Impostor attacks against financial services organizations rose by 60% from the end of 2017 to the end of 2018, according to a report released today by cybersecurity firm Proofpoint. In the fourth quarter of 2018, 38% of financial firms studied were targeted using at least five spoofed identities of the firm’s employees, while more than half said at least five of their employees received impostor attack emails.
Impostor attacks included requests for wire transfers and other payments, as well as fraudulent shipment notifications. In addition to business email compromise, impostor fraud tactics included spoofing an email display name or a financial firm’s own domain as well as using a lookalike domain (with, for example, a slightly different letter or number—a type of spoofing that affected a quarter of financial firms in 2017 and 2018). A little over a third of emails sent from financial services firm domains in the fourth quarter of 2018 had suspicious characteristics or were unverified.
Tactics to prevent domain spoofing include DMARC email authentication and deploying Sender Policy Framework and DomainKeys Identified Mail. These tactics are part of the required security elements of any .bank domain registered with fTLD Registry Services, which protects .bank domains from spoofing efforts. Only banks may register .bank domains, which eliminates the risk of fraudulent lookalike domains using the .bank top-level domain.