It is estimated that global businesses and their customers lose more than $500 billion annually to cybercrime and the problem has been exasperated by the Covid-19 pandemic. In the financial services sector, the impact of clients increasingly using mobile channels and growth in transaction volumes over the internet has inevitably boosted the growth in cybercrime in recent years but the good news is that methods of detection are getting more sophisticated.
Data from banking lobby group, UK Finance shows that unauthorised financial fraud losses across payment cards, remote banking and cheques totalled £783.8 million in 2020, a decrease of five per cent compared to 2019. Banks and card companies prevented £1.6 billion in unauthorised fraud in 2020. This represents incidents that were detected and prevented by firms and is equivalent to £6.73 in every £10 of attempted fraud being stopped.
The growth in remote working during the pandemic has created new inroads for cyber-attacks as businesses have been forced to move their operations away from the Cloud, lowering their defences against attacks.
The scale of the issue, combined with the financial and emotional impact of cybercrime has resulted in an increased emphasis in cyber security by the financial services sector in recent years, particularly as more firms use automated platforms and digital content for their client communications.
So what should our clients be aware of and what can we all do to prevent attacks:
Clone Firms
Clone Firm investment scams are on the rise as the ongoing financial impact of Covid-19 continues to make people more susceptible to these types of scam. Clone firms are fake firms which are set up by scammers to imitate genuine investment firms approved by the FCA by using their name, address and Firm Reference Number (FRN). Fraudsters send out sales and marketing media, linking to the legitimate firms’ websites to convince their victims that they are dealing with the real company.
The FCA reported an increase of 29% in April 2020 compared to March when the UK went into its first lockdown. Losses of more than £78 million were reported between January and December 2020, according to data from Action Fraud.
FPC has direct experience of this, as within the last month one of our clients was approached by a company purporting to be Vanguard, a well-known investment fund platform. They were suspicious and rang us straight away and we were able to confirm this was a known scam and circulate a warning.
Another client had his computer infiltrated, supposedly on the back of a genuine contact from Amazon Prime and again, thankfully this too was thwarted but we must be on our guard as the scammers will often use well-known brands that we trust.
The good news is that the technology to defend consumers against attacks has made huge advances in recent years.
What are the most common types of cyber-attack?
Brute-force attack
Criminals guess passwords by using every combination until an account is unlocked. These can be avoided by using complex passwords, containing a mixture of numbers, letters and special characters, adding layers of security with multi-factor authentication and setting a limit on the number of login attempts permitted.
Consider using a password manager such as LastPass to generate and store your passwords. Passwords can be synced across devices, ensuring that you never have to write one down.
Credential Stuffing
For this method, the fraudster uses stolen information to get access to a victim’s account and uses it to perform fraudulent transactions. Again, enabling multi-factor authentication, avoid using email addresses as user IDs and using techniques such as device fingerprinting are all steps that can be taken to protect against this type of fraud.
Where possible, you should avoid receiving multi-factor codes through SMS messages. Using an app or hardware token to generate codes are the preferred methods. Speak to your financial providers to see if further additional security features can be enabled such as HSBC’s ‘My voice is my password’. If you are compromised, then it is important to have as many roadblocks as possible between the people that operate these scams and your personal finances. Please ensure you do not re-use passwords across your banking systems.
Phishing
This is the most common form of cyber-attack where the victim receives an email, from a seemingly reliable source (Clone Firm), to get access to personal information. These emails usually include attached files or link to a website which trick recipients into revealing personal information, your usernames and passwords or downloading software. Avoid opening emails (and clicking on links within them) from unknown sources, hover over the link to reveal the web address that it’s directing you to and pay close attention to the design of the email (although some of them are extremely convincing).
Organisations such as HMRC no longer include links within the emails they send you. They will ask you to search for the HRMC website in Google or your preferred search engine. Legitimate organisations will never ask you for any part of your password. Please do not reveal it to anyone. Similarly, legitimate organisations will never ask you to download a file to your computer or require remote access. Microsoft do not contact people directly; this is always on request or through a partner IT firm.
Also, watch out for scam calls purporting to be from Amazon, HMRC and courier firms. Many of these scams rely on tricking you into believing that the caller is genuine. If in doubt, hang up!
Malware Attacks
This is malicious software that is downloaded on to a device without your knowledge, which then steals, encrypts or deletes data. To protect against this type of attack, avoid downloading any software or applications or clicking on web addresses from unknown sources and install anti-virus software on your devices.
Malware often takes advantage of vulnerabilities in software that are installed on your computer. Please ensure that you regularly patch your operating system and applications, weekly if possible. Try to stay on the latest version of your operating system as this is where many of the vulnerabilities exist and keep your anti-virus subscriptions active and up-to-date. Regular scheduled backups of your data are key to overcoming malware infections. It is important that you enable a backup of your devices to at least an external USB hard disk or preferably by using a cloud backup provider.
Prevention
Introducing ITSOL…
FPC conducted a stringent process when selecting our IT services provider, ITSOL. ITSOL specialise in providing fully managed IT services, and more specifically within the Wealth Management sector, which they have done so for almost 25 years. This focus on regulated financial clients means they are acutely aware of the risks faced by this type of company and their clients.
Working in the financial sector, ITSOL have witnessed the evolving and growing nature of cyber-attacks and have evolved a suite of hardware and software tools to help prevent and detect these attacks including Managed Firewalls and world leading anti-malware protection packages. With the support of their expert team of consultants and directors, FPC has worked hard to boost our defences and protect our clients’ data to deliver confidence and peace of mind to our clients and professional partners.
As the trusted IT partner for FPC, ITSOL are available on request to respond to the IT and in particular the IT security requirements of FPC clients. This can take various forms including, but not limited to IT security advice, preferably in a proactive situation, but can if required be in an emergency should this arise. ITSOL can also offer systems checks for FPC clients on either their business or private IT systems which could give a large degree of comfort to any client who may have security concerns or may be considering finding a new IT partner that they can trust to work with them on improving their business.
FPC View
It’s just over a year since we launched our client portal, FPC View to improve and simplify our clients’ access to their financial information but also to boost security.
For those who don’t use it already, FPC View delivers safe and secure client communication via document sharing and secure messaging, an alternative to email communication.
With secure messaging, messages are stored in an encrypted database. So you read them, respond to them but they never leave the encrypted system. Unlike email, they are not stored on computers or mobiles (FPC’s or their clients’).
Other facilities offered by FPC view include:
- valuation facility to give clients secure direct access to their own data from policies we supervise
- banking and expenditure analysis tool that gives clients a way to securely access and analyse their finances via new Open Banking protocols.
And whilst FPC View is a data aggregation tool (lots of things in one place) everything is read only so at no point can anything be accessed/moved /broken.
If you have any queries or concerns about any of the information provided above, or you would like to find out more about FPC View, please don’t hesitate to contact us.
