Close Up Of Female Hands Holding Fallen Oak Leaf And Typing On Laptop Keyboard While Working Remotely Outdoors In Countryside With Sunbeams Falling Through Yellow Oak Trees On Beautiful Autumn Day
Close Up Of Female Hands Holding Fallen Oak Leaf And Typing On Laptop Keyboard While Working Remotely Outdoors In Countryside With Sunbeams Falling Through Yellow Oak Trees On Beautiful Autumn Day

Cyber Security Month: Being prepared all year round

October is Cyber Security Month and a chance to raise awareness about the potential threats from cybercrime people and companies face in an increasingly digital and interconnected world. Helena Wall, Head of Fraud Intelligence and Awareness within Fraud Management at Nordea, explains why it is critically important to stay alert against potential fraud attempts all year round and shares some tips to remember in order to reduce the chances of becoming a victim of digital fraud.

What are some of the highlights from the activities Nordea has been running or been a part of to raise awareness around cyber security and fraud in October?

Cyber security is obviously something banks and financial institutions are very focused on throughout the year but October gives us a good chance to highlight the theme proactively to both customers, employees and society in general.

Nordea has been very active and engaged during Cyber Security Month. We have arranged no less than 11 internal webinars touching on the topic from different angles to raise awareness amongst employees of the bank, regardless of the type of work that they do. Looking at cyber security and fraud from an internal perspective, we have focused on the key things employees need to think about such as how easy is it to click on the wrong thing or give out information by mistake or maybe in the worst case scenario, dragging a malicious file inside the bank without realising.

Nordea has also participated in, as well as hosted, local customer facing webinars in cooperation with other partners. In Sweden, for example, we held two live webinars together with the National Fraud prevention branch of the police. This time around we actually pushed invites to the fraud awareness seminars through the Nordea mobile banking app. That was quite a new thing for us and we had many people dialing in.

Our joint seminars with the police focused on how to prevent becoming a victim of cybercrime and what to do if this unfortunately happens to be the case. During the sessions, the police reminded participants that although for offline and other types of crimes, the first thing you should do is actually contact the police, if you suspect a cybercrime the first thing you should do is contact the bank because if you’re really quick, you might even have a chance to stop the crime before it develops. Then you can contact the police.

We also have other types of activities that are ongoing on a regular basis where we highlight the fraud risks. For instance, in the more general topic of how to become more digital, we would highlight a fraud awareness aspect to that as well.

210625 Helenawall 1024

Cyber security is obviously something banks and financial institutions are very focused on throughout the year but October gives us a good chance to highlight the theme proactively to both customers, employees and society in general.

Helena Wall, Head of Fraud Intelligence and Awareness within Fraud Management at Nordea

Why is this subject still one of the key points on the agenda for Nordea and the financial industry?

Unfortunately fraud and other types of cybercrime are here to stay. You never see it slowing down no matter the kind of resources that are used to combat it. In fact it’s a growing problem, not only for our customers and for financial institutions, but for society in a larger sense. These types of criminal activities are unfortunately the dark side of becoming more digital. No matter how strong or smart bank’s technical defences are, people are still people and can be tricked or mislead. Threat actors and fraudsters are agile, opportunistic and very good at finding new ways to exploit any vulnerability they find. They spend all of their time monitoring all sorts of different systems, thresholds and limits so they can adjust very quickly.

In the Nordic market, financial institutions like banks have solid security solutions in place, at least if we compare globally to other markets where you can enter your bank account simply with a username and password or create an account and prove who you are by showing an energy bill. Still, people are just people and can be fooled. Anyone can in fact become a victim under specific circumstances. This is why it is so important to continue to educate, to raise awareness and remind both company employees and customers on what to avoid and what to look out for. Repetition is key.

Cybercrime and fraud attempts are instigated by both local and internationally located threat actors. Currently we have a big problem in the Nordics, especially in Sweden with the scenario known as vishing. Vishing is a type of phishing (any type of message from an email, SMS, chat or other source that aims to steal a person’s identity or personal information) which uses the voice to try to commit the fraud. In vishing scams, typically fraudsters will call pretending to be the bank, the police or the telephone company, etc, and run a story that tries to trick the potential victim into sharing their bank or ID information so that they can then issue new credentials and empty any associated bank accounts.

Internationally, we are also seeing actors, of course, continuing to attempt to put malicious software on people’s phones and devices. For companies, a common trick employed by fraudsters is known as ‘compromise fraud’ and is related to business e-mails sent between two companies doing business with one another. A cybercriminal will attempt to intercept email communications or even place malware on one of the e-mails which picks up an invoice that is going to be paid and then changes the account number resulting in the money ending up somewhere else. When we talk about these types of fraud cases, the attacker might be located anywhere in the world.

Anyone can in fact become a victim under specific circumstances. This is why it is so important to continue to educate, to raise awareness and remind both company employees and customers on what to avoid and what to look out for. Repetition is key.

Helena Wall, Head of Fraud Intelligence and Awareness within Fraud Management at Nordea

What 3 tips can you give private people to try to reduce the chances of becoming victims of digital fraud?

Even though fraud and cyber-attacks develop and change over time, there are still actions that you can take as a matter of course to increase the security of your digital activities.

  1. Don’t ever follow instructions in SMS’s, emails or even phone calls to use your security credentials, unless you yourself have initiated the process by for example calling your bank’s Customer Service helpline. If in doubt, always double-check!
  2. Be careful about the things you disclose on social media and don’t accept strange or unusual procedures when selling or buying in online marketplaces.
  3. Always read very carefully what you are signing.

What 3 tips can you give companies to try to reduce the chances of becoming victims of digital fraud?

  1. Make sure to raise awareness amongst all employees on the common cybercrime and fraud types being used to target companies such as business e-mail compromise where account numbers on invoices are manipulated. Have a policy on how such account changes should be verified before execution.
  2. Educate employees on the risks of phishing of company mail credentials which is often the weak spot in business e-mail compromise but also the risk of employees clicking on attachments and links and exposing the company for a ransomware attack.
  3. Use the ‘four eyes’ principle in handling transactions – always have at least two people check any payment.

For both private and corporate customers, consider the need to have antivirus software installed also on mobile phones and not only just on computers.

Read more about how to stay aware of any fraud or cyber threats on Nordea Insights: 7 practical steps treasuries can take against cyber threats, the biggest cyber threats facing corporate treasuries, cybercrime trends and fraud management in the Nordics and ways to tackle fraud in the new banking landscape.

About Helena Wall

Helena Wall is the Head of Fraud Intelligence and Awareness within Fraud Management at Nordea Bank. She has been working in different roles in the field of anti-fraud since 2014. Before that, she worked for 14 years in different positions within the area of Internet banking at the bank. Since 2016 Helena is also a Certified Fraud Examiner by the ACFE (Association of Certified Fraud Examiners).

Read more Transaction Banking-related articles and sign up to receive monthly TxB insights.

Sign up for the Open Insights newsletter

TAKE ME TO THE SIGN-UP PAGE
Woman Using Virtual Reality Headset

The information provided within this website is intended for background information only. The views and other information provided herein are the current views of Nordea Bank Abp as of the date of publication and are subject to change without notice. The information provided within this website is not an exhaustive description of the described product or the risks related to it, and it should not be relied on as such, nor is it a substitute for the judgement of the recipient.

The information provided within this website is not intended to constitute and does not constitute investment advice nor is the information intended as an offer or solicitation for the purchase or sale of any financial instrument. The information provided within this website has no regard to the specific investment objectives, the financial situation or particular needs of any particular recipient. Relevant and specific professional advice should always be obtained before making any investment or credit decision. It is important to note that past performance is not indicative of future results.

Nordea Bank Abp is not and does not purport to be an adviser as to legal, taxation, accounting or regulatory matters in any jurisdiction.

The information provided within this website may not be reproduced, distributed or published for any purpose without the prior written consent from Nordea Bank Abp.

Related articles