Magazine article American Banker

Three Ways to Thwart Hackers' Attempts at Persuasion

Magazine article American Banker

Three Ways to Thwart Hackers' Attempts at Persuasion

Article excerpt

Byline: Jay McLaughlin

Thanks to movies and crime shows, we often think of cybercriminals as antisocial computer whizzes with impeccable typing abilities, an affinity for baggy hoodies and a multimonitor computer setup illuminating their dark hideouts. But instead of focusing on the fraudster's technological knowledge, picture the criminal as a sophisticated persuasion specialist with degrees in psychology and research.

These hackers make a living on using psychological tricks to prey on emotions to obtain information, and unfortunately, business is good. The Anti-Phishing Working Group reported more than 803,756 unique phishing attacks in 2015, of which about 21% targeted financial institutions.

To prepare for the mental manipulation, your institution must examine the emotional tactics used in cyberattacks and formulate a systematic defensive strategy that relies on institutional wariness. Here are three tactics your employees need to use to mitigate the risks.

A Respectful Cold Shoulder

Fraudsters can create elaborate lies to trick unsuspecting victims into disclosing sensitive information. Examples of this tactic include calling into the back office attempting to impersonate account holders to request the movement of funds, reset a password, or obtain a temporary access code.

Financial institutions try to prepare employees for these threats, but pretexting is still a very successful means of perpetrating fraud. These fraudsters have an arsenal of information to disarm even the best-trained employee. Because your staff wants to do whatever they can to satisfy the customer, fraudsters exploit that desire to help. Successful fraudsters also use fear to get what they want. They might call into a back office claiming to have a personal friendship with an executive and threaten the employee's (victim's) job if their needs are not met. Combat this type of attack by educating everyone in your organization on the threat -- not just customer-facing employees. Encourage them to practice respectful uncertainty and to follow the institution's procedures, whatever the circumstance.

Inbox Scrutiny

By now, we should know to be suspicious of any unsolicited email requesting personal financial information, even if the message appears to be from an entity you trust. Fraudsters prey on our tendency to trust, but also exploit the carelessness we sometimes have when sorting email. Beware of links embedded in suspicious emails. Consider bookmarking free sites which convert any URL into a PDF and present it back to you so you can view the content of a webpage before visiting.

One of the increasingly common scams, often referred to as business email compromise, involves sending carefully crafted emails made to look nearly identical to messages a victim would normally see in his or her own inbox from a known party, such as a colleague or boss. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.