Cultivating Cyber Secure Behaviour in Finance
However, the digitisation and automation of the finance sector has inadvertently created novel ways for attackers to conduct their fraudulent activity , whether that be against the individual and/or the bank itself. As a result, the weaponisation of technological changes has become a lucrative endeavour for cyber criminals, demonstrated by the fact that in the first half of 2023 alone, fraudsters stole over half a billion pounds (£580m; UK Finance, 2023).
Fraud often, if not always, involves an element of manipulation; convincing a person to do something against their best interest. As such, successful attacks not only have financial implications, but also often result in psychological harm, trauma, and aversions to technology, that have significant ongoing impacts on the personal life of victims (Button et al., 2014).
Mechanisms for Fraud and Manipulation
Broadly, fraudulent online and banking activity falls under two categories:
This is convincing (manipulating) someone to authorise a payment or make a payment that’s against their best interests. These forms of fraud involve a high level of psychological, emotional manipulation. The victim is being targeted directly such that they feel comfortable enough to send money to a fraudulent destination. This includes scams such as:
Purchase Scams
Convincing someone to pay for goods or services that never materialise.
Romance Scams
The manipulation of others to make them believe they are in a relationship, before extorting them.
Impersonation
Pretending to be someone else (e.g. friend or relative), to manipulate the victim into transferring money.
Fraudsters will utilise credentials they should not have (i.e. bank accounts and cards) to conduct fraudulent activities directly. Attackers will often manipulate credentials from the victim to make the purchase or transfer themselves or may even use such credentials to convince the bank to make an unauthorised payment. This tends to take two forms:
Card Present Purchases
The use of a counterfeit, lost or stolen card, or intercept a card that is being sent out by the bank, to make fraudulent purchases.
Card Not Present (Remote Purchase):
Using leaked card and bank details from data breaches, phishing emails, malware or card skimming to make purchases.
How Does Republic Help Prevent This Fraud?
- Responding to a suspicious (behavioural exploit)
- phishing message or email, vishing call or smishing text.
- Connecting freely with unvalidated connections.
- Not challenging strangers or doing so unconstructively.
- Failing to report.
- Ignoring incident cues, like spotting red flags on websites.
- Undertaking risky online behaviours.
- Not preventing eavesdropping and shoulder surfing.
- Working in public.
- Poor password hygiene.
Republic Free Trial
Improve cybersecurity behaviours and reduce cyber risk across your organisation. Republic delivers real-time insights and targeted interventions to strengthen security culture and keep your team protected.
Pricing: £199 per month for organisations with under 100 users.
For organisations over 100, please contact the sales team using the form below.
