Banking’s digital footprint expansion creates new opportunities for fraudulent attacks
Dondi Black I VP, Senior Director Market Engagement and Ideation, FIS
October 05, 2020
Banking’s digital footprint expansion creates new opportunities for fraudster attacks
Financial institutions understand that engaging through digital channels is no longer a nice to have, it is table stakes. Providing multiple touchpoints for consumers, whether in-person or through digital means, ensures that a financial service provider remains relevant and competitive in order to attract and retain customers. However, as the digital transformation of the banking industry accelerates it also creates new opportunities for fraudulent activity as we are seeing a steady increase in a variety of digital fraud.
One of the easiest points of entry into digital engagement today is social media, making it a ripe target for cyber thieves. It is relatively simple to establish your brands and services across the major social media channels like Facebook, Twitter, Instagram and LinkedIn. And, while most financial service providers launched social profiles to provide marketing and outreach channels, they have also evolved into pseudo-service channels as well. This opens the door wide open to the creation and distribution of content that is false, inflammatory or even malicious.
Digital is the preferred way consumers want to communicate with you
Your footprint was once largely defined by physical locations. Today, it encompasses social media channels and dedicated website domains. Digital will continue to grow. For examples, over 90% of consumers said in a recent FIS PACE Study that they like to use digital messaging to communicate with banks or any business for that matter. The study also found that 61 percent of consumers regularly access their mobile banking accounts and 75 percent of bankers said that social media is important to growing the business.
The response to the COVID-19 pandemic has served to accelerate the use of digital banking since most financial services locations, retailers, restaurants and other businesses were required to comply with government shutdown and social distancing mandates. Localized preferences point to trends around rapid adoption of connected devices and digital experiences that are commonplace for most American families.
The threats and risks invading the public digital landscape include branded social media and websites managed by your teams; social media exposure that comes from employees, executive teams and board members who publicly affiliate themselves with your brand; and ancillary web domains from your primary site that are specific to a product, service request, change management or an onboarding experience.
While digital engagement delivers anytime, anywhere convenience it also comes at a cost. We are seeing data “weaponized,” at an accelerated rate, eroding the trust many of us have in social media. But, when it comes to your customers, a social media hack or email scam associated with your bank has a direct correlation to the trust they place in you. Liability questions aside, your customers expect you to protect their funds and account information.
Your customers trust you and the fraudsters know that
Your reputation is built on service and trust. Attackers know this, which is why they leverage that trust to easily manipulate consumers with fraudulent domains and fake accounts. This results in the proliferation of giveaway and sign-on bonus scams as credit cards numbers, personal identifiable information (PII) and other financial data are leaked across the deep and dark web. Today, the average value of a fraudulent financial transaction in the mobile channel is $1,058.
Impersonation scams continue to be one of the most prevalent types of payments fraud. Impersonation fraud increased 56 percent between 2017 and 2018. Executive impersonations (where a scammer takes control of the CEO’s or CFO’s email account and spoofs it) is up over 300 percent during the same period.
With impersonations, a bad actor on social media creates a fake customer support account. That fake account engages with legitimate customers. Typically, a scammer drives the consumer to a phishing link where they proceed to unwittingly share their account information with the scammer.
Can you spot the real Twitter account?
Here are three real Twitter accounts that were accessible via Twitter. Can you see there is a consistent look and feel? It is all too easy for fraudsters to access your logo or even to purchase a “phishing kit” online in order to mimic your brand. Unwitting consumers make a selection decision in an average of three seconds.
If you said the center account was the real deal, you are correct. Key indicators to look for include:
- The blue “verified” checkmark
- The numbers of followers and accounts being followed is low on the fake accounts
These can be some quick “tells” between a legitimate account and a fake account. Other fraud tactics could include fake mobile apps or LinkedIn profiles that can lead to job scams to coerce personal data out of unsuspecting consumers.
Do you have a comprehensive cybersecurity strategy?
A comprehensive cybersecurity strategy means having a line of sight into the attack surface customers are interacting with. The FIS Business Risk Intelligence Platform proactively identifies threats and risks with real-time collection across the digital landscape and is driven by machine intelligence with customizable analysis.
You can protect your customer engagement with early visibility into indicators of attacks being planned using remediation and takedowns that hide, block, delete and remove malicious content.