Interview with Nordea on cybercrime trends and fraud management solutions

What are the current cybercrime trends in the retail and corporate banking sector, particularly in the Nordic countries?

We have divided cybercrime trends into local and global threats. If we are looking at the global threats, which are likely to rise in the coming year, we see investment scams, CEO fraud, Business Email Compromise (BEC) fraud, phishing, smishing, and vishing. Notably, vishing is prevalent in Sweden and it is likely to come to Norway and other Nordic countries. At the local level, the common threats identified are friendly fraud, identity theft, card scams, and again phishing. Nevertheless, the employees are usually the weak link, as in most cases the threat comes from the inside. Why? Because the staff within the organisation is not well trained to recognise a cyber-attack, or sometimes they commit fraud on purpose. Due to the developed economy and prosperous businesses, Nordic countries are highly digital, and this makes them a good target for cybercriminals.

How does the anatomy of cyber-attacks look like?

There are two types of cyber-attacks; however, it is often some kind of combination of the two: those where the fraudsters manipulate people’s minds and those where the fraudsters manipulate people’s devices (or hack/misuse email box, inlogging, etc). The first type is essentially the social engineering fraud and it is usually exercised over an organisation’s staff. Cybercriminals hack emails, but most of the time, at least for CEO fraud, the manipulation of the employees is a common practice. The attacks that go through social engineering are investment scams, BEC fraud, love scams, phishing, smishing, vishing, friendly fraud, and identity theft, but they can also include bits of technical fraud.

The technical advanced fraud is when fraudsters have the skills and knowledge of producing technical bits in order to attack, so then they use malwares, different types of Trojans and viruses in order to get into the computers of the customers. By any means, the most successful frauds are those resulted from a combination of social engineering and technical elements.

Could you please share with our readers some recommendations on strengthening the fraud prevention management?

One of the important things to do, as an organisation, is to identify the risk group within. It’s not always about the money, the information, or the different knowledge that only the company has; the projects or any other type or valuable resources that can be stolen and commercialised by fraudsters are also things worth considering. It is also important to know what information is shared between the company, the staff, and the public. In addition, one has to always make sure that the employees are aware of the risks, and they should always be updated about potential attacks. Therefore, educating people on a constant basis is a way of reducing risks. One should constantly monitor the way emails are used (for instance, how the flags in the email function are used), the money transfers, and other types of transactions.

When it comes to transactions, we recommend the four eyes principle: two people to verify when the company made a payment and to make sure fraudsters don’t manipulate the bills or the emails. In addition, it’s always crucial to make sure the utilised technology is up to date. And there is also the password culture: obviously, people should understand they shouldn’t share passwords under any circumstances, and they should know how to build a strong password. Moreover, companies should adapt a correct password culture for their staff.

This editorial was first published in the Web Fraud Prevention, Identity Verification & Authentication Guide 2018-2019. The Guide covers some of the security challenges encountered in the ecommerce and banking, and financial services ecosystems. Moreover, it provides payment and fraud and risk management professionals with a series of insightful perspectives on key aspects, such as fraud management, identity verification, online authentication, and regulation.

About Nordea

Nordea is the largest bank by size in the Nordic region and the only bank that has a truly Nordic identity at its heart and culture. With key operations in every Nordic country, Nordea has been playing a fundamental part in establishing the shared economy in the region and in fostering a borderless trading area.