Jul 05 2023

How Can Financial Services Companies Protect Their Customers from Spoofed Websites?

Look-alike websites entice customers to offer up their user credentials, but a new service helps businesses fight back.

Consumers lost more than $8.8 billion to fraud and scams in 2022, according to data from the Federal Trade Commission. The top complaint? Imposters — people or websites pretending to be legitimate when they’re actually after personal or financial data.

Consider the recent Europol crackdown on a Netherlands-based phishing ring, which stole millions of dollars from bank customers by sending them to fake websites and convincing them to hand over credentials. It’s a growing problem: Attackers create authentic-looking bank websites and login portals, compel customers to act with urgent emails or text messages, then steal their credentials to access secure financial portals and drain customer accounts.

Many banks, however, are unaware of these sites — until customers get in contact with questions about what happened to their accounts and where all their money has gone.

Click the banner to learn how your organization can increase its ransomware recovery capabilities.

Phishing, Spoofing, Smishing: The Financial Fraud Trifecta

Malicious actors often use one or more of three common compromise methods: phishing, spoofing and smishing. Smishing (or SMS phishing) is similar to the more familiar phishing except that customers receive a text message with a link instead of an email.

In all cases, spoofed websites are the destination for these links; attackers mimic the style, font, color and design of legitimate bank websites to convince customers that they can safely enter their account information.

On their own, each of these attack types represents a potential compromise. When paired, the likelihood of success increases significantly. For example, if cybercriminals get clients to click through with convincing emails, they can send them to spoofed bank home pages that look legitimate. Once credentials are entered, however, attackers have full access to customer accounts.

READ MORE: Find out how AI can help financial institutions with risk mitigation.

What Fake Websites Mean for Banks

For banks, fake websites and the malicious messages that send clients to them are a growing problem. In part, this is because banks are often behind the curve when it comes to detection: Unless a customer reports it, banks may be unaware of a site’s existence. By the time the bank discover it, customers have been victimized.

Tracking down these sites one by one is a time-consuming game of whack-a-mole, especially for IT teams already tasked with defending business data.

As noted by American Banker, however, the Consumer Financial Protection Bureau is working on guidance that may see banks held accountable for certain types of fraud tied to digital payment scams. Even if banks are unaware of what’s happening, they could still be on the hook for customer damages.

FIND OUT: Learn the top financial trends that are shaping 2023.

How Banks Can Fight Back Against Spoofed Websites

BlueVoyant, a CDW partner, offers a solution to this challenge with its Digital Risk Protection platform, which can help banks stay ahead of these inventive imitators. DRP is an end-to-end digital risk solution that helps banks both detect and eliminate cyberthreats before they impact customers.

Key features of the platform include:

  • Digital brand protection, which actively monitors for brand impersonators using spoofed web domains, social media fraud or malicious apps to lure unsuspecting customers. In addition, BlueVoyant will go beyond simply monitoring the existence of these sites, assisting organizations with taking them down — even running “stings” aimed at helping to catch the bad guys.
  • Data leakage detection, which gathers intelligence from the clear, deep and dark web to detect potential compromise.
  • Account takeover monitoring, which sends alerts to banks from BlueVoyant experts if compromised data or credentials are sold or exchanged. DRP can also take action to remediate the exposure.
  • Fraud campaign discovery, which monitors groups across instant messaging applications such as WhatsApp, Telegram and Discord to discover stolen data and leaked bank account information.

UP NEXT: Learn how financial firms are mining insights from their data.

DRP is priced on a per-user basis, making it easier for banks to balance security benefits and budgets.

Spoofing, phishing and smishing continue to cause trouble for banks — problems they’re often unaware of until fraud has already occurred. With DRP from BlueVoyant, financial firms can take control of their digital presence and take steps to eliminate potential imitators.

This article is part of BizTech's EquITy blog series. Please join the discussion on Twitter.


fizkes / getty images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT