Digital transformation of the financial industry has led to a major rise in global phishing scams and cyber-attacks. In order to protect consumers from falling victim to fraud, banks must enhance security protocols.
Research from a 2022 report by ZscalerTM indicated that there had been a 29% rise in phishing scams in the past year with a new record of 873.9 million attacks. The majority of cyber scams took place in the United States, Singapore, Germany, Netherlands, and the UK.
Kyle Ferdolage, lead trust and safety analyst at N26 believes that the mobile bank is optimising fraud prevention technology and minimising online threats to consumers.
Ferdolage explains how phishing-as-a-service (PhaaS) has become more prevalent in black market circles: “PhaaS refers to the black-market sale of tools and knowledge required to carry out a phishing attack. Essentially, it is the creation of a software-as-a-service style model for bad actors that lowers the barriers of entry for those with limited technical knowledge and experience, thus expanding the reach and magnitude of phishing attacks.”
PhaaS has opened up a whole new world of opportunities for amateur fraudsters to target potential victims and launch successful cyber-attacks through phish kits, bait scams, and SMS phishing attacks. PhaaS produces an environment for non-sophisticated actors to create more convincing scams.
Ferdolage details that N26 is taking measures to optimise their technology to constantly monitor their platform for phishing scams.
Accoding to Ferdolage, that N26 is prioritising making customers aware of the latest threats and tricks that are used to target accounts; “As a bank, we have a responsibility to help consumers understand the risk and threats they are exposed to when it comes to phishing and fraud.”
In a world where scams are at every dark corner and wrong turn, consumers need to be weaponised with fraud prevention strategies to protect themselves from phishing attacks. Ferdolage recommends that consumers maintain a “healthy dose of scepticism” and think through the legitimacy of possible phishing scenarios.
“As a rule of thumb, anything that seems either unusual, out of place or too good to be true, probably is. Some helpful practices include slowing down and not reacting to urgent messages immediately, and instead taking a minute to look into the company or claim to decide whether the request makes sense and comes from a legitimate source. It is best to contact the person or institution directly via a listed or known point of contact to verify the legitimacy of the source before engaging further.”
Ferdolage also suggests staying in the loop on the changing nature of cyber scams and “maintaining good internet hygiene,” meaning that users should not reuse passwords and always utilise multi-factor authentication for accounts.
Keeping in line with regulations in the cybersecurity space, N26 maintains that users should report any suspicious activity to account managers and authorities to prevent fraud. Ferdolage expresses a need for further regulation to protect customers as the amount of cross-border transactions increases.
Ferdolage lists three steps banks should be taking to remain vigilant against phishing scams:
- Continuously update cybersecurity methods and tech to stay ahead of trends in fraud and scams, and review internal safeguards.
- Collaborate with other banks on security technologies to ensure ironclad prevention against fraudsters across the sector.
- Quickly report suspicious activity for investigation to the appropriate authorities.
N26 prioritises investing in fraud prevention and Ferdolage underscores the need for banks to take more decisive action to protect consumers.
To safeguard customer security, N26 ensures only device owners can access their accounts through two-factor authentication, personalised security settings, locks on cards, adjustable spending and withdrawal limits, and restricted overseas and online transactions.
Ferdolage concludes: “The growth of fraud in the digital space is a real threat not only for digital players like N26 but the industry as a whole. In today’s fast-moving digital economy, phishing attacks can come in many shapes and forms as scammers often change their approaches to evade detection. As bad actors are constantly improving their schemes, using increasingly sophisticated and complex tactics, it is key for financial institutions to quickly respond to combat these trends as they emerge. The only way financial crime can be tackled globally is by recognising the need for a coordinated approach across the entire industry - tech players, traditional banks, the relevant authorities and society.”
Earlier this year, N26 announced that the company will be IPO-ready by 2023.