Email Security for Banks and Financial Services: Phishing Protection

By Carla Barata • January 9, 2018

Watch AnubisNetworks’ video Interview with Fintech Finance, entitled Phishing Protection, where they look into the crafty world of Fraud. With new ways to befuddle your employees and ensnare your client’s data, AnubisNetworks is continuous working tirelessly to stay ahead of the criminals.
In this interview, they also spoke with Brown Brothers Harriman who underpin their core beliefs when it comes to Cyber Security, and with Wells Fargo, who describe the ways they are looking at their customer’s data in a safe and secure way while keeping one eye on the future of data usage.


Highlights of AnubisNetworks’ Interview:

How is AnubisNetworks dealing with some of the issues in cybersecurity?

João Gouveia, CTO at AnubisNetworks

The financial services are in a very particular situation because when it comes to email security, in general, they need to do something different from the others companies, which is they need to look at their own assets and their own people and try to protect both. They need also to have a big concern about their own customers because they often fall victims of the financial frauds via the use of botnets chain and banking trojans.

This is slightly different from most companies in the way that they not only need to be concerned about themselves as well with their customers. And this is where the combination of a good threat intelligence with an efficient email protection solution, like our product, really makes a big difference.

If the customers of a bank are being affected by a specific trojan that intends to basically steal their money from their accounts, having the knowledge about how this trojan operates, what malware these botnets spread and who are the victims that are being infected it's really important for financial institutions. Not only so that they can create mechanisms to make sure that fraud transactions don't occur, it's important they can engage with real law enforcement, in a way that allows them to participate in the takedown of that kind of operations so that it doesn't affect their own customers.

The financial institutions also have a huge responsibility in the way that they communicate with their customers, particularly over email, because if people don't trust email, which sort of happens in our days, with so many problems it's also a problem for the banks and for their customers.

But if financial institutions, like banks, use email in a responsible manner they themselves can serve as a way to provide more confidence over the email. For that, they need to employ the best practices and the good standards from authentication, from the format of email that they need to send. Because if they don't, what happens is that the customer is going to receive a fake email, that looks like sent from the bank and they will have no problem clicking on it, which can trigger a whole lot of security problems. So that responsibility of using the email also falls on the bank and it's a way to educate their own customers on using email securely.

What happens when a spear phishing attack occurs and how to prevent it?

João Gouveia, CTO at AnubisNetworks

Trying to mitigate the spear phishing from a technical perspective is really hard because if they are well done as they tend to be more sophisticated and more recently they’re more complex, this is more social engineering than anything. So, it means that the bad actors try to do their reconnaissance, to understand a lot about their target and who they are dealing with. It's more of a social engineering aspect in terms of sophistication, because their goal is always to try to send something that it's going to look legitimate, coming from someone they already expect, and it's really hard to come up with measures to fight this.

For example, there are for companies that focus on training personnel to try to identify and tell tales of this type of attacks. But usually when they do these training sessions their success rate in terms of actually being able to compromise organizations is nearly 100%, because if it's well done it's really hard to protect against that.  

With our own solutions, from a technical perspective, what we do is we try to implement all the standards and best practices in terms of how to properly make sure that we can authenticate email messages that are coming into the customer mailbox. In this way, we can look at it and say ok this message that is coming from a company or it says it's coming from other company, but in reality, the origin of the message isn't really part of that company', it’s not authorized to send email in the name of that company. So we use these standards like SPF, DKIM, DMARC to do this work and also, the way we try it’s really hard to educate users especially for us because we do the technical part.

But what we try to do is incorporate on our product ways to tag the messages, so that it can raise a warning to the user if they look suspicious in some way. It's not about outright blocking them because that sometimes can cause false positives. But sometimes, if you just add a warning, or a tag, or something that says maybe this message is spoofed, that's a way that the user can use to look at this in detail and see if it's spoofed or not. By doing that the user ends up training themselves in order to be better protected.

The difference between email security and threat intelligence in the financial sector?

José Ferreira, Email Security Expert at AnubisNetworks

Email is being used as the main attack vector when trying to compromise a system or a user account. While some thought that email use would be diminished by this time we have actually seen an increase in the use of email over time. So, it is being abused as much as possible to try to get the user to do something, whether it follows the link, opening a file, or actually convincing the user to take some kind of action like a wire transfer or something like that. And people still rely heavily on an email to perform these kinds of actions.

How does this helps create a more secure email chain?

José Ferreira, Email Security Expert at AnubisNetworks

We have a system that allows us to create some virtual relationship between senders and receivers, so we know for instance that if a well-used exchange of emails between a couple of identities occur frequently, you know that will be a good indicator that the message is legitimate. The opposite may raise some red flags about that specific transaction. The relationship between companies it's somehow important because if it is used a lot, you can somehow create that knowledge.

There is a massive increase in internal threats: (90%) of all current threats, are internal now. How does AnubisNetworks mitigate some of those threats?

José Ferreira, Email Security Expert at AnubisNetworks

That's one of the problems with spear phishing. Attackers try to impersonate a person inside of the organization and try to create some trust over the other parties. We had some mechanism to try to validate and authenticate email between parties and try to see if they are somehow trustable or really trustable. So, the user should only receive a message clean.

Watch the full video interview here. Stay tuned more videos coming soon.

Free Trial Mail Protection System