Connect with us

Business

Social Engineering Tactics Are Evolving, Enterprises Must Keep Pace to Mitigate

By Jack Garnsey, Subject Matter Expert – Email Security, VIPRE Security Group

Social engineering attacks by cyber criminals are not only relentless, but they are rapidly evolving with new tactics being deployed too. However, phishing remains the preferred social engineering tactic. This is demonstrated by research that has processed nearly two billion emails. Of these, 233.9 million emails were malicious – showing that cybercriminals are increasingly adopting foul links that require ever more investigation to uncover. This is possibly because current signature-based investigation tools are now so effective and ubiquitous that threat actors are forced to either engineer a way around them or get caught.

Furthermore, the research detects these malicious emails due to content (110 million) and due to links (118 million) – almost evenly split between these. Following content and links, malicious emails were also discovered due to attachments, standing at 5.44 million.

Common approaches to social engineering

Criminals are using all manner of approaches for social engineering. They are using spam emails to fraud, especially business email compromise. With the use of AI technology such as ChatGPT and others, phishing emails are becoming even harder for people to identify. The tell-tale signs of poor sentence construction, spelling mistakes, lack of subject context and so on, no longer exist.

PDF attachments as an attack vector is gaining favour with criminals. Majority of devices and operating systems today have an integrated PDF reader. This universal compatibility across all platforms makes it an ideal weapon of choice for attackers looking to cast a wide net. One reason is because malicious hackers can make us think that there’s payment-related information inside. Once opened, the PDF potentially contains a link to a malicious page or releases malware on to the PC. Criminals are using malicious PDFs as a vehicle for QR codes too.

Stealing passwords is another commonplace phishing technique. Many of us will recognise emails urgently alerting us to update the password for the applications we use on a daily basis in our professional and personal lives. An example is a password update request from Microsoft – “Your Microsoft Office 365 password is set to expire today. Immediate action required – change or keep your current password.”  In fact, Microsoft was the most spoofed name in Q3 of 2023.

Heard of callback phishing? Cybercriminals send an email to an unsuspecting employee, posing as a service or product provider. Instilling urgency, these emails prompt the individual to “call back” on a phone number. So, when the user calls them, they are duped out of their information over the phone, or they are given “sign in” links to verify information and end up losing sensitive data in the process. The absence of malicious files within the content of either the email or attachments makes it easier to slip past the radar and evade detection.

A relatively new trend that is gaining momentum is the utilisation of LinkedIn Slink for URL redirection. To allow its platform users to better promote their own ads or websites, LinkedIn introduced LinkedIn Slink (“smart link”). This “clean” LinkedIn URL enables users to redirect traffic directly to external websites while more easily tracking their ad campaigns. Clearly a useful feature, the problem is that these types of links slip through the net of many security protocols and so have become a favourite of social engineers.

Education, education, education

All hands on deck, the saying goes! In that vein, a comprehensive strategy is needed to ensure protection – from timely patching, archiving or backing up data, monitoring and auditing access controls and penetration testing through to properly configuring and monitoring email gateways and firewalls and phishing simulations.

However, underpinning all this must be regular security education and awareness training to ensure that employees are always up-to-date on knowledge and vigilant against the newest social engineering techniques that criminals are deploying to fraud them with. It helps to embed a cybersecurity conscious culture and security-first attitude in the workplace.

A key focus of the education and training programme must be on motivating employees to take an active role in threat detection and protection. Good cyber hygiene knowledge is about giving employees peace of mind that their organisation and job are secure, but also that they have the knowledge to protect their friends and loved ones.

Employees need regular training reinforcement throughout the year if they are to be expected to remember and apply best practices over this time. Single, annual courses or classroom sessions are not sufficient given that people forget training shortly after these sessions. If adult learning best practices and techniques, such as spaced learning, are not implemented as part of a security awareness training program, then it will not succeed.

Additionally, targeted training must be designed for role types – far too often, a broad-brush approach to cyber training and education is undertaken, making it a tick-box exercise. For example, a company’s risk and compliance team needs cyber training that takes into account the demands of regulatory bodies, business development teams need to know all about incident reporting, the product development department must be trained on how best to secure the software supply chain, security teams must be trained on advances in threat detection, end users must understand how to spot a phishing email or deepfake, and so forth. Training that is tailored specially for business leaders is equally important.

There is no end in sight when it comes to social engineering attacks. End users of technology are constantly under attack, vigilance supported by security education and knowledge to help intuitively spot social engineering is a critical defence – be that in the form of deceitful emails, malicious QR codes and links, or any other such techniques.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

2024: THE year for customer experience enhancement

Source: Finance Derivative

Rob Paisley, Director, Banking and Financial Services, SS&C Blue Prism 

How recently have you relayed to someone the immaculate service that your tax office, bank or insurance company provided you with? From renewing a bankcard, buying a house or undergoing an investment fund transfer, financial organisations are not noted for their NPS scores.

Nowadays, banking customers find the service inconvenient, due to errors, hidden fees, delays and fund-accessibility issues to name a few, not to mention that financial organisations must compete in a world where online shopping is only a few clicks away. In fact, in terms of satisfaction, customers rank their streaming and parcel delivery service higher. Highlighting the general dissatisfaction is the TrueDigital Quotient, standing at a meagre 25%, emphasising the consensus amongst customers regarding transactions processed wholly through digital channels.

And, while large financial organisations and banks are addressing enlarging customer satisfaction, decreasing operational costs and steering revenue growth by using artificial (AI) solutions at a future time, wouldn’t a more reasonable solution be to manage digital processes through investment in existing intelligent automation (IA)?

Neobanks and digital banks leverage intelligent automation for faster customer journeys. This includes ‘know your customer’ checks, digital onboarding, and seamless processes, catering to both digital and traditional customers effectively – meaning customers can get what they want quickly and without pain. For younger customers, this means digital banking, while traditional customers are provided with better service at a physical location that includes digital offerings.

In banking and finance, most companies think of RPA-IA as an efficiency tool, but significant opportunities often unexpectedly arise when they start to deploy it. Often, it’s the customer experience that benefits most as it’s not just about efficiency. Automation software can help re-imagine your offerings with the customer at the center of it. Amidst the AI rush, revisiting foundational basics before proceeding may be prudent, as IA establishes essential groundwork often overlooked.

Repeated shortcomings for the banking customer

From routine tasks like mortgage applications to specialised services, such as closing accounts, infrequent or one-time customer experiences, significantly shape long-term loyalty and recommendations.

Let me paint you a picture with a tangible example of why people might take their business elsewhere, to illustrate how today’s predominantly young customers are not brand-loyal, and seek the easiest route to fulfil their needs swiftly.

If you join a cloud-based digital bank that has no branches, all transactions will likely be delivered by a 24/7 customer support hotline. Certain banks like this also don’t do checking accounts, only high yield savings CDs and loans which many people are attracted to given preferrable interest rate offers. This all sounds great, but you still run into the infancy of some of these technologies.

To do a mobile cheque deposit, we’ve had clients say it might take 14 days to clear. That’s not good enough. Even two days isn’t good enough given the technology available for these processes. It may also require the customer to write a restrictive endorsement on the back of the check saying it can only be deposited at the specific bank. Once the endorsement is written, it can’t be taken anywhere else other than that bank. If they reject it, they don’t have branches, so customers can’t walk in and talk to a human being and talk to someone.

Anything that improves time to resolution in a self-service fashion on a digital channel helps, but in reality, it’s a dichotomy. How can you have a cashless society until you solve basic issues like that one? It’s a pain to transfer out and you don’t really want to, but lethargy is inherently baked into the system so anything that can speed up the process is going to improve the customer experience.

Dissatisfaction often goes unvoiced, with customers silently departing without notice. Many companies remain unaware until weeks later, indicating a blind spot in recognising and addressing evolving customer behaviour.

With so much money at stake why are organisations struggling to get it right? This year, customer experience takes center stage, with forward-thinking companies investing in process intelligence, business orchestration and automation. Those lagging lack measurement tools and awareness of their shortcomings. Banks excelling in this realm employ more than 500 digital workers and meticulously measure outcomes, while others trail behind with fewer than 10 or none at all.

Cash no longer reigns supreme

Northern Europe boasts the largest global digital banking market, with Sweden dominating with a 98% cashless economy. Nordea, a leading bank in the region, spearheads this transformation by prioritising customer-centricity around the concept of ‘the idea of something better’ through cutting-edge mobile and digital banking solutions. Despite its 200-year legacy, Nordea embraced online banking early on, and in 2015, it adopted banking automation software to revolutionise its operations. Some six million transactions are processed by its digital workforce, including simple tasks such as new card requests, reducing errors and costs, allowing Nordea to tailor its services based on customer preferences.

“It’s one of the key aspects where we want to be the leading bank. We have invested a lot into our mobile bank, which is regarded as the best in the Nordic markets,” says Ossi Leikola, Head of Operations at Nordea. “We also believe very much in a personal relationship with our customers – that’s why we’re very interested in omni-channel.”

Through Nordea’s employment of almost 400 workers and 450 automated solutions for its 10 million customers around the globe, customer satisfaction levels have transformed. Subsequently, by using SS&C Blue Prism intelligent automation, the bank is positioned as a regional leader.

Where customer experience is concerned, efficiency is crucial to retaining loyalty. Companies providing customers with prompt, precise interactions excel in the industry. Intelligent automation solutions streamline transactions, enhancing customer satisfaction, and therefore loyalty. In the current informed market, banks should prioritise use of tools on enhancement, or risk reputational damage to the organisation.

Continue Reading

Business

Money laundering red flags: How to identify and combat financial crime

By Andrew Doyle, CEO, NorthRow

Money laundering, the process of disguising the proceeds of illegal activities as legitimate funds, is a grave financial crime that undermines the integrity of financial systems worldwide. 

When you consider that the National Crime Agency estimates that £10 billion of illegal money is laundered each year in the UK, financial institutions and regulatory authorities have a responsibility to be more adept at recognising the red flags indicative of these illicit activities. Understanding these warning signs is crucial in the ongoing battle to maintain financial integrity and protect the economy from the corrosive effects of money laundering. 

So, what exactly are the warning signs?

Unusual transactions

Financial activities that deviate significantly from a customer’s known income or business patterns is a clear warning sign. This can include large deposits, withdrawals, or transfers that seem inconsistent with their profile. 

Financial institutions need to scrutinise transactions in the context of their knowledge of the customer’s usual financial behaviour, risk profile and the nature of the business relationship. Any significant deviation should prompt a closer look to determine if the activity is legitimate or if it signals something more sinister.

Unexplained source of funds

Large sums of money appearing in a customer’s account from private or unfamiliar sources should raise immediate concerns. It is vital to look at how they acquired these funds and request supporting documentation such as bank statements, recently filed business accounts, or official documents like property or share sale records to verify any such transactions. 

When cash transactions are involved, the difficulty of tracing the origin of funds increases, making thorough due diligence even more critical. In such cases, the institution must ask whether the source of funds aligns with their knowledge of the customer and if there are any indications of criminal involvement.

Rapid movement of funds

When funds are swiftly transferred without a clear and justifiable business purpose, it can suggest an effort to conceal the true origin of the money. Sudden and unexplained changes in a customer’s transaction patterns, such as an abrupt increase in activity or a shift in transaction types, should also raise suspicion. These deviations may indicate attempts to disguise the nature of financial activities.

PEPs

Transactions involving Politically Exposed Persons (PEPs) are particularly high-risk due to the potential for corruption. PEPs include individuals holding prominent political positions and their close associates, who may be more susceptible to engaging in corrupt activities. These individuals often have access to substantial funds, making it easier for them to participate in money laundering schemes. Financial institutions must exercise enhanced due diligence when dealing with PEPs to mitigate the risk of being used to launder illicit gains.

Inconsistent documentation

Inconsistent documentation is another critical indicator of potential money laundering. This can include altered or forged documents, incompatible details between different records, or paperwork that does not align with the nature of the transaction. These inconsistencies suggest a lack of transparency and honesty in financial dealings, potentially indicating an effort to hide illicit origins or intentions. Financial institutions should be wary of any documentation that appears tampered with, or that provides conflicting information about a transaction.

Refusal to cooperate 

When customers are uncooperative or evasive in response to requests for additional information or documentation, it should raise immediate concerns. Avoiding straightforward questions about the purpose or source of funds, failing to provide necessary documents, or showing reluctance to clarify details can indicate a deliberate attempt to conceal illicit activities. Financial institutions must be prepared to report suspicious activities to the appropriate authorities for further investigation.

The presence of one or more of these red flags does not necessarily confirm money laundering but definitely warrants closer inspection. Financial institutions in the UK are legally required to implement robust procedures to detect and prevent money laundering. These measures include conducting thorough customer due diligence, continuously monitoring clients for any adverse changes to their risk profile, and reporting suspicious activities to relevant authorities.

Recognising and responding to money laundering red flags is essential for maintaining the integrity of the UK’s financial system. Financial institutions must remain vigilant, ensuring they have the procedures and expertise necessary to detect and address suspicious activities. By doing so, they can play a crucial role in combating financial crime and safeguarding the economy from the detrimental impacts of money laundering.

Continue Reading

Business

The Human Advantage: Turning human-centred leadership into commercial success

By Helen Wada

We are living in a world where AI is becoming more prevalent, the economic environment is as challenging as it has ever been, yet organisations are at the same time being asked to become more “human-centric” and focus on their people.

A shift from performance to people

The 1980s and 1990s were characterised by a relentless performance culture, where metrics and outcomes were paramount. Autocratic leadership of the past gave way to a more collaborative approach as we entered the 21st century and we saw technology begin to disrupt the way in which we worked. Deliver more with less, work in a different way, grow the top line and reduce costs and technology was driving efficiency and growth.

Helen Wada

Today, as we look forward to 2025 and beyond, technology is once again shifting the dial, but there is also a real shift towards people, we are moving into a new era. The Human era.  Helen Wada, a top UK top executive business coach, who has spent more than 25 years in the corporate world working across professional services and with global organisations, is witnessing firsthand the need to prioritise the essentials of being human. 

The pandemic brought this sharply into focus as we think back to how so many within all kinds of professional settings kept the wheels in motion at a time of fear and uncertainty. Medical workers, civil servants and retail workers all continued while others were told to stay at home. Since then, there has been a significant shift in focus on prioritising humanness unlike ever before, yet the commercial imperative remains – and in some instances the commercial pressures are felt even more than before the pandemic.   

Combining the need to drive growth  while building a human centric culture

One of the main challenges businesses face is finding the middle ground between human-centred initiatives and commercial goals.

In March of this year, Forrester explored what human and technical skills will matter most to B2B Marketers…”Technical and AI analytical skills will no doubt have a crucial role to play, but those in B2B customer facing roles must develop soft skills such as self-efficacy, cognitive abilities, empathy and excellent communication. These human skills are vital for building strong relationships with clients, collaborating with team members and adapting to changing market dynamics.” In addition…we need leadership skills and business acumen….The reality is we need to think about developing that whole person.”

A Gartner survey conducted in 2022 found that 90% of HR leaders believe that to succeed in today’s working environment, leaders must focus on the human aspects of leadership. However, only 29% of employees report that their leader is a human leader.

According to Helen’s philosophy, these “human skills” that sales leaders require align completely to those that she developed through her executive coach training back in 2015.  Helen had always shied away from sales, preferring to focus on her technical expertise and delivery.  Yet, after training as an executive coach, she found a new confidence in having open-ended conversations with customers, building relationships and creating insight and value through the quality of her conversation and challenge.

This got her thinking, was there a way that coaching could prove to be the bridge between human-centric leadership and commercial focus

The Harvard Business Review, along with many other reports has highlighted the role of quasi-coaches; leaders who blend coaching with their managerial roles as pivotal to successful leadership.  But can this be taken one step further.

The sales leaders of tomorrow, not only require their technical expertise, their ability to collaborate and work with AI, they require these human skills, to connect with customers, be curious and create value.

Human-centred leadership in practice

Human-centred leadership requires an approach that looks at everyone as individuals. It is important to understand a person’s aspirations, values, and what drives them. This can be difficult where development programmes are delivered at scale with a one-size-fits-all approach.  Common coaching skills can be developed, yet the outcome of a coaching conversation is always personal and unique.

By themselves adopting a coaching mindset, leaders can demystify complex issues and foster a culture that supports both personal and professional growth. Helen’s thesis asserts that human-centred and commercial cultures do not have to be separate. Instead, they can “coexist harmoniously through coaching. By developing leaders as coaches, organisations can scale human-centric practices, as well as provide the skills required to foster commercial relationships, where connection, curiosity, challenge and collaboration are at the heart of working together.”

Scaling human-centric practices

At the heart of a coaching culture is the creation of personal responsibility and accountability.  Coaching, by its very nature encourages others to grow and thrive, creating a culture of trust and responsibility for everyone to play their role in their own personal growth and development.

By starting at the top, Helen highlights that coaching provides a framework that equips leaders with the skills to understand and support their teams effectively, as well as having better conversations with their clients, whether external or internal to the business.

This is particularly relevant in professional service or partnership environments, such as accounting, law, or engineering, where technical expertise is valued for promotion to a certain point, but to reach the next level of leadership requires an ability to build a different type of relationship with customers – often exploring areas outside of their comfort zone.

Coaching and coaching skills also support individuals deal with uncertainty, as Helen explored with a fellow coach, Paul Golding in her podcast Human Wise.

The HUMAN Framework

Helen has created a framework that encapsulates the essence of human-centred leadership, based upon coaching principles

H: How you show up

U: Understand yourself and others

M: Mindset

A: Act & Adapt

N: Next steps

By working with this framework,  leaders and executives can have a practical way to embrace a way of operating that fosters a human-centric culture with a commercial lens. The best outcomes for you, your team and your business.

The benefits of investing in coaching are both qualitative and quantitative. Qualitatively, individuals understand more about themselves, they gain confidence and develop stronger leadership capabilities.

Stretching these skills into commercial conversations translates into quantitative benefits   where companies can see tangible commercial outcomes resulting from an increased confidence in the market, new relationships, new opportunities, and an uptick in revenue and profitability.  All resulting from deeper, connections and human relationships.

Helen’s approach to coaching emphasises that making the human advantage your commercial advantage is not just beneficial, but essential to business success in today’s human-centric world.

Continue Reading

Copyright © 2021 Futures Parity.