Phishing Banks: Tactics and Implications

Over the past two decades, it’s become increasingly difficult to find vulnerabilities in software that can be effectively leveraged to create exploits that penetrate the networks of financial institutions. Meanwhile, in large part because of the ubiquity of computing and the widespread use of email, it’s become easier to exploit people with access to some of the most sensitive information inside FIs.

In part, that is because of our broad inability to digitally discern between the people we interact with and the services we rely on and impersonators. Online, it’s hard to flag content that’s meant to dupe executives and directors out of their company’s most sensitive details. That leaves FIs looking to shift their liability and have underwriters insure their risks. This report examines the concerns and attitudes of financial institutions regarding this crime of virtual deceit.  It also highlights and explores the solutions that FIs believe are most helpful in the fight against phishing.

Key questions discussed in this report: 

• What are the chief concerns of compromise among FIs whose security teams are most worried about phishing? 
• What security tools do FIs find most effective in the fight against phishing?
• How effective do security professionals inside those FIs find those tools?
• What authentication methods are FIs deploying to remote employees and workers? 

Companies Mentioned: Agari, Area 1 Security, Cofense (formerly Phishme), Dell (Data Guardian), Duo Security, (Recently Acquired by Cisco), Entrust Datacard, Ionic Security, Ironscales, Pindrop, PreVeil, Proofpoint, Vera

Javelin conducted a series of interviews involving industry and vendor executives, attorneys and other relevant stakeholders to gain an understanding of the topic. Interviewees represented a variety of organizations. 

Data in this report is based on information collected in a random-sample panel of 800 information technology security decision-makers, 200 of whom work in financial services. For questions answered by all 800 survey respondents, the maximum margin of sampling error is ±3.46 percentage points at the 95% confidence level. For questions answered by all 200 financial services respondents, the maximum margin of sampling error is ±6.93 percentage points at the 95% confidence level. The maximum margin of sampling error is higher for questions answered by segments of respondents.