Proofpoint has released its Email Fraud in Financial Services Report, revealing a 60 percent year-over-year increase in imposter email attacks targeting financial services firms in Q4 2018. The global report, based on an analysis of more than 100 financial services companies in 2017 and 2018, underscores that cybercriminals continue to primarily target people, and not infrastructure, with advanced and highly targeted attacks.
2019 Threat report: Email Fraud in Financial Services
Email fraud, already one of today’s biggest cyber threats, shows no signs of letting up. That’s the sobering conclusion our latest research into this growing category of cyber attacks. Attackers are sending more fraudulent emails. They’re impersonating more people. And they’re targeting more recipients.
Email fraud is a broad category. It includes business email compromise (BEC), a type of wire fraud, and other threats in which the attacker uses some form of identity deception. According to the FBI, BEC alone has cost organizations around the globe a potential $12.5 billion since the end of 2013.1
Email fraud preys on human nature—fear, trust and the desire to please—to steal money and valuable information. These are highly targeted, socially engineered attacks that seek to exploit people rather than technology. They use a wide range of methods and tools. But they all involve impersonation tactics (such as spoofing) to pose as trusted colleagues and business partners.
Email fraud affects organizations of every size, across every industry, and in every country around the world. The financial services industry, for obvious reasons, is an especially attractive target.
Every day, Proofpoint analyzes more than 5 billion email messages, hundreds of millions of social media posts and more than 250 million malware samples to protect organizations around the world from advanced threats. That gives us a unique vantage point from which to identify, analyze and reveal the tactics, tools and targets of today’s cyber attacks.
For this study, we anlyzed a subset of more than 160 billion emails sent across 150 countries in 2017 and 2018. We focused on email fraud attacks targeting more than 100 financial services organizations.
This report is designed to serve as actionable intelligence. Our goal is to help you better combat today’s attacks, anticipate emerging threats, and manage your security posture. Along with our findings, we recommend steps you can take to protect your people, data and brand.