Financial Services and Social Engineering

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

The Last Watchdog

MAY 1, 2019

Social engineering, especially phishing, continues to trigger the vast majority of breach attempts. Lucy’s’s software allows companies to easily set-up customizable mock attacks to test employees’ readiness to avoid phishing, ransomware and other attacks with a social engineering component. office in Austin, TX.

Social Engineering

Social Engineering Engineering Phishing Banking

2025 Top Cyber Threats to Financial Services and How To Mitigate Them

Mitnick Security

MAY 9, 2025

In 2025, financial services firms arent asking if an attack will happen but how to stop it or minimize the fallout when it does. Phishing, ransomware, and insider threats are exposing gaps in outdated defenses and putting customer data at risk.

Financial Services

Financial Services Cyber threats Phishing Ransomware

Identity theft of 225,000 customers takes place at Latitude Financial Services

CyberSecurity Insiders

MARCH 15, 2023

Australian firm Latitude Financial Services is hitting news headlines as a cyber attack on its servers has led to the data breach of 225,000 customers. The post Identity theft of 225,000 customers takes place at Latitude Financial Services appeared first on Cybersecurity Insiders. The company which has over 2.8

Financial Services

Financial Services Identity Theft Social Engineering Cyber Attacks

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

FEBRUARY 17, 2021

“In addition to infecting victims through legitimate-looking websites, HIDDEN COBRA actors also use phishing, social networking, and social engineering techniques to lure users into downloading the malware.” million in August 2020 from a financial services company based in New York.

Cryptocurrency

Cryptocurrency Financial Services Banking Government

Report Finds 50% of Scattered Spider Phishing Domains Targeted Finance & Insurance

Digital Shadows

JANUARY 22, 2025

In this blog, well preview the reports highlights and give insights into social engineering campaigns leveraging impersonating domains and our predictions for the threats shaping 2025. Organizations should implement domain monitoring, enforce DMARC policies, and train employees to recognize social engineering methods.

Insurance

Insurance Phishing Social Engineering Engineering

Shields up US retailers. Scattered Spider threat actors can target them

Security Affairs

MAY 17, 2025

The financially motivated group UNC3944 (also known as Scattered Spider , 0ktapus ) is known for social engineering and extortion. Theyve targeted high-profile brands, possibly to boost notoriety, and often shift focus by sector, such as financial services and food industries.

Retail

Retail Social Engineering Cybercrime Financial Services

Luxury, Loyalty and Lateral Movement: Retail and Banking Attacks Surge

SecureWorld News

JUNE 4, 2025

In a matter of days, three major cybersecurity incidents have hit the retail and financial services sectors, drawing renewed attention to supply chain vulnerabilities, credential-based attacks, and the increasing value of non-financial customer data.

Retail

Retail Banking Financial Services Social Engineering

Octo Tempest cybercriminal group is "a growing concern"—Microsoft

Malwarebytes

OCTOBER 27, 2023

Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world. This can be done in a number of ways, but the most common ones involve social engineering attacks on the victim's carrier.

Social Engineering

Social Engineering Engineering Ransomware Backups

How Security Teams Collect the Data They Need for Threat Intelligence

SecureWorld News

APRIL 14, 2025

With these insights, security personnel know which attack vectors to watch more closely, how to orchestrate the defenses, and what new phishing and social engineering trends to warn employees about. It helps prioritize risks, organize protection efforts, and allocate resources more flexibly to address the most pressing threats first.

Media

Media Social Engineering Malware Financial Services

Zanubis in motion: Tracing the active evolution of the Android banking malware

SecureList

MAY 28, 2025

The threat actors behind Zanubis continue to refine its code adding features, switching between encryption algorithms, shifting targets, and tweaking social engineering techniques to accelerate infection rates. 2025: Latest campaign In mid-January of 2025, we identified new samples indicating an updated version of Zanubis.

Banking

Banking Malware Encryption Energy and Utilities

Generative AI Changes Everything You Know About Email Cyber Attacks

CyberSecurity Insiders

APRIL 4, 2023

Social engineering – specifically malicious cyber campaigns delivered via email – remain the primary source of an organization’s vulnerability to attack. Social engineering is a profitable business for hackers – according to estimates, around 3.4 billion phishing e-mails get delivered every day.

Cyber Attacks

Cyber Attacks Social Engineering Scams Phishing

SharkBot, a new Android Trojan targets banks in Europe

Security Affairs

NOVEMBER 15, 2021

The experts did not find any samples of the malware on the official Google Play Store, they pointed out that the malicious code is delivered on the users’ devices using both the side-loading technique and social engineering schemes. At the time of this writing, the SharkBot can interact with the apps of 22 banks.

Banking

Banking Mobile Social Engineering Malware

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

eSecurity Planet

SEPTEMBER 30, 2021

“Over the past few months, we’ve seen actors provide access to services that call victims, appear as a legitimate call from a specific bank and deceive victims into typing an OTP or other verification code into a mobile phone in order to capture and deliver the codes to the operator,” the Intel 471 researchers wrote.

Authentication

Authentication Social Engineering Phishing Banking

A Deep Dive into the Last Vendor Breaches of 2024: What We Learned

Responsible Cyber

NOVEMBER 23, 2024

Financial services have also faced significant incidents, with many institutions relying heavily on third-party technology partners to deliver essential services. Industries most affected by these breaches include healthcare, finance, and retail, where sensitive data is routinely shared with vendors for operational efficiency.

Risk

Risk Healthcare Education Cybersecurity

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

Krebs on Security

OCTOBER 7, 2022

who in April 2022 opened an investigation into fraud tied to Zelle , the “peer-to-peer” digital payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Elizabeth Warren (D-Mass.), Bank , and Wells Fargo. ” Sen.

Banking

Banking Accountability Scams Passwords

Top Third-Party Data Breaches of 2024: What You Need to Know

Responsible Cyber

NOVEMBER 17, 2024

Image Source: AI Generated Recent data breaches have exposed sensitive information from millions of customers across healthcare, financial services, and technology sectors. The impact extends beyond immediate financial losses. Bank of America confirmed that 57,028 of its customers were directly affected by the incident.

Data breaches

Data breaches Healthcare Social Engineering Financial Services

Telegram-powered bots circumvent 2FA

Malwarebytes

SEPTEMBER 30, 2021

These services include calling their target victims, appearing to be from their bank, and socially engineering them into handing over a one-time password (OTP)—or other verification code—to the bot operators. ” Intel 147 has been observing these activities since June when services like these started operating.

Banking

Banking Authentication Social Engineering Passwords

NYDFS Cybersecurity Regulation: Dates, Facts and Requirements

Centraleyes

MARCH 13, 2025

If you’re part of the financial services ecosystem hereor interact with businesses regulated by the New York State Department of Financial Servicesyouve likely come across the NYDFS Cybersecurity Regulation. New York, the city that never sleeps, is also the city that takes cybersecurity very seriously.

Cybersecurity

Cybersecurity Financial Services Risk Encryption

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

Targeted Phishing and Social Engineering: In some cases, attackers may employ targeted phishing emails or social engineering techniques to gain initial access to a system within the target network. By using specific search queries, an attacker can identify systems that are potentially susceptible to EternalBlue.

Social Engineering

Social Engineering Penetration Testing Engineering Phishing

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Zero Day

JUNE 20, 2025

And while financial costs may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, identity theft, and damage to credit. You must also inform your bank or financial services provider so they can be on the lookout for suspicious and fraudulent transactions.

Passwords

Passwords Data breaches Password Management Identity Theft

Fraud Shifts to Travel, Gaming Sites as Economies Reopen

Security Boulevard

AUGUST 16, 2021

The prevalence of digital fraud attempts on businesses and consumers continues to rise as malicious actors are shifting their focus in 2021 from financial services to travel and leisure and other industries. globally.

Financial Services

Financial Services Social Engineering Accountability Security Awareness

ChatGPT and How Generative AI Is Changing the Attack Landscape

SecureWorld News

MAY 30, 2023

In the recent SecureWorld Financial Services virtual conference , Mike Britton and Dan Sheiber of Abnormal Security joined Adam Pendleton, CISO of LendingPoint, to discuss ChatGPT's impressive capabilities. But it is powerful, and the danger lies with what can be done using the chatbot tool.

Artificial Intelligence

Artificial Intelligence CISO Social Engineering Financial Services

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Duo's Security Blog

NOVEMBER 20, 2023

This group of English-speaking threat actors are known for launching sophisticated campaigns that can bypass weak MFA implementations, leveraging tactics such as SIM swapping, adversary-in-the-middle (AiTM) techniques, and social engineering to gain unauthorized access to organizations’ sensitive data.

Threat Detection

Threat Detection Authentication Accountability Data breaches

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

Zero Day

JUNE 22, 2025

And while financial costs may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, identity theft, and damage to credit. You must also inform your bank or financial services provider so they can be on the lookout for suspicious and fraudulent transactions.

Passwords

Passwords Data breaches Password Management Identity Theft

Defending your ever-changing attack surface

IT Security Guru

JUNE 17, 2024

It also includes network vulnerabilities, like open or unprotected ports, unpatched software, and avenues for phishing or social engineering attacks. Industries such as financial services have effectively needed to redesign their entire business structures in order to keep up with the pace of digitalisation.

Financial Services

Financial Services Manufacturing Social Engineering Risk

The danger of data breaches — what you really need to know

Webroot

APRIL 22, 2025

Financial services industry: Banks, insurance companies and other financial organizations offer a wealth of opportunity for hackers who can use stolen bank account and credit card information for their own financial gain. In 2024, there were 14 data breaches involving 1 million or more healthcare records.

Data breaches

Data breaches Identity Theft Passwords eCommerce

Cyber Attack news headlines trending on Google

CyberSecurity Insiders

JANUARY 19, 2023

The first news that is trending is associated with financial service provider PayPal. News is out that social security numbers of nearly 35,000 users were leaked in a cyber attack that could have emerged from a credential stuffing campaign launched by a state funded actor.

Cyber Attacks

Cyber Attacks Social Engineering Financial Services Encryption

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Data breaches

Data breaches Cybercrime Firewall Ransomware

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Security Affairs

APRIL 30, 2020

ybercriminals behind the PerSwaysion campaign gained access to many confidential corporate MS Office365 emails of mainly financial service companies, law firms, and real estate groups. Group-IB set up a website , where everyone can check if their email was compromised by PerSwaysion.

Phishing

Phishing Accountability Financial Services Cloud Migration

Research partnership to examine how fraudsters abuse financial tech innovations

SC Magazine

JULY 2, 2021

Such discoveries would no doubt prove useful to the financial services community at large. Past research from the EBCS includes an examination of public Wi-Fi dangers and deceptions, and the progression of online fraudulent events, including the use of social engineering tactics.

Financial Services

Financial Services Banking Identity Theft Technology

How Your Company Can Prevent a Cyberattack

Adam Levin

AUGUST 21, 2019

Other programs cover specific topics, like how to navigate the web without picking up a virus, how to recognize social engineering (a fancy term for the hacking practice of luring in unsuspecting victims with links and offers of this or that slice of paradise), safe mobile practice, safe travel practices, safe email practice, and much more.

Phishing

Phishing Accountability Hacking Cybersecurity

A massive phishing campaign using QR codes targets the energy sector

Security Affairs

AUGUST 16, 2023

Other top 4 targeted industries include Manufacturing, Insurance, Technology, and Financial Services seeing 15%, 9%, 7%, and 6% of the campaign traffic respectively.” com (Cloudflare’s Web3 services). ” Most of the links included in the phishing messages were comprised of Bing redirect URLs.

Phishing

Phishing Energy and Utilities Insurance Manufacturing

2022 Security Challenges and 2023 Security Predictions

CyberSecurity Insiders

NOVEMBER 29, 2022

Globally, healthcare, financial services, manufacturing and state and local governments continue to see a rise in the frequency of attacks. According to the SonicWall Cyber Threat Report, the global volume of ransomware is increasing by 98%. Phishing Targeted Attacks.

Phishing

Phishing Technology IoT Manufacturing

Investment fraud overtakes business email compromise as most reported fraud

Malwarebytes

MARCH 13, 2023

Mostly by deploying social engineering, victims are tricked into linking their cryptocurrency wallet to a fraudulent liquidity mining application. Within those complaints, cryptocurrency investment fraud rose from $907 million in 2021 to $2.57 billion in 2022, an increase of 183%. Total victim losses in 2022 amounted to $10.3

Cryptocurrency

Cryptocurrency Scams Media Social Engineering

Multi-Factor Authentication Best Practices & Solutions

eSecurity Planet

OCTOBER 5, 2021

And social engineering can crack even more considering how many people include the names of their families and birthdays. Banking, financial services, and insurance industries constitute the largest share of adopters, with North America leading adoption, according to Orbis Research. MFA can be hacked.

Authentication

Authentication Passwords Mobile Accountability

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

He is a cybersecurity and M&A professional, focusing predominantly within financial services, life sciences, health care and retail industries. Ashutosh Kapsé is the head of cybersecurity at IOOF Holdings Limited, one of the largest non-banking financial services organizations in Australia.

Computers and Electronics

Computers and Electronics Technology Information Security Education

VA Data Breach: An Attack on Those Who Served

SecureWorld News

SEPTEMBER 15, 2020

Here is how cybercriminals carried out the attack: "A preliminary review indicates these unauthorized users gained access to the application to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols.

Data breaches

Data breaches Social Engineering Government Financial Services

Don’t Get Hooked! 5 Essential Security Tips to Combat Holiday Phishing

Duo's Security Blog

DECEMBER 19, 2024

While we tend to associate phishing emails more with our personal accounts, attacks targeting our work identities whether through socially engineered phishing, brute force, or another form, are very common. An email containing a QR code constructed from Unicode characters (defanged) identified by Cisco Talos.

Phishing

Phishing Authentication Social Engineering Passwords

Top 5 Industries Most Vulnerable to Data Breaches in 2023

Security Boulevard

JUNE 26, 2023

Unfortunately, the increasing reliance on digital systems and capabilities has also attracted an ever-growing number of malicious actors seeking to defraud businesses through phishing , social engineering , or ransomware attacks. The end result of these types of cyber attacks are often highly public and damaging data breaches.

Data breaches

Data breaches Healthcare Telecommunications Financial Services

Spoofed Domains Still a Persistent Threat

Security Boulevard

JULY 13, 2021

Domains impersonating companies and their brand names still pose a significant threat—research from Digital Shadows released today found that on average 1,100 fake websites are registered against individual organizations annually.

Phishing

Phishing Financial Services Social Engineering Engineering

Breaking Free from Passwords: Passkeys and the Future of Digital Services

Thales Cloud Protection & Licensing

SEPTEMBER 2, 2024

This approach can reduce the risk of account takeover through password theft or social engineering attacks while making the login process faster and more user-friendly. Many regulations, such as PSD2 for financial services, require device binding.

Passwords

Passwords Authentication Social Engineering Phishing

Websites repeatedly stalked by fraudulent copycats, say researchers

SC Magazine

JULY 13, 2021

Digital Shadows reports that out of its total client base, businesses operating in the financial services, food and beverage, technology, health care, and insurance verticals were responsible for nearly half of all total risk events observed. “We

Phishing

Phishing Identity Theft Social Engineering Technology

Scammers impersonate execs to target big payout of investor dollars

SC Magazine

MARCH 4, 2021

Researchers have spotted a new business email compromise (BEC) trend that, if perfected, could represent a significant social engineering threat to the financial investment and private equity community.

Scams

Scams Security Awareness Banking Social Engineering

Popular apps left biometric data, IDs of millions of users in danger

Security Affairs

JANUARY 27, 2022

Onfido, a London-based company, offers photo-based IDV services for businesses. Financial service providers, car rentals, and many other suppliers that need to confirm customer identities employ similar third-party services. Threat actors can abuse PII to conduct phishing and social engineering attacks.

Identity Theft

Identity Theft Accountability Data breaches Social Engineering

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

2025 Top Cyber Threats to Financial Services and How To Mitigate Them

Trending Sources

Identity theft of 225,000 customers takes place at Latitude Financial Services

U.S. Indicts North Korean Hackers in Theft of $200 Million

Report Finds 50% of Scattered Spider Phishing Domains Targeted Finance & Insurance

Shields up US retailers. Scattered Spider threat actors can target them

Luxury, Loyalty and Lateral Movement: Retail and Banking Attacks Surge

Octo Tempest cybercriminal group is "a growing concern"—Microsoft

How Security Teams Collect the Data They Need for Threat Intelligence

Zanubis in motion: Tracing the active evolution of the Android banking malware

Generative AI Changes Everything You Know About Email Cyber Attacks

SharkBot, a new Android Trojan targets banks in Europe

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

A Deep Dive into the Last Vendor Breaches of 2024: What We Learned

Report: Big U.S. Banks Are Stiffing Account Takeover Victims

Top Third-Party Data Breaches of 2024: What You Need to Know

Telegram-powered bots circumvent 2FA

NYDFS Cybersecurity Regulation: Dates, Facts and Requirements

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Fraud Shifts to Travel, Gaming Sites as Economies Reopen

ChatGPT and How Generative AI Is Changing the Attack Landscape

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

Defending your ever-changing attack surface

The danger of data breaches — what you really need to know

Cyber Attack news headlines trending on Google

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Research partnership to examine how fraudsters abuse financial tech innovations

How Your Company Can Prevent a Cyberattack

A massive phishing campaign using QR codes targets the energy sector

2022 Security Challenges and 2023 Security Predictions

Investment fraud overtakes business email compromise as most reported fraud

Multi-Factor Authentication Best Practices & Solutions

Meet the 2021 SC Awards judges

VA Data Breach: An Attack on Those Who Served

Don’t Get Hooked! 5 Essential Security Tips to Combat Holiday Phishing

Top 5 Industries Most Vulnerable to Data Breaches in 2023

Spoofed Domains Still a Persistent Threat

Breaking Free from Passwords: Passkeys and the Future of Digital Services

Websites repeatedly stalked by fraudulent copycats, say researchers

Scammers impersonate execs to target big payout of investor dollars

Popular apps left biometric data, IDs of millions of users in danger

Stay Connected