Banks Vulnerable To Cyber Attacks And Email Spoofing

Recent studies have claimed that online banks risk exposing sensitive customer information to cyber criminals with a further 40% of mainstream banks failing to adopt the necessary protocols preventing customers from being inundated with email fraud attempts.

According to cyber security firm, Red Sift, a third of challenger banks and 8% of traditional banking institutions are failing to protect customers from email fraud by implementing DMARC which would protect their domains from being spoofed by cyber criminals.

Domain-based message authentication, reporting and conformance (DMARC) technology prevents cyber criminals from copying or spoofing an email domain. Failing to use this defence could mean that a cyber criminal is able to create a very similar looking email account and begin using social engineering methods to defraud innocent customers or even trick staff into parting with information and money.

What becomes more worrying is the fact that of the 67% of traditional banks that have implemented DMARC technology, 25% have failed to ensure it is configured to provide full protection. Only 25%, of the challenger banks that have incorporated DMARC, have initiated settings to reject all spoof emails, meaning some may still slip through the net, making customers unnecessarily vulnerable to attack.

Furthermore, according to a report from Positive Technologies concerning online banks, 77% had flaws in their two-factor authentication which allowed hackers to access the bank’s corporate network in some instances.

54% of the online banks that were considered by the security company failed to prevent fraudulent transactions and theft of funds from taking place.

Randal Pinto, COO at Red Sift, said:

“As challenger banks continue to disrupt the sector with digital banking service innovations, we wanted to assess the cyber security health of the whole sector to understand whether new entrants into the market were factoring in the likely threat impact as part of the product innovation process and if this was driving traditional providers to up their security game.

“However, the results are not encouraging. Only a quarter of challenger banks, and 67% of established banking institutions, have deployed the highest level of email fraud protection to prevent fake emails reaching customers’ inboxes.”

Leigh-Anne Galloway, Positive Technologies Cyber Security Resilience Lead, commented:

“Foregoing security measures in favour of customer convenience increases the risk of fraud,” Galloway said in the release. “If there’s no need to confirm a transaction with a one-time password, the attacker no longer requires access to the victim’s smartphone, and an old password increases the chances of it being brute forced. With no limit applied to it, a one-time password of four symbols can be cracked within two minutes.”

Email fraud is increasing and failing to use widely accessible technologies to secure customer and business data is a huge risk to a law firm’s reputation. Using DMARC could be a crucial defence in ensuring your clients are confident that the email communication with your firm is genuine.

Has your firm implemented an adequate defence against email fraud?