© 2015 MarkMonitor Inc. All rights reserved.

Safeguarding Your Organization

from Social Engineering Attacks

Akino Chikada

Product Marketing, MarkMonitor

Online Banking Landscape

Social Engineering Attacks

Online Abuse Trends in the Banking Sector

Best Practices

Q&A

Agenda

Banks are increasing their investment in online channels

• Mobile is getting most of the attention

More than 50% of adults bank online in the USA

According to a recent study*, very successful phishing

campaigns will capture data from 45% of its visitors

• Least successful scams only scored information from 3% of its

visitors, but that still adds up!

Security is more critical today than ever before

*Engadget: “Google says the best phishing scams have a 45-percent success rate”

“Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild”, Google

Online Banking Landscape

What is Social Engineering?

• The psychological manipulation of people into divulging

confidential information

• It’s one of the top 3 security concerns for 2015*

Fraudsters typically leverage a multi-pronged approach

They are always looking into new ways to monetize

different types of credentials and data

*Source: 2015 Banking Priorities Study, CSI

Social Engineering Attacks

Fraudsters are continuously evolving their strategies

Social Engineering Life Cycle and Challenges Targeting Banks & Credit Unions

Domains

Social Media

Mobile Apps

Websites

Paid Search

Email

Phishing

Malware

False Association

Impersonation

Loan Lead Generators

Reselling Resources

& Credentials

Deepening & Broadening

Data for Other Attacks

Hijacking Resources

5 | Confidential

Setup Social

Engineering Attack

Launch Social

Engineering Attack

Collect Credential

& Monetize

CHANNELS TACTICS MONETIZATION

Fraudulent Attacks at Domain Level

Problems:

Cybersquatting

Domain security

New gTLDs

Actively monitor and secure new gTLDs

Top 10 New gTLDs

Fraudulent Attacks via Websites

Problems:

Phishing / Malware sites

Loan Lead Generators

Impersonation

Bkbuster.com

Impersonating sites / loan lead generators can be fraudulent

Fraudulent Attacks via Paid Search

Problems:

Phishing Paid Search

Traffic Diversion

Loan Lead Generators

Links in Paid Search ad links to Phishing URLs:

hxxp://xxxxxgravamesonline.zip.net/

hxxp://xxxxxsistema.com.br/home/index.html

Paid search ads can be directing people to malicious websites

Fraudulent Attacks via Social Media

Problems:

Loan Lead Generators

Impersonation

#phishing

Links to phishing sites

Proactively monitor social media sites to minimize risks

Problems:

Phishing apps

Malware apps

Copy cat apps

Fraudulent Attacks via Mobile Apps

Secure mobile banking to protect your customers

Source: Trend Micro

Mobile Phishing by Industry

Fraudulent Attacks Hurt Your Business

Impacts your top and bottom lines

Damages Online

Channel

Customer distrust

Abandoned Internet channel

Diminished revenues and

higher costs

Increases

Costs

Incident fire-fighting

Fraud remediation

Customer service and

support

Weakens Customer

Relationships

Poor customer experience

Eroded brand loyalty

Customer defection to competitors

Solution

Social Engineering attacks can have a multi-pronged approach,

so it’s critical that you have visibility across all digital channels

Consider prevention, detection and mitigation strategy for each

channel so that you are protecting your customers

Have an appropriate enforcement strategy in place

• Brand enforcements

• SOC shutdowns

• Fraudcasting

Best Practices

What NOT to Do

Page 14 | Confidential

1 IGNORE THE ISSUE

Social Engineering and fraudulent attacks will not go away on its own

Be proactive now rather than trying to fix the damage later

2

3

DO IT MANUALLY

There are too many channels and venues to monitor manually

Manual approach is usually more costly and less effective in the long run

TREAT ALL ABUSES EQUALLY

Not all fraudulent attacks has the same impact

Prioritize abuse based on its impact on your business

What You Should Do

Page 15 | Confidential

1 BE PROACTIVE

Monitor and proactively protect your bank and your customers from

fraudulent attacks

2

3

LEVERAGE TECHNOLOGIES

Ensure you have a purpose-built technology to help you prevent, detect,

and mitigate fraudulent activities

DON’T JUST FOCUS ON THE EMAIL CHANNEL

Social engineering attacks are taking place across multiple digital

channels in different forms

Social

Media Email Websites Paid

Search

Mobile

Apps

Educate Your Customers Protect Your Customers from Online Scammers

Make your customers your allies

in fighting fraudulent activities

Setup an inbox so that customers

can easily forward any fraudulent

scams

Provide best practices and

proactively share latest social

engineering attacks so that your

customers know what they should

look out for

MARKMONITOR TRUSTED BRANDCASTING & FRAUDCASTING SYSTEM

Page 16 | Confidential

Key Take Aways

Brand-fraud related abuses can potentially be part of a more

elaborate social engineering attack

Fraudsters are continuously evolving their tactics, so have

preventative measures in place to minimize risks

Be prepared for the worst so that any stage of a fraud lifecycle,

you have a strategy to mitigate and shutdown a fraudster

Questions?

Thank You!

For information on MarkMonitor solutions, services and

complimentary educational events

• Contact us via email:

field.marketing@markmonitor.com

• Visit our website at:

www.markmonitor.com

• Contact us via phone:

US: 1 (800) 745 9229

Europe: +44 (0) 203 206 2220