Email Fraud Aimed at Financial Organizations Is On the Rise

Quarterly Impostor Email Attacks Aimed at Financial Services Organisations Increased More than 60% Year-Over-Year

Share with your network!

Today, cybercriminals are looking to exploit the people within organisations, rather than technology, to steal money and valuable information.  Impostor email, including business email compromise (BEC) and other email spoofing threats, is costing organisations billions of dollars worldwide.  And the financial services industry is no exception.

These attacks are socially engineered to target specific people within financial services organisations who can execute requests on the attacker’s behalf.  To increase the believability of the scam, cybercriminals use various tactics to spoof trusted identities and even send email attacks during specific business hours.

Impostor email is a growing problem.  For financial services organisations specifically, fraudsters can target your employees, customers, and business partners with these advanced attacks.

To better understand how impostor email is impacting financial services organisations around the world, Proofpoint analysed email fraud attacks targeting more than 100 financial services companies in both 2017 and 2018.  Here are some of our findings: 

How Email Fraud is Impacting Financial Services Organisations

Impostor Attacks per Targeted Financial Services Organization

Financial services organisations were targeted 60% more frequently in Q4 2018 that in Q4 2017.  While the problem continues to grow, impostor email remains a highly-targeted attack vector.

Within targeted financial services organisations, 56% saw more than 5 employees targeted by impostor attacks in Q4 2018.  Just 17% of targeted financial services organisations had only one person targeted in the same quarter.

Identity Deception Tactics

Fraudsters can use multiple identity deception tactics to launch an email scam.  These include domain spoofing, display name spoofing, and lookalike domains.

Domain spoofing is a common identity deception tactic and is used to send malicious emails from an organisation’s own trusted domain.  In Q4 2018, 69% of financial services firms were targeted by at least one impostor email attack impersonating their own domain.  Furthermore, 97% of financial services organisations had their domain spoofed to target customers and business partners.

Ratio of Email Sent from Financial Services Organizations

Figure 1*Reflects external email, e.g. email trans versing the internet only; does not include email that travels within the organisation.

Overall, 39% of email sent from financial services domains in Q4 2018 appeared suspicious or were categorised as unverified.  The percentage was even higher for email sent to the organisation’s employees, at 68%.  About 36% of email sent to customers from financial services-owned domains was unverified.  The same was true of 19% of email sent to business partners.

The good news is that you can prevent domain spoofing attacks by fully implementing email authentication (DMARC).  With DMARC authentication you can ensure that all email sent from your trusted domains is verified and legitimate.  In a study of 119 financial services organisations’ primary domains, 64% had published a DMARC policy.  28% of these organisations have implemented a ‘reject’ policy, the most effective way to protect domains against impostor email.

ImpostorEmail Attacks Against Financial Services Companies by Time of DayImpostor Email Attacks Against Financial Services Companies by Day of the Week

When Fraudsters Are Targeting Employees

Most impostor email attacks targeting financial services companies are sent on weekdays between 7 a.m. and 1 p.m. in their target’s local time zone.  This stands to reason as impostor attacks are socially engineered to be believable.  A business partner, for example, is less likely to make a payment request after work hours or during a weekend.

How Financial Services Companies Can Protect Employees, Customers, and Business Partners

Impostor email is a multi-faceted problem – including multiple stakeholders and identity deception tactics.  You need a 360-degree solution.  Protect your organisation with visibility across all targets and controls against all fraud tactics, including domains spoofing, display name spoofing, and lookalike domains.

To learn more about how email fraud is impacting the financial services industry, read the full report:

Click here to learn about how Proofpoint EFD360 can help you stop impostor email.