Cyber criminals are continually evolving and perfecting their techniques to infiltrate systems and gather data for their own financial gain. By understanding fraudsters’ preferred strategies of attack, community financial institutions (FIs) can be more proactive with their fraud prevention strategies.
In 2015, IBM Managed Security Services investigated numerous reported data breaches and determined the most popular attacks currently targeting the financial industry. The top three techniques fraudsters are using are:
1) Malicious attachments or links — 18.99 percent
These attacks are designed to fool victims into opening malicious documentation or clicking on hyperlinks linked to malicious websites. This fraud is carried out via a number of social engineering forums including:
- Watering holes — Cyber criminals compromise a legitimate website that infects site visitors with its malware.
- Drive-by downloads — Users are tempted to visit a malicious website which then installs a browser plug-in that performs an unseen download of malware. In many cases, the user has no knowledge that malware has been downloaded.
- Wrappers — Criminals may wrap malware into legitimate software to bypass security mechanisms. When the legitimate software runs, the wrapper program simultaneously installs malicious code.