What is a Spoofing Attack? How Financial Institutions are Being Targeted
You’ve most likely seen messages or heard of well-known financial institutions, like Bank of America, SunTrust, and JPMorgan Chase, falling victim to cybercriminal impersonations to steal funds, credentials, identities, and more. Yet, the problem is not isolated to large financial institutions. We’re seeing an increase in small regional banks and credit unions as the target of brand impersonation or website spoofing.
It is easy to think these financial institutions are small and, therefore, not a prime target. Instead, they are the perfect target for cybercriminals for financial gain. Smaller companies, like these banks and credit unions, tend to have smaller cybersecurity budgets which can lead to gaps in their security posture. For financial institutions to protect themselves, it’s important to understand how customers are targeted and what they can do about it.
What is Spoofing?
A popular way cybercriminals target smaller financial institutions is through spoofing. Spoofing is a scam where cybercriminals impersonate a company with a fake email address, display name, text message, or website URL to convince a target that they are a trusted, well-known source from the company. It can be as simple as changing one letter, symbol, or number in a communication that is difficult to spot. The benefit of spoofing for cybercriminals is that customers will likely disclose financial and personal information, download malware, wire funds, and more. To better defend against these attacks, it is important to understand how customers are targeted.
Here are several types of spoofing attacks:
- Email Spoofing: This technique is one of the most common types where cybercriminals send an email posing as a trusted source. They usually ask for an urgent request or attempt to lure the target to click a malicious link or attachment.
- IP Spoofing: Cybercriminals alter IP addresses to hide their identity or impersonate a user. This technique is typically used to flood a target’s website with traffic to limit access for real users.
- Domain or Website Spoofing: These attacks aim to lure users into logging into their accounts on the fake website or exposing other personal information about themselves. The cybercriminals then can use the stolen credentials to log into the actual account on the real website.
- Caller ID Spoofing: Similar to email spoofing, caller ID alters the phone number to show up as someone familiar to the target they are calling. For example, they can pose as a customer service representative from their bank and attempt to gather personal information like their banking credentials, social security number, etc.
- Text Message Spoofing: This technique targets a person via text message posing as a trusted source like their bank or a friend. They substitute the sender ID with a recognizable source and use the text message as a springboard for data theft, spear phishing, and scams.
- GPS Spoofing: The act of altering a device’s GPS, so it registers within a different location. This technique can redirect navigation systems in any type of vehicle, including commercial airplanes, public buses, or passenger cars.
- Facial Spoofing: This relatively new type of spoofing allows cybercriminals to exploit vulnerabilities within technology requiring facial recognition to unlock a device or app.
The reality is that financial institution customers are being targeted, as well as employees. Implementing a Proactive Security Awareness Program aims to empower users with skills to identify and report suspicious activity, including emails, texts, or website links. People are the first line of defense for any organization, and when they are equipped with cybersecurity awareness, it will only propel their security posture.
Domain Spoofing for Financial Institutions
Cybercriminals are still targeting financial institutions’ IT environments and are going after their customers by making fraudulent copies of websites and setting up domains that look close to the original institution. Customers are targeted mainly because they are likely to fall victim, and it is an easier tactic for cybercriminals. They drive traffic to the dupe website by targeting the customers of that financial institution via phishing emails, text messages, or social media.
Cybercriminals will even invest in paid advertisements to display their fake websites at the top of search results to appear as legitimate companies. Once a customer is tricked into visiting a fraudulent website, they will be prompted to log in with their username and password.
For example, Adlumin’s Threat Research Team recently saw an incident where a small regional bank based in southeast Texas was the victim of domain spoofing. The cybercriminal created a dupe website of that regional bank and lured customers to it via social media. They reached out to customers letting them know that they won a prize in hopes that they to click on the link and fill out their information.
Threat Intelligence for Financial Institutions
Implementing a comprehensive security operations platform with threat intelligence from a team monitoring attacker trends and tactics can help with spoofing. Threat intelligence enables organizations to stay one step ahead of malicious actors by providing the latest spoofing trends and techniques.
With a threat intelligence team, they hunt for abnormal activity indicating network compromise. They can also assist with remediating spoofing attacks by identifying the fraudulent domains and working with web host providers to remove the websites to minimize the damage.
In addition, they can help you understand who your adversary is to defend against threats better coming your way. This solution can help elevate strains on internal teams and proactively extend security surveillance.
Preparation is Key: Incident Response Plan
The cybersecurity landscape has evolved, and smaller financial institutions that thought their small size would bypass being a target now face the same security challenges as more prominent institutes. IBM recently reported that in 2022, the financial industry spent an average of $5.72 million on responding to and recovering from a breach. As you can imagine, these high costs put a lot of financial strain on banks and credit unions.
One way to prepare for these threats against your financial institute is to develop and practice your incident response plan. Conducting tabletop exercises clarifies the roles and responsibilities of your incident response team. Knowing who makes decisions is vital during a cyber crisis. Here are a few tips for what to plan for before an incident occurs:
- Create a written plan and review it with an attorney. As a financial institution protecting significant amounts of assets, you are a target and must plan for when an attack occurs, not the if.
- Develop an incident stakeholder and staffing plan.
- Review plans quarterly.
- Prepare press release templates in advance.
- Assign roles and responsibilities to team members.
- Conduct simulation exercises and test your defenses.
- Take the learnings from the exercise to strengthen your cybersecurity efforts.
Although it is important to have a response plan, it is even more vital to position yourself ahead of cybercriminals with full visibility into your environment, understand your risks, and implement changes to improve your security program.