Fintech Today
  • About
  • Banking
  • Insurance
  • Resources
    • COVID-19
Subscribe
No Result
View All Result
  • Digital Transformation
  • Customer Experience
  • Cybersecurity & Risk
  • Regulation & Compliance
  • Claims Management
Fintech Today
  • Digital Transformation
  • Customer Experience
  • Cybersecurity & Risk
  • Regulation & Compliance
  • Claims Management
No Result
View All Result
Fintech Today
No Result
View All Result
Home Banking

Minimizing Phishing for Financial Services Institutions with Enhanced Email Security

by Nina Jacobs
November 8, 2022
in Banking, Cybersecurity & Risk
Reading Time: 6 mins read
A A
Minimizing Phishing for Financial Services Institutions with Enhanced Email Security
Share on FacebookShare on Twitter

Ecommerce platforms are an attractive target for hackers, meaning banks need to make cybersecurity a priority. This article, published by our colleagues at Retail Technology Insider, outlines the risks of leaving corporate email servers unprotected and the ways in which a third-party security solution can defend against phishing and other scams.

The surge of ransomware attacks over recent years is a major concern for nearly every industry, thanks in part to the rapid digital transformation driven by the COVID-19 pandemic. The rise in ransomware attacks began in 2020 and continued into 2021 with an almost 13 percent increase over the previous year.  

With phishing’s close ties to online payments, it is no surprise that the retail industry is a prime target for social engineering scams. A prime example is the 2013 Target phishing breach, which began when an HVAC contractor received a message appearing to come from Target’s online portal for contractors. Once inside the portal using the contractor’s credentials the hackers were able to move freely from the portal to Target’s point-of-sale system, gaining access to customer’s payment information. The incident cost Target nearly $270 million and remains one of the highest-profile breaches of the decade. This event, a textbook supply chain attack, demonstrated how a single lapse in security can wreak havoc on an organization, costing both money and the trust of partners and consumers.

While phishing attacks are costly as standalone events—the 2021 FBI IC3 Internet Crime Report revealed almost 20 thousand business email compromise complaints with adjusted losses at nearly $2.4 billion— Verizon’s 2022 Data Breach Investigations Report revealed that phishing is one of the four main entry points into an organization allowing hackers to gain a foothold to launch more extensive and costly attacks. With phishing attacks accounting for 41 percent of business email compromises it’s vital for organizations to look closely at that point of entry.

Over the past few years, Microsoft 365 (M365) has become an attractive target for hackers, with multiple scams targeting corporate accounts. Though the tech giant has promoted M365 as a comprehensive modernization solution for retail organizations, there are gaps in its security that cannot be ignored.

While Microsoft does provide some native email security, its protection does not extend to mitigating some of the most common phishing techniques. For example, common indicators of spam email are misspellings, grammatical errors, or non-English words that indicate the email was originally written in another language and then translated with an online translator. Increasingly, bad actors are skipping the translation step and sending spear phishing emails in foreign languages in an attempt to evade anti-phishing AI algorithms. As these techniques become more common, defenses against them should adapt as well. However, Microsoft’s Service Agreement states that the effectiveness guarantee of its filters does not apply to emails with predominantly non-English language content.

Another common tactic, spear phishing, is hard to detect for a different reason. Spear phishing emails are personalized to their victims, and the sender takes great pains to replicate a trustworthy message. “Attackers find it very easy to identify an M365 user, since MX records and auto-discover entries are available online and visible to the public,” said Andy Syrewicze, Technical Evangelist at Hornetsecurity. “They can then impersonate a coworker or business partner based on information connected to the user’s name or company. It is therefore critical to add another layer of security to your M365 accounts for total protection against phishing, malware, ransomware, and data loss.” Spear phishing preys on a sense of familiarity: if the recipient recognizes the email address, the message looks official, and there are no obvious red flags such as foreign language content, they are more likely to open it.

To fill in the gaps left by M365’s built-in security and ensure more comprehensive protection, a third-party security solution is crucial. A variety of tools for scanning and sanitizing emails before they arrive in user inboxes are available and compatible with M365. “From a technical standpoint, let’s implement something that identifies phishing email, for example, via various tactics before it hits our users’ inbox,” said Eric Anderson, Cybersecurity Architect, Instructor, and Evangelist at Atlantic Data Security. “If I don’t get the phishing email, I can mistakenly click on something.”

These tools often have other forms of defense built in, such as anti-virus protection and email encryption, providing additional assurance for companies, contractors, and end users. The diversity and flexibility of options means that incorporating email security into an overarching cloud strategy is simple and rewarding.

M365 remains a convenient and effective platform for retail organizations, and the benefits it provides deserve to be protected. Third party email security solutions are an invaluable tool for safeguarding both company and customer data against phishing and other scams without compromising performance.

Ready to upgrade your M365 email security? Click here to get started.

Tags: Atlantic Data SecuritycybersecurityeCommercephishingransomware

RELATED POSTS

Contributed Articles

Cybercrime and Cyber Risk: Strategies for Protecting Your Organization

February 2, 2023
Email Phishing and Spam Protection Help Financial Services Institutions Build Trust and Credibility with Customers
Banking

Email Phishing and Spam Protection Help Financial Services Institutions Build Trust and Credibility with Customers

November 10, 2022
Who’s Driving Digital Transformation for Banks and Financial Institutions?
Banking

Who’s Driving Digital Transformation for Banks and Financial Institutions?

November 1, 2022

TRENDING NOW

  • Cybercrime and Cyber Risk: Strategies for Protecting Your Organization

    503 shares
    Share 201 Tweet 126
  • What 2023 Means for Commercial Construction Lending

    515 shares
    Share 206 Tweet 129
  • Arizona’s Motor Vehicles Department (MVD) Makes Payment Offerings More Accessible

    657 shares
    Share 263 Tweet 164
  • AI in Financial Services: Where Does Ethics Fit In?

    553 shares
    Share 221 Tweet 138
  • Matching Buyers and Sellers in M&A

    540 shares
    Share 216 Tweet 135

CONNECT WITH US

Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner

BECOME AN INSIDER

Get Financial Technology Today news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Future Healthcare Today
Government Technology Insider
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Financial Technology Today offers content and advertising sponsorships to leading technology solution and service providers. Interested in becoming a sponsor? Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About
  • Banking
  • Insurance
  • Categories
    • Digital Transformation
    • Customer Experience
    • Cybersecurity & Risk
    • Regulation & Compliance
    • Claims Management
  • Contact Us