As online banking rises and the number of traditional banks across the United States decline, financial crimes continue their prevalence. From 4,715 banks last December 2022 to 4,577 last March 2024, there was a 138 bank decrease just for the past three years, and it is expected to continue to decline. There are multiple reasons for this: poor risk management, ineffective regulation and supervision, weak corporate governance, high nonperforming loans, low capital adequacy ratio, and monetary policy, among others. But it's clear that the number of banks continue to decline.
As traditional banks shut their doors and online banking becomes the norm, the safety of customer accounts is more critical than ever. With digital platforms handling sensitive financial data, the risk of cyber threats, identity theft, and fraud, increases. This makes taking security measures a top priority for both financial institutions and users. However, despite advancements in security, criminals continue to exploit vulnerabilities, leading to various forms of financial crimes.
These include the following financial crimes:
Phishing: This is an activity that intends to deceive by stealing sensitive banking information. It usually involves a victim who receives an email that appears to be from a reputable institution, such as a bank or a trusted website, urging the "customer" to verify their account credentials. Such emails are fraudulent and shouldn’t be clicked on. And they can seem to be urgent to pressure the victim to input their credentials on the provided link to a fraudulent website.
Vishing: This attack is similar to phishing, but in this attack, scammers use phone calls, known as vishing (phishing by voice), to steal a victim's sensitive banking details by posing as bank representatives, like the victim's login, username, transaction passwords, or personal data like birthdates or mother's maiden name. They trick victims into sharing sensitive information or transferring money.
Smishing (SMS Phishing): A scam where fraudsters use text messages to trick victims into sharing personal or financial information. They often send messages from toll-free numbers, claiming an account needs an update or offering fake deals, with a link to a fraudulent site. Clicking on a link in the message can expose a victim's confidential details.
Malware: Cybercriminals use malicious software to steal banking information. It often spreads through fake bank emails with virus-infected attachments. Once installed, malware can mimic banking apps, intercept data, or even control devices remotely. Common types of malware are Remote Access Trojans (RATs), Man-in-the-Browser (MitB), overlays, and SMS sniffers.
Fake Website Scam: This type of scam, also known as ‘Website Spoofing', creates fake websites that look like real banking or shopping sites to steal personal and financial information. They copy logos, designs, and even website code to make them more authentic. Victims are tricked into entering login credentials, which scammers steal.
SIM Swap: This scam is known as a Mobile Number Scam, wherein scammers use social engineering to transfer your phone number to a new SIM in their possession. This gives them access to OTPs (one-time-passwords) and alerts they need to steal from victims' bank accounts.
The Kaspersky categorized the two types of scams in the digital banking world.
Account Takeovers (ATO) are digital banking frauds where a cybercriminal takes over a bank account with stolen information that frequently is available to criminals through the "dark web" where data—stolen through breaches, or through skimmers at points-of-sale or ATMs—are for sale to yet more rounds of criminals.
Automatic Transfer Systems (ATS) are malware secretly installed by cyber criminals on a victims' computers or mobile devices to intercept online banking sessions. Once installed, possibly through an email or text link, ATS allows attackers to evade multi-factor authentication and carry out fraud efficiently. Once a victim user logs in, the ATS manipulates transactions in real time without the user noticing—automatically creating unauthorized money transfers to mule accounts while showing the user fake, normal-looking account balances. ATS attacks are highly sophisticated, and they bypass traditional security measures like two-factor authentication by operating inside a legitimate, authenticated session.
With so many types of frauds going around, onlined, in person, by phone, and in other ways, it’s ever more difficult to protect ourselves from attacks. But they can be prevented. Here are common-sense, useful actions you can take to protect yourself:
Secure your personal information, such as your birthdate, Social Security number, bank account information, passwords, and other information.
Regularly change your password or username every three months. Always remember to use strong passwords.
Be cautious with emails, messages, or even calls you receive, and don’t open suspicious emails or links. In addition, don’t give out one-time passwords, to a person who calls you claiming to be a bank representative verifying your efforts to sign in. If you get a call from your bank, get the person's name and department and say you will call back. Scammers may use masked phone numbers that appear to be from a legitimate institution. Then you originate a call to a number you know to be your bank's.
Keep yourself up to date with the latest financial crimes and cyber threats, such as current scams or fraud schemes.
Don’t fall for the "rush." Scammers use urgency to trick victims, such as claiming your account will be canceled, you owe a penalty, or you’re missing out on a special deal, to pressure you into acting fast.
Protecting yourself from banking fraud requires vigilance, awareness, and the practice of security measures. As cybercriminals continue to evolve their tactics, staying informed about the latest threats is essential. In addition, effective risk management plays a crucial role in protecting individuals and businesses from financial fraud and cyber threats. Firms specializing in risk assessment, fraud detection, and cybersecurity—like Inquesta—offer comprehensive solutions to identify vulnerabilities, implement advanced security measures, and develop proactive strategies against emerging threats. Partnering with experts in risk management ensures that both individuals and businesses can stay ahead of cybercriminals, mitigate financial losses, and maintain trust in their financial operations.
References:
Bavoso, V., García-Ochoa, C., & Moreno, C. (2023). Crypto-banking and the new governance of financial services: A regulatory conundrum (MPRA Paper No. 120153). Munich Personal RePEc Archive. https://mpra.ub.uni-muenchen.de/120153/1/MPRA_paper_120153.pdf
Federal Deposit Insurance Corporation. (2021, October). Avoiding scams and scammers. FDIC. Retrieved from https://www.fdic.gov/consumer-resource-center/2021-10/avoiding-scams-and-scammers
Kaspersky. (n.d.). What is online banking fraud?. Kaspersky. Retrieved from https://www.kaspersky.com/resource-center/threats/online-banking-theft
MX. (n.d.). Biggest banks by asset size in the United States. MX. Retrieved from https://www.mx.com/blog/biggest-banks-by-asset-size-united-states/
