Anteeksi...

Sivua ei ole saatavilla suomeksi

Pysy sivulla | Siirry aiheeseen liittyvälle suomenkieliselle sivulle

28-10-2021 09:00

Cyber Security Month: Being prepared all year round

October is Cyber Security Month and a chance to raise awareness about the potential threats from cybercrime people and companies face in an increasingly digital and interconnected world. Helena Wall, Head of Fraud Intelligence and Awareness within Fraud Management at Nordea, explains why it is critically important to stay alert against potential fraud attempts all year round and shares some tips to remember in order to reduce the chances of becoming a victim of digital fraud.
Person typing on laptop

What are some of the highlights from the activities Nordea has been running or been a part of to raise awareness around cyber security and fraud in October?

Helena Wall, Head of Fraud Intelligence and Awareness within Fraud Management at Nordea

Cyber security is obviously something banks and financial institutions are very focused on throughout the year but October gives us a good chance to highlight the theme proactively to both customers, employees and society in general.

Nordea has been very active and engaged during Cyber Security Month. We have arranged no less than 11 internal webinars touching on the topic from different angles to raise awareness amongst employees of the bank, regardless of the type of work that they do. Looking at cyber security and fraud from an internal perspective, we have focused on the key things employees need to think about such as how easy is it to click on the wrong thing or give out information by mistake or maybe in the worst case scenario, dragging a malicious file inside the bank without realising.

Nordea has also participated in, as well as hosted, local customer facing webinars in cooperation with other partners. In Sweden, for example, we held two live webinars together with the National Fraud prevention branch of the police. This time around we actually pushed invites to the fraud awareness seminars through the Nordea mobile banking app. That was quite a new thing for us and we had many people dialing in.

Our joint seminars with the police focused on how to prevent becoming a victim of cybercrime and what to do if this unfortunately happens to be the case. During the sessions, the police reminded participants that although for offline and other types of crimes, the first thing you should do is actually contact the police, if you suspect a cybercrime the first thing you should do is contact the bank because if you’re really quick, you might even have a chance to stop the crime before it develops. Then you can contact the police.

We also have other types of activities that are ongoing on a regular basis where we highlight the fraud risks. For instance, in the more general topic of how to become more digital, we would highlight a fraud awareness aspect to that as well.

Cyber security is obviously something banks and financial institutions are very focused on throughout the year but October gives us a good chance to highlight the theme proactively to both customers, employees and society in general.

Helena Wall, Head of Fraud Intelligence and Awareness within Fraud Management at Nordea

Why is this subject still one of the key points on the agenda for Nordea and the financial industry?

Unfortunately fraud and other types of cybercrime are here to stay. You never see it slowing down no matter the kind of resources that are used to combat it. In fact it’s a growing problem, not only for our customers and for financial institutions, but for society in a larger sense. These types of criminal activities are unfortunately the dark side of becoming more digital. No matter how strong or smart bank’s technical defences are, people are still people and can be tricked or mislead. Threat actors and fraudsters are agile, opportunistic and very good at finding new ways to exploit any vulnerability they find. They spend all of their time monitoring all sorts of different systems, thresholds and limits so they can adjust very quickly.

In the Nordic market, financial institutions like banks have solid security solutions in place, at least if we compare globally to other markets where you can enter your bank account simply with a username and password or create an account and prove who you are by showing an energy bill. Still, people are just people and can be fooled. Anyone can in fact become a victim under specific circumstances. This is why it is so important to continue to educate, to raise awareness and remind both company employees and customers on what to avoid and what to look out for. Repetition is key.

Cybercrime and fraud attempts are instigated by both local and internationally located threat actors. Currently we have a big problem in the Nordics, especially in Sweden with the scenario known as vishing. Vishing is a type of phishing (any type of message from an email, SMS, chat or other source that aims to steal a person’s identity or personal information) which uses the voice to try to commit the fraud. In vishing scams, typically fraudsters will call pretending to be the bank, the police or the telephone company, etc, and run a story that tries to trick the potential victim into sharing their bank or ID information so that they can then issue new credentials and empty any associated bank accounts.

Internationally, we are also seeing actors, of course, continuing to attempt to put malicious software on people’s phones and devices. For companies, a common trick employed by fraudsters is known as ‘compromise fraud’ and is related to business e-mails sent between two companies doing business with one another. A cybercriminal will attempt to intercept email communications or even place malware on one of the e-mails which picks up an invoice that is going to be paid and then changes the account number resulting in the money ending up somewhere else. When we talk about these types of fraud cases, the attacker might be located anywhere in the world.

Anyone can in fact become a victim under specific circumstances. This is why it is so important to continue to educate, to raise awareness and remind both company employees and customers on what to avoid and what to look out for. Repetition is key.
 

Helena Wall, Head of Fraud Intelligence and Awareness within Fraud Management at Nordea

What 3 tips can you give private people to try to reduce the chances of becoming victims of digital fraud?

Even though fraud and cyber-attacks develop and change over time, there are still actions that you can take as a matter of course to increase the security of your digital activities.

  1. Don’t ever follow instructions in SMS’s, emails or even phone calls to use your security credentials, unless you yourself have initiated the process by for example calling your bank’s Customer Service helpline. If in doubt, always double-check!
  2. Be careful about the things you disclose on social media and don’t accept strange or unusual procedures when selling or buying in online marketplaces.
  3. Always read very carefully what you are signing.

What 3 tips can you give companies to try to reduce the chances of becoming victims of digital fraud?

  1. Make sure to raise awareness amongst all employees on the common cybercrime and fraud types being used to target companies such as business e-mail compromise where account numbers on invoices are manipulated. Have a policy on how such account changes should be verified before execution.
  2. Educate employees on the risks of phishing of company mail credentials which is often the weak spot in business e-mail compromise but also the risk of employees clicking on attachments and links and exposing the company for a ransomware attack.
  3. Use the ‘four eyes’ principle in handling transactions – always have at least two people check any payment.

For both private and corporate customers, consider the need to have antivirus software installed also on mobile phones and not only just on computers.

About Helena Wall

Helena Wall is the Head of Fraud Intelligence and Awareness within Fraud Management at Nordea Bank. She has been working in different roles in the field of anti-fraud since 2014. Before that, she worked for 14 years in different positions within the area of Internet banking at the bank. Since 2016 Helena is also a Certified Fraud Examiner by the ACFE (Association of Certified Fraud Examiners).

Insights
Cash management
Payments