The Lowdown on Financial Cybercrime

This contributed post is for informational purposes only. Please consult a business, financial and legal professional before making any decisions. We may earn money or products from the affiliate links in this post.

Since the beginning of the pandemic, nearly 74% of banks and insurers have reported a steep rise in cybercrime. This is also mirrored in financial institutions where attack rates have gone up by 29%. Nearly 42% of financial institutions have reported that the nearly overnight shift to the remote working model due to COVID-19 has made them significantly less secure. The situation has not been improved by the fact that IT security, cybercrime, fraud or risk department budgets have been cut by nearly 26% in the past 12 months. Managed Security Services can help your organization accurately assess and manage financial cybercrime risks.

The picture has been eerily similar for the consumers of financial products and solutions. 38% of consumers have been a victim of cyber-crime or online fraud in the past 12 months at least once, with 24% twice, 15% three times. Privacy concerns are also at an all-time high with 84% of consumers saying they are concerned about sharing their digital identity and personal information. As recently as May 2020, EasyJet (ESYJY) announced that hackers stole personal data on 9 million customers, including the credit card details of more than 2,000 people. Cyber criminals did not refrain from exploiting the uncertainties and confusion presented by the pandemic situation and 28% of surveyed respondents in a recent study indicated having received or responded to an email hoax relating to COVID-19 and 22% received a text / SMS hoax. In this article we will focus on understanding cybercrime in finance with recent examples. For a comprehensive assessment of the risk profile of your organization, please refer to IT consulting services

What is cybercrime in finance?

Any type of criminal activity intended for financial or other gains using illicit methods in financial tools and services can be referred to as cybercrime in finance. There are various types of cybercrimes in finance including the increasingly popular identity fraud, ransomware attacks, email and internet fraud, extortion, and the cumulative types of financial account, credit card, or other payment card information theft. Banks and financial institutions are a lucrative target for cyber criminals since these act as the repositories of a large proportion of all financial value created by individuals and enterprises alike. A single hack is capable of compromising the entire life savings and bank account of thousands of individuals and even more damage. Financial cybercrimes vary in scope widely with a lot of them targeted only at individuals (such as someone falling for phishing emails designed to steal their bank credentials, credit card skimming or digital wallet compromise), while others target multitudes or corporations/ organizations. 

How to address financial crimes – Three models for dealing with financial crime

Collaborative model

This is the most popular model used by most banks to design their independent frameworks in domains such as financial crime, fraud, and cybersecurity. The collaborative model helps banks establish streamlined processes for the maintenance of independent roles, responsibilities, and reporting. It also helps them to implement effective analytics for transaction monitoring, fraud, and breaches. The model has been in use long enough that regulators are comfortable with it, but fails to represent a holistic view of financial-crime risk due to lack of transparency. The collaborative motel also lags in driving benefits of scale as it does not offer extensive functional integration. It typically uses small, discrete units that often result in coverage gaps or overlaps among different groups in the same organization.

Partially integrated model for cybersecurity and fraud

In this model, cybersecurity and fraud parameters are at least partially integrated. Many financial institutions are increasingly working towards adopting this model. The benefit presented by this model lies in utilizing a consistent framework and taxonomy by all units in the organization even as they retain their functional independence. As this model implements mutually accepted rules and responsibilities, it helps organizations develop a consistent architecture for risk prevention and assessment. This enables significant consistency in threat monitoring and detection while also lowering gaps and overlap. However, this model continues to lag in transparency as individual units maintain separate reporting and there are no benefits of scale. However, this model is highly consistent with most existing organizational structures and causes minimal disruption to current operations. 

Unified model

The unified model represents a fully integrated approach with financial crimes, fraud, and cybersecurity framework unified into a single one. This enables banks to make use of common assets and systems for effective risk management across the length and breath of the enterprise. With risk convergence, the unified model enables 360-degree transparency on threats and enables a deeper understanding of underlying risk factors. This also enables organizations to accrue benefits of scale across key positions. However, implementing this model requires a pretty seismic shift in organizational operations that requires regulators to re-familiarize themselves with the architecture. 

7 Most Recent Cyber Incidents Involving Financial Institutions

Some financial cybercrime attacks that have stood out in the recent past:

  • US Insurance Firm CNA Hit 

On March 21, 2021, CNA Financial was hit with a ransomware attack. This resulted in complete disruption of employee and customer services for three days. The company had to bring in third-party forensic experts and alert law enforcement.

  • FTC Warning about New Phishing Email Scam

On March 17, 2021, the Federal Trade Commission (FTC) warned people of the e-mail scam involving COVID-19 stimulus payments. The emails were designed to look as if they were coming from acting FTC Chairwoman Rebecca Slaughter.

  • FBI Announces Cybercrime Losses amounting to $4 billion 

The FBI Internet Crime Report 2020 released on March 17, 2021 put the total of losses due to cybercrime and internet fraud at a staggering $4.2 billion. The FBI’s Internet Crime Complaint Center said it lodged an average of more than 2,000 complaints each day throughout 2020. IT Outsourcing Services can help you mitigate and manage risk exposure to cybercrimes.

  • FIN8 Releases New Variant of BADHATCH kit

Bitdefender announced the comeback of threat actor FIN 8 in 2020 along with its point-of-sale malware, BadHatch on March 10, 2021. FIN8 has successfully leveraged new versions of BadHatch backdoor to gain illicit entry into company networks across industry verticals in the United States, Canada, South Africa, Panama, and Italy.

  • FINRA Sends Scam Alert to Brokerage Industry

The Financial Industry Regulatory Authority (FINRA) alerted brokerage firms of an ongoing phishing campaign on March 04, 2021. These emails notified recipients of an apparent non-compliance issue and urged them to open a malicious link or document.

  • Wall Street Targeted in New Capital Call Fraud Scheme

The Capital Call Investment scams announced on March 3, 2021, involved swindling substantial sums from Wall Street firms and their clients. The scammers impersonated members from investment firms for investment commitments.

  • Ploutus Variant Targets ATMs in Latin America

A cybersecurity firm on March 02, 2021 reported a new variant of the malware Ploutus. The malware targeted ageing Itautec ATM devices. Ploutus-I malware directly communicated with XFS to dupe the ATMs to dispense cash in large amounts.

About the author Nora:

Nora Erspamer is the Director of Digital Marketing at New Charter Technologies, a group of companies specializing in 24/7 IT support services. She is an experienced marketer and sales strategist with a demonstrated history of working in various technology industries. Skilled in strategic campaign development, lead generation, and marketing automation software. Her blog can be found at https://newchartertech.com/blog/.