SBN

Email Security for Financial Services: What You Need To Know

Finance email security continues to be a hot topic for banks, brokerage firms, financial advisors, and consumers alike. Scammers target the financial sector more than other industries due to weak security measures that give them easier access to funds and sensitive information.

Fraudsters are intercepting and redirecting funds via Business Email Compromise (BEC) and Email Account Compromise (EAC) attacks to the tune of **$1.8 billion** in 2020 alone, according to the [FBI’s 2020 Internet Crime Report.](https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf) In addition, BEC attack losses are at an astronomical **64 times larger than ransomware**.

Today we take a closer look into email security for financial services: What you need to know so you can protect your business, employees, and customers.

[Read how a brand impersonation attack hoodwinked Charles Schwab customers.](https://www.armorblox.com/blog/blox-tales-charles-schwab-brand-impersonation)

## **Common Email Attacks Targeting Financial Businesses**

Under the EAC umbrella, a few types of email fraud attacks tend to get past Microsoft, Google, and Secure Email Gateway (SEG) security controls to target financial businesses.

### **Wire/payment fraud**

Scammers send emails that contain requests for inflated, duplicate, or [fake invoices](https://www.armorblox.com/blog/stop-invoice-fraud-before-it-stops-you). Once an employee responds to a wire or payment fraud attack, it confirms to the scammer how vulnerable the company is to tampering; unfortunately, further encouraging them to ramp up efforts.

### **Email impersonation**

Scammers impersonate trusted entities, tempting targeted employees to purchase gift cards (e.g., Amazon, iTunes, etc.) as well as manipulating them into divulging login credentials and sensitive information that puts the company at risk.

### **Payroll fraud**

Payroll fraud happens when an attacker emails an organization’s payroll, finance, or human resources department. The email is designed to mimic being sent from a legitimate employee, claiming that they’ve updated their direct deposit information and that an immediate change is needed.

### **Vendor fraud**

Scammers compromise third-party accounts (vendors and end clients) in efforts to steal money and sensitive data. Using the reputation of the vendor or end clients, coupled with social engineering tactics, scammers reach vulnerable people within your organization in an effort to exfiltrate sensitive data.

[Read how an email campaign impersonated a Wells Fargo locked account workflow to steal victims’ banking credentials.](https://www.armorblox.com/blog/blox-tales-wells-fargo-credential-phishing)

## **Why Financial Services’ Email Security Challenges Are So Unique**

Financial services organizations deal with some unique email security challenges more often than many other industries, including:

* Short-staffed IT and security teams
* Client email compromise and credential phishing
* Financial email workflows

### **Short-staffed IT and security teams**

Financial services security teams are often short-staffed and lack the resources and time to respond to sophisticated or high-volume email threats. When threats aren’t sufficiently monitored, it’s only a matter of time before fraudulent emails (that may have sailed through native security measures) find their intended targets.

### **Client email compromise and credential phishing**

Scammers often commit wire fraud from compromised client email accounts, bypassing the human layer and traditional security controls. In addition, many [credential phishing](https://www.armorblox.com/blog/how-to-spot-and-prevent-credential-phishing/) attacks attempt to extract victims’ financial logins to perpetrate additional data breaches.

### **Financial email workflows**

Whether invoicing, bank notifications, or communicating with financial advisors, a lot of money travels in emails between financial institutions and their clients. You can’t afford not to protect yourself and your customers from these serious financial threats.

[Read why Fidelity Institutional partnered with Armorblox to protect their investment professionals, offices, and clients.](https://www.armorblox.com/blog/fidelity-institutional-announcement)

## **What You Can Do To Protect Your Company**

* Enable MFA
* Encourage skepticism
* Supplement native security measures

### **Enable MFA**

Enabling MFA (multi-factor authentication) on your workflows can significantly reduce compromised accounts used for EAC and BEC attacks. In addition, be sure that high-risk employees, such as C-level executives, human resources, and employees who initiate payments have MFA enabled.

### **Encourage skepticism**

Train employees to look for signs that they may be targets of an EAC or BEC scam:

* Be suspicious of new or unusual purchase requests.
* Confirm emails from employees requesting new or revised direct deposit orders.
* Authenticate vendors sharing new banking details for invoice payments.
* Be wary of requests that circumvent normal communication channels.
* Pay attention to wire transfers or other financial requests with urgent deadlines.
* Don’t be afraid to speak up if something looks phishy.

### **Supplement native security measures**

Google and Office 365 have improved their native security offerings, providing better anti-spam and anti-malware protection. However, built-in security should form the foundation – not the entirety – of your email security stack.

Make sure you understand the protections you have—and those you don’t. Investing in an [email security platform](https://www.armorblox.com/) designed to protect you from sophisticated email threats keeps your assets safe.

## **Ensure Financial Email Security With Armorblox**

In the financial services industry, you must follow specific security measures to adhere to financial compliance requirements. Therefore, it’s vital that you acquire a complete email security solution to protect yourself from today’s pervasive cyberthreats.

Armorblox helps brokerage firms and financial advisors communicate more securely over email using the power of Natural Language Understanding (NLU). Armorblox connects over APIs to understand the context and content of email communications, improving email security and protecting your human layer from compromise.

Financial services firms use Armorblox to stop BEC, wire fraud, targeted email attacks, protect sensitive PII and PCI, and save your IT staff valuable time by automating the remediation of user-reported email threats.

**For more cybersecurity tips and industry trends, join the Armorblox mailing list below.**