly available tools, hackers can send fraudulent emails from your private domain. Although DMARC is a critical protocol which could help all businesses prevent spoofing and fraud, global adoption is still lagging behind.
For the FS industry specifically, one of the key spoofing threats is business email compromise (BEC). According to a survey conducted by the Association of Financial Professionals, more than 81% of firms say they were impacted by BEC attacks in 2019. When it comes to phishing awareness, we all know to wary of the obvious scams which are littered with grammatical errors, and sent from ‘firstname.lastname@example.org’. But it becomes far more difficult to spot when the email is sent from your own accounts department or CEO.
How can you protect your corporate domain from spoofing attacks?
With the threat of BEC and email spoofing attacks growing in volume and sophistication, financial services organisations need to take back control of who can send emails on their behalf. Thankfully, there are ways to protect your domain from impersonation attacks. By fully implementing DMARC, you can ensure that all emails from your private domain are authorised and legitimate. Although DMARC is a crucial protocol to help prevent fraud and spoofing (recommended by the National Cyber Security Centre), the global uptake is still relatively slow. Unfortunately, until more businesses fully adopt DMARC, email spoofing will continue to be a problem. In a study of 119 financial services organisations' primary domains, 64% had published a DMARC policy but just 28% of these organisations had implemented a ‘reject’ policy, (the most effective way to protect your domain).
By deploying anti-spoofing controls such as DMARC, SPF and DKIM, you can reduce the risk of your domain being used for spoofing scams.
What is DMARC?
- DMARC is an email protocol which determines the legitimacy of an email, it allows ISPs to filter and block domain spoofing and phishing attacks by identifying unauthenticated emails. If DMARC is not deployed, anyone can send an email directly to your customers pretending to be you. (Your email provider such as Office365 does not configure DMARC by default)
- Products such as Redsift’s ONDMARC, not only reduce the risk of spoofing, they also provide in-depth visibility into who is sending on your behalf, where your domain is being used and how many of your emails are passing DMARC validation.
Besides the benefit of protecting your own email domain, there are numerous other advantages of implementing DMARC. For example, your own emails are less likely to land in spam folders, meaning overall deliverability will increase. Secondly, you will no longer be at risk of reputational damage due to your domain being involved in spoofing fraud. This will naturally lead to more consumer trust in your brand. Lastly, by encouraging suppliers to implement anti-spoofing controls, you will have more confidence when receiving attachments, clicking links and making payments.
Would you like to find out more about DMARC?
If you would like to find out more about DMARC and how to protect your domain against spoofing attacks, register for our webinar alongside Red Sift on the 4th March. This educational session will explore how the financial services industry can prevent spoofing attacks, improve brand trust and take back control of your corporate domain.
We will be joined by Keynote speaker: Ned Stevanovski, CISO, Mishcon De Reya LLP.
Here is a taste of what the session will cover...
- How Red Sift's OnDMARC solution can be used to: reduce the risk of spoofing, gain in-depth visibility into who is sending on your behalf, where your domain is being used and how many of your emails are passing DMARC validation.
- Learn how to fast-track your DMARC and SPF journey, by implementing a future-proof email architecture.
- How to put a stop to unwarranted use of your corporate domain.
*As a follow up to this session, Red Sift will be offering a Threat Intelligence Report that will be done over 14 days.