author photo
By Bruce Sussman
Mon | Jun 3, 2019 | 7:50 AM PDT

Think of it as big data applied to email fraud that targets financial services firms.

Proofpoint just reveled an analysis of more than 160 billion emails sent to 100 financial services organizations around the globe.

The newly released results prove that financial services organizations face highly-targeted and socially-engineered attacks that seek to exploit people rather than technology.

Financial services email fraud: growing numbers

The 2019 Email Fraud in Financial Services Report looked at the problem from a number of different angles.

However, the overall message was this: legitimate employee identities and emails are increasingly being weaponized to target other employees within organizations.

This is happening through a rapidly rising number of  impostor attacks:

email-fraud-impostor-attacks

Researchers revealed specifics related to the chart above:

"Financial services firms were targeted by impostor attacks 60% more frequently in Q4 2018 vs. the year-ago quarter. We saw more frequent of attacks, more people targeted per attack, and more identities spoofed."

This certainly mirrors what we are hearing from security leaders at our 2019 cybersecurity conferences.

The report also looks at social engineering, domain spoofing, display name spoofing, and other tools, techniques, and procedures that cybercriminals are using against financial services companies.

Business email compromise case studies

Those TTPs include wire transfer and other business email compromise (BEC) scams targeting financial services firms. The cybercriminals behind these attacks are upping their game according to U.S. law enforcement. 

"These are not hackers sitting in your grandma’s basement and eating Cheetos," says Stephen Dougherty of the United States Secret Service. "These are sophisticated operations where they decide who they want to target as victims." 

Dougherty is a financial investigator contractor who works in the Secret Service's Global Investigative Operations Center (GIOC).

He shared several BEC case studies in the SecureWorld web conference, Email Fraud Case Studies and Defense Strategies, which is available on demand.

Email fraud research for 2019

For more information, you can download the Email Fraud in Financial Services report, which researchers designed to be actionable intelligence. 

As you may know, Proofpoint creates what many in cybersecurity consider to be the annual benchmark reports around this type of cybercrime.

With that in mind, here are two related email fraud reports you may wish to download:

Global Email Fraud Report, 2019
Email Fraud Threat Report for Healthcare, 2019

Comments