Thousands of employees could be falling victim to obvious phishing scams every month

Bankers need to be aware of phishing attacks, report warns

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

New research has claimed a concerning amount of banking employees click on a phishing link each month, making it one of the most common threats in the sector.

A report from Netskope found three in every 1,000 employees would fall victim to such scams, so of the estimated 362,000 banking employees in the UK in 2023, this equates to more than 1,000 workers clicking a dodgy link sent to them.

According to the report, hackers are getting a lot of their success from designing phishing pages to mimic the target bank’s website, stealing bank account information and login credentials to commit fraud.

Phishing is rife in banking

Netskope identified Downloader.SLoad (Starslord), Infostealer.AgentTesla, Trojan.FakeUpdater, Trojan.Parrottds and Trojan.Valyria as the most recently usedmalwarefamilies to be aware of, highlighting that Russian criminal groups are the most likely to target this industry.

Despite the serious threat of phishing attacks, banks were found to be more hesitant about adopting new technologies than other industries, with 87% of banks using generative AI compared with the cross-industry average of 97%. More than half of banks also use Data Loss Prevention measures to manage data going into GenAI apps.

“[Banks] are more aggressive at blocking apps without a legitimate business purpose and using DLP to control what can be sent to allowed apps,” commented Netskope Threat Labs Director, Ray Canzanese.

The company’s advice to banks, as well as all other industries, is to inspect all HTTP and HTTPS downloads to prevent malware from infiltrating a network. Companies should also ensure that high-risk file types are thoroughly inspected with status and dynamic analysis.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Other basic internet hygiene practices can be adopted by workers, such as questioning the authenticity of any emails they receive and taking part in training campaigns. Boosted protection, like the use of multi-factorauthenticationand passkeys, can also help to prevent unwarranted access to accounts.

You might also like

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

WatchGuard Firebox M390 review