Nordea’s fraud management team was interviewed by ‘The Paypers’ to discuss key insights in cybercrime trends and fraud management solutions at both the local and global level. This article was independently edited by The Paypers and is part of the ‘Web Fraud Prevention, Identity Verification & Authentication Guide 2018/2019 – 7th edition’.
You can download a free, printable PDF copy by visiting The Paypers Reports section here.
What are the current cybercrime trends in the retail and corporate banking sector, particularly in the Nordic countries?
We have divided cybercrime trends into local and global threats. If we are looking at the global threats, which are likely to rise in the coming year, we see investment scams, CEO fraud, Business Email Compromise (BEC) fraud, phishing, smishing, and vishing. Notably, vishing is prevalent in Sweden and it is likely to come to Norway and other Nordic countries. At the local level, the common threats identified are friendly fraud, identity theft, card scams, and gain phishing. Nevertheless, the employees are usually the weak link, as in most cases the threat comes from the inside. Why? Because the staff within the organisation is not well trained to recognise a cyber-attack, or sometimes they commit fraud on purpose. Due to the developed economy and prosperous businesses, Nordic countries are highly digital, and this makes them a good target for cybercriminals.
What does the anatomy of cyber-attacks look like?
There are two types of cyber-attacks; however, it is often some kind of combination of the two: those where the fraudsters manipulate people’s minds and those where the fraudsters manipulate people’s devices (or hack/misuse email box, inlogging, etc). The first type is essentially the social engineering fraud and it is usually exercised over an organisation’s staff. Cybercriminals hack emails, but most of the time, at least for CEO fraud, the manipulation of the employees is a common practice. The attacks that go through social engineering are investment scams, BEC fraud, love scams, phishing, smishing, vishing, friendly fraud, and identity theft, but they can also include bits of technical fraud.
The technical advanced fraud is when fraudsters have the skills and knowledge of producing technical bits in order to attack, so then they use malwares, different types of Trojans and viruses in order to get into the computers of the customers. By any means, the most successful frauds are those resulted from a combination of social engineering and technical elements.
Could you please share with our readers some recommendations on strengthening the fraud prevention management?
One of the important things to do, as an organisation, is to identify the risk group within. It’s not always about the money, the information, or the different knowledge that only the company has; the projects or any other type or valuable resources that can be stolen and commercialised by fraudsters are also things worth considering. It is also important to know what information is shared between the company, the staff, and the public. In addition, one has to always make sure that the employees are aware of the risks, and they should always be updated about potential attacks. Therefore, educating people on a constant basis is a way of reducing risks. One should constantly monitor the way emails are used (for instance, how the flags in the email function are used), the money transfers, and other types of transactions.
When it comes to transactions, we recommend the four eyes principle: two people to verify when the company made a payment and to make sure fraudsters don’t manipulate the bills or the emails. In addition, it’s always crucial to make sure the utilised technology is up to date. And there is also the password culture: obviously, people should understand they shouldn’t share passwords under any circumstances, and they should know how to build a strong password. Moreover, companies should adapt a correct password culture for their staff.
Nordea is the largest bank by size in the Nordic region and the only bank that has a truly Nordic identity at its heart and culture. With key operations in every Nordic country, Nordea has been playing a fundamental part in establishing the shared economy in the region and in fostering a borderless trading area.
For more information please write to firstname.lastname@example.org
The information provided within this website is intended for background information only. The views and other information provided herein are the current views of Nordea Bank Abp as of the date of publication and are subject to change without notice. The information provided within this website is not an exhaustive description of the described product or the risks related to it, and it should not be relied on as such, nor is it a substitute for the judgement of the recipient.
The information provided within this website is not intended to constitute and does not constitute investment advice nor is the information intended as an offer or solicitation for the purchase or sale of any financial instrument. The information provided within this website has no regard to the specific investment objectives, the financial situation or particular needs of any particular recipient. Relevant and specific professional advice should always be obtained before making any investment or credit decision. It is important to note that past performance is not indicative of future results.
Nordea Bank Abp is not and does not purport to be an adviser as to legal, taxation, accounting or regulatory matters in any jurisdiction.
The information provided within this website may not be reproduced, distributed or published for any purpose without the prior written consent from Nordea Bank Abp.