Email Fraud Aimed at Financial Organizations Is On the Rise

Quarterly Impostor Email Attacks Aimed at Financial Services Organizations Increased More than 60% Year-Over-Year

April 29, 2019
Ryan Terry

Today, cybercriminals are looking to exploit the people within organizations, rather than technology, to steal money and valuable information.  Impostor email, including business email compromise (BEC) and other email spoofing threats, is costing organizations billions of dollars worldwide.  And the financial services industry is no exception.

These attacks are socially engineered to target specific people within financial services organizations who can execute requests on the attacker’s behalf.  To increase the believability of the scam, cybercriminals use various tactics to spoof trusted identities and even send email attacks during specific business hours.

Impostor email is a growing problem.  For financial services organizations specifically, fraudsters can target your employees, customers, and business partners with these advanced attacks.

To better understand how impostor email is impacting financial services organizations around the world, Proofpoint analyzed email fraud attacks targeting more than 100 financial services companies in both 2017 and 2018.  Here are some of our findings: 

How Email Fraud is Impacting Financial Services Organizations

Impostor Attacks per Targeted Financial Services Organization

Financial services organizations were targeted 60% more frequently in Q4 2018 that in Q4 2017.  While the problem continues to grow, impostor email remains a highly-targeted attack vector.

Within targeted financial services organizations, 56% saw more than 5 employees targeted by impostor attacks in Q4 2018.  Just 17% of targeted financial services organizations had only one person targeted in the same quarter.

Identity Deception Tactics

Fraudsters can use multiple identity deception tactics to launch an email scam.  These include domain spoofing, display name spoofing, and lookalike domains.

Domain spoofing is a common identity deception tactic and is used to send malicious emails from an organization’s own trusted domain.  In Q4 2018, 69% of financial services firms were targeted by at least one impostor email attack impersonating their own domain.  Furthermore, 97% of financial services organizations had their domain spoofed to target customers and business partners.

Ratio of Email Sent from Financial Services Organizations

Figure 1*Reflects external email, e.g. email trans versing the internet only; does not include email that travels within the organization.

Overall, 39% of email sent from financial services domains in Q4 2018 appeared suspicious or were categorized as unverified.  The percentage was even higher for email sent to the organization’s employees, at 68%.  About 36% of email sent to customers from financial services-owned domains was unverified.  The same was true of 19% of email sent to business partners.

The good news is that you can prevent domain spoofing attacks by fully implementing email authentication (DMARC).  With DMARC authentication you can ensure that all email sent from your trusted domains is verified and legitimate.  In a study of 119 financial services organizations’ primary domains, 64% had published a DMARC policy.  28% of these organizations have implemented a ‘reject’ policy, the most effective way to protect domains against impostor email.

ImpostorEmail Attacks Against Financial Services Companies by Time of DayImpostor Email Attacks Against Financial Services Companies by Day of the Week

When Fraudsters Are Targeting Employees

Most impostor email attacks targeting financial services companies are sent on weekdays between 7 a.m. and 1 p.m. in their target’s local time zone.  This stands to reason as impostor attacks are socially engineered to be believable.  A business partner, for example, is less likely to make a payment request after work hours or during a weekend.

How Financial Services Companies Can Protect Employees, Customers, and Business Partners

Impostor email is a multi-faceted problem – including multiple stakeholders and identity deception tactics.  You need a 360-degree solution.  Protect your organization with visibility across all targets and controls against all fraud tactics, including domains spoofing, display name spoofing, and lookalike domains.

To learn more about how email fraud is impacting the financial services industry, read the full report: https://www.proofpoint.com/us/resources/threat-reports/email-fraud-in-financial-services

Click here to learn about how Proofpoint EFD360 can help you stop impostor email.