Banking faces a wave of cyber threats like never before. Potential cyber attacks are always on the horizon for banks and financial institutions, promising to compromise anything from individual accounts to entire networks, potentially affecting thousands of customers and causing heaps of damage and recovery efforts.
Understanding the common types of cybercrime in the banking sector is crucial for both financial institutions and their customers.
In this blog, we’ll dive into common examples of cybercrime in banking organizations. By knowing what to look for, banks can fortify their cybersecurity defenses, and customers can protect themselves from becoming victims.
Most common types of cybercrime targeting banks
Phishing and social engineering attacks
Phishing is still one of the most common and successful types of financial cybercrime techniques. Cybercriminals use emails, text messages, or phone calls that appear to come from legitimate banks to convince victims to reveal sensitive information. The foundation of phishing and social engineering is taking advantage of victims’ trust.
Worse, these attacks are becoming harder to spot. Mostly gone are the days of phishing emails full of glaringly obvious spelling errors, wonky-looking images, and generic greetings. Modern phishing emails include things like personal details swiped from data breaches, references to recent transactions, official bank logos, or urgent scenarios requiring immediate action, to make them seem authentic.
Social engineering extends beyond cookie-cutter phishing emails. Cybercriminals research their targets by collecting information from social media profiles, corporate websites, and public records. This open-source intelligence (OSINT) is used to build trust with bank employees or customers before making fraudulent requests.
Here’s an example of how it goes down:
Cybercriminals call bank customers, claiming to be from the fraud department investigating suspicious activity
They already know enough of the victims’ personal information to sound legitimate, so they ask for additional details "to verify the account"
This information is later used to access the victim's banking accounts
ATM and card skimming
ATM skimming is a major hassle, targeting the nexus where customers interact with banking systems. Cybercriminals install small devices on ATMs that read and store credit card information when customers swipe or insert their cards. These skimmers are usually impossible to spot, designed to blend seamlessly with the ATM's existing hardware.
Card skimming targets locations where credit cards are accepted: ATMs, point-of-sale terminals, gas stations, retail locations, and other payment processing locations. The stolen data is then used to create counterfeit cards or make unauthorized online purchases.
Skimmers, like any other type of cyber threat, are getting more complex. Some skimmers have tiny cameras positioned to record PIN entries, while others use Bluetooth technology to transmit stolen data. Shimming is another technique that steals card information directly from payment card terminals by putting a thin device into the card slot. This helps cybercriminals clone cards and make fraudulent transactions.
Banks shut down skimming with EMV chip technology, advanced monitoring systems, and regular ATM inspections. But cybercriminals are constantly adapting to outpace their targets and creating new ways to evade banking improvements.
Ransomware attacks
Ransomware attacks against banks are one of the most disruptive cybercrime threats. They extend beyond immediate financial losses, potentially shutting down banking operations for days or weeks.
Banking organizations are attractive ransomware targets because they rely on continuous operations, have access to sensitive data, and have a lot of money. A successful attack can prevent customers from accessing accounts, processing transactions, or using online banking services. This operational disruption puts pressure on banks to pay ransoms quickly to restore services.
Modern ransomware attacks often involve double extortion tactics. Criminals encrypt systems and steal sensitive data before deploying ransomware. They then threaten to release customer financial information, regulatory documents, or proprietary banking data unless additional payments are made.
The sophistication level of ransomware operations has gone up dramatically. Many groups operate like legitimate businesses, offering customer support for their ransomware products and even offering decryption keys promptly upon payment. Some groups specifically target banks, developing specialized tools designed to hack banking security systems.
Mobile banking malware
The growth of mobile banking has created new opportunities for cybercriminals to develop specialized malware targeting smartphones and tablets. Mobile banking malware often disguises itself as legitimate banking apps, tricking users into downloading malware that can steal login credentials and financial information.
These malicious apps look similar to official bank applications, with similar logos, interfaces, and functionality. Once installed, they intercept text messages containing authentication codes, steal login credentials, and perform unauthorized transactions while appearing legit.
Banking trojans are another category of mobile malware that infects devices and monitors victims’ banking activity. They overlay fake login screens on legitimate banking apps, capturing account credentials. They also intercept SMS messages with transaction confirmations or security codes.
Some mobile malware specifically targets two-factor authentication systems used by banks. By accessing text messages or authentication apps, criminals can bypass security measures designed to protect customer accounts. This lets them make unauthorized transactions even when banks have intentionally added more security layers to prevent it.
Online banking fraud
Online banking fraud uses various schemes to compromise web-based banking systems and customer accounts. These attacks combine technical tactics with social engineering to gain unauthorized access to banking platforms.
Account takeovers are a major threat to online banking security. Criminals use stolen credentials, often obtained through data breaches or phishing campaigns, to access customer accounts.
Adversary-in-the-Middle (AitM) attacks target the communication between customers and banking websites. Criminals position themselves between the victim and the bank's servers, intercepting data transmitted during online banking sessions. This helps them capture login credentials or change transaction details.
Session hijacking exploits vulnerabilities in web browsers or banking applications. It lets attackers take control of active online banking sessions to run transactions, change account settings, or steal sensitive financial information. These attacks are dangerous because they happen during legitimate banking sessions.
Wire transfer fraud
Wire transfer fraud helps attackers steal large sums of money quickly. These attacks target business and corporate banking accounts, where wire transfers are common and transactions involve big dollar amounts.
Business email compromise (BEC) targets companies that regularly send wire transfers. Cybercriminals hack or impersonate employee email accounts to trick victims into making fraudulent wire transfers and sending the stolen money to accounts they control. These scams often target accounting departments that are used to handling these sorts of requests and transactions.
Embed BEC video (Check with Kate if available on YT)
Understand Business Email Compromise: Tradecraft Tuesday
Some wire transfer fraud schemes involve compromising banking systems directly to initiate unauthorized transfers. Criminals gain access to bank employee systems or exploit vulnerabilities in wire transfer processing software. These attacks require significant technical sophistication but can result in massive financial losses.
International wire transfers are tricky because they cross multiple banking systems and jurisdictions. Cybercriminals use different regulations in different countries to their advantage, as well as laundering techniques like money mules, making it tough for victims to recoup stolen funds.
Insider threats
Insider threats come from employees, contractors, or other individuals with legitimate access to banking systems. They’re risky and tough to detect because insiders already have authorized access to sensitive systems and data.
Malicious insiders in banking do things like steal customer information, manipulate account balances, or coordinate cyberattacks by providing access to credentials or system information. Their legitimate access makes their malicious activities seem normal within banking systems.
Compromised or coerced bank employees are blackmailed or offered financial perks in exchange for help with cybercriminals’ fraud schemes. These situations are also hard to spot and prevent.
Negligent insiders are equally risky to banking security. Employees who don’t follow security procedures, use weak passwords, or accidentally expose sensitive information create vulnerabilities that criminals exploit. While not malicious, these actions have serious consequences for banking security.
Strengthening defenses against financial cybercrime
Understanding these common types of cybercrime impacting banks is the first step in building stronger defenses. Banking organizations stay secure with enterprise-grade cybersecurity that tackles both technical vulnerabilities and human factors:
Stay in the loop, be sharp, and remember that when it comes to cybersecurity, we all have a part in keeping our banking systems safe.
Protect What Matters
