This type of email threat, known as Spear Phishing because it is intentionally crafted to target specific individuals, is becoming more prevalent and more dangerous. The attacker used language in these emails that would be familiar to a BSA officer with the intent to make the receiver comfortable with it, so that they would lower their guard and be more likely to open attachments or click on any links in the email.
In 2018, about 20,000 complaints were made to the FBI’s online reporting site concerning losses resulting from “fake” emails, with a total of $1.2 billion in adjusted losses. However, these numbers grossly understate the fraud epidemic because FBI online complaint reporting statistics do not include information reported directly to state or local law enforcement or to FBI field offices.
The statistics provided above clearly show that fraudulent emails are a major problem. While employee information security training and testing is important to have, it’s much better to stop these emails from ever reaching a financial institution’s employees. Today, the banks that are having the greatest success with keeping these emails out of their employees’ inboxes are those that use a combination of Artificial Intelligence (AI), event correlation, and real time data analytics in a multi- layered security architecture designed specifically for the banking industry. By analyzing the massive number of emails being sent to thousands of bankers every moment of every day, a single email threat blocked at one bank can instantly be recognized with Artificial Intelligence (AI) and blocked at every other bank that is a participant in the security community.