Thousands of employees could be falling victim to obvious phishing scams every month

Bankers need to be aware of phishing attacks, report warns

· TechRadar

News By Craig Hale published 8 November 2024

(Image credit: Pixabay)
  • Three in 1,000 bankers click on a phishing link every month, report claims
  • Russia is believed to be the leading force behind banking attacks
  • Banks are wary about new tech like GenAI, which does go some way to helping

New research has claimed a concerning amount of banking employees click on a phishing link each month, making it one of the most common threats in the sector.

A report from Netskope found three in every 1,000 employees would fall victim to such scams, so of the estimated 362,000 banking employees in the UK in 2023, this equates to more than 1,000 workers clicking a dodgy link sent to them.

According to the report, hackers are getting a lot of their success from designing phishing pages to mimic the target bank’s website, stealing bank account information and login credentials to commit fraud.

Phishing is rife in banking

Netskope identified Downloader.SLoad (Starslord), Infostealer.AgentTesla, Trojan.FakeUpdater, Trojan.Parrottds and Trojan.Valyria as the most recently used malware families to be aware of, highlighting that Russian criminal groups are the most likely to target this industry.

Despite the serious threat of phishing attacks, banks were found to be more hesitant about adopting new technologies than other industries, with 87% of banks using generative AI compared with the cross-industry average of 97%. More than half of banks also use Data Loss Prevention measures to manage data going into GenAI apps.

"[Banks] are more aggressive at blocking apps without a legitimate business purpose and using DLP to control what can be sent to allowed apps," commented Netskope Threat Labs Director, Ray Canzanese.

The company’s advice to banks, as well as all other industries, is to inspect all HTTP and HTTPS downloads to prevent malware from infiltrating a network. Companies should also ensure that high-risk file types are thoroughly inspected with status and dynamic analysis.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors