growing piles of coins with background of a financial district

Cyberthreats facing UK finance sector “a national security threat”

As the reports covering all of 2022 start trickling in, we can see that cybercrime and other types of fraud had a major impact last year.

Take for example the 2022 half year fraud update by UK Finance, which tells us that criminals stole a total of £609.8 million (roughly $750 million) through authorized and unauthorized fraud and scams in the UK alone.

UK Finance is the collective voice for the UK’s banking and finance industry, representing around 300 firms across the industry. Its report states: “As we have warned previously, the level of fraud in the UK has reached a point where it must be considered a national security threat.”

Another report, called the ‘State of cyber security in the UK’, surveyed 500 UK-based cybersecurity strategy decision makers. It showed that financials are at significantly higher risk than the average UK business. More than half (58.2 percent) reporting between 40 and 60 cyber security incidents in the last 12 months.

Businesses

Many financials not only carry the burden of protecting their customers, but are also at risk of falling victim to cybercrime themselves.

The threat which was mentioned the most in responses to the survey was phishing. Some 67 percent of respondents highlighted it as their main worry for their organization. This is no surprise as phishing is often the prelude to more serious threats like ransomware, breaches, and BEC scams.

Other worries were the rise in premium prices for cyber insurance, and the security implications of the rise in flexible working. The advancing pace of technology (39 percent) also featured, as effects from the pandemic have complicated organizations’ ability to protect themselves from cyber threats.

The report based on the survey also shows a higher-than-expected number of breaches. Which made more organizations realize that having a recovery plan is almost as important as having effective preventive measures.

Consumers

The main types of fraud targeting consumers were:

  • Authorized push payment (APP) scams, which use social engineering that tricks victims into authorizing payments to accounts belonging to the scammer. Romance scams and investment scams operate this way, as do purchase scams, where people pay for goods that are never delivered.
  • Unauthorized payment card fraud. This category covers fraud on debit, credit, charge, and ATM-only cards issued in the UK. Payment card fraud losses are organized into five categories: Remote card purchases, lost and stolen cards, cards that aren’t received, counterfeit cards, and card ID theft.
  • Remote purchase fraud. This type of fraud occurs when a criminal uses stolen card details to buy something on the Internet, over the phone or via mail order. It is also referred to as card-not-present (CNP) fraud, because the threat actor does not have the physical card, but has enough details to pretend that they are authorized to use it.

A common factor behind APP scams is use of online platforms and social media to target victims and trick them into making payments. This includes fraudulent advertising on search engines, fake websites and posts on social media. This is where the first contact between perpetrator and victim usually takes place.

Another worrying side effect of many of these financial frauds is the use of money mules. Often younger people that allow their bank account to be used to ‘cash out’ fraudulent funds, without realizing how sever the consequences can be.

For detailed numbers and more information you are encouraged to look at the UK Finance report.

Cooperation

Because of the direct threats and the responsibility for their customers, the banking and finance industry invests billions in tackling fraud. But it’s not a problem the banking sector can solve on its own.

Some of the initiatives that have been taken by the sector in the UK are:

  • Working with the government and law enforcement to establish clear strategic priorities.
  • Sharing intelligence on emerging threats.
  • Delivering customer education campaigns.
  • Training staff to spot and stop suspicious transactions.
  • Sponsoring a specialist police unit.
  • Cracking down on phone number spoofing.
  • Blocking scam text messages.

How can we help?

NatWest, one of the UK’s “big four” banks, is offering all of its customers a free Malwarebytes Premium subscription, which can be used on up to 10 devices. The software protects against viruses, ransomware, and phishing scams, and is available for Windows PCs and Macs, as well as Android and Apple phones and tablets.

In the first half of 2022, Malwarebytes helped stop over seven million security threats that would have impacted NatWest customers. The bank’s customers can access the software by clicking the security tab within their online banking, where they will receive a coupon and a link to the Malwarebytes site.

Stuart Skinner, head of fraud protection at NatWest, said:

We are committed to helping our customers stay safe and secure and are continuously investing in new fraud prevention tools and the latest security technology. I urge you to download Malwarebytes today, to help ensure you are doing everything possible to protect yourself against this crime.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.