Skip to main content
The Security Event

8 - 10 April 2025 | NEC Birmingham, UK


Security Cameras

15 Mar 2021

Financial Services: Tackling the ever-growing threat of BEC and email spoofing attacks

Equilibrium Cyber Security Services

For financial services firms, cyber-attacks are the bank robberies of the digital age. Since the advent of computers, criminals no longer need balaclavas, guns or a getaway car on standby. Today’s cyber-criminals can conduct attacks from behind a computer screen. For obvious reasons, financial firms have always been a prime target for cyber-criminals. Unfortunatley, due to the sensitive nature of the information they process, banks are faced with a barrage of phishing and impersonation attacks on a daily basis.

Although banks have always been at risk of fraudulent attacks, since the start of the Covid19 pandemic, cyber-criminals have really upped the ante against the sector. According to research conducted by Carbon Black, attacks on banks and other financial institutions spiked by 38% between February and March, this accounted for 52% of all attacks observed. Over the past year, there have been countless targeted scams, involving both consumers and employees. These have ranged from BEC spoofing attacks, to smishing fraud and wire transfer scams.

Like with many industries, email is now the primary method of communication used for internal comms, suppliers and their customers. Unfortunately, fraudsters are keen to exploit any email security weaknesses. Recent research by Bitdefender discovered that email spoofing involving banks, dramatically surged during lockdown. As the pandemic struck, fraudsters quickly responded to the sudden rise in online banking and shopping.

For example, in September, over one third of incoming emails relating to financial services was marked as spam. A month later, more than half were identified as fraudulent. Not only are consumers faced with a huge volume of scam emails, they are also becoming more difficult to distinguish from legitimate bank correspondence. Hackers use brand colours, identical formatting and mimic industry language. The cyber-criminals of this new decade are a far cry from the ‘shadowy lone figure in his bedroom’ stereotype. They now belong to organised criminal enterprises- which are run like efficient businesses.

The threat of domain spoofing and Business Email Compromise attacks

Domain spoofing is a malicious method used when conducting phishing scams. Although many businesses assume that email providers will automatically block email impersonation- this isn’t the case. If you haven’t implemented SPF, DMARC and DKIM, domain spoofing is a relatively simple tactic to implement. Using publicly available tools, hackers can send fraudulent emails from your private domain. Although DMARC is a critical protocol which could help all businesses prevent spoofing and fraud, global adoption is still lagging behind.

For the FS industry specifically, one of the key spoofing threats is business email compromise (BEC). According to a survey conducted by the Association of Financial Professionals, more than 81% of firms say they were impacted by BEC attacks in 2019. When it comes to phishing awareness, we all know to wary of the obvious scams which are littered with grammatical errors, and sent from ‘’. But it becomes far more difficult to spot when the email is sent from your own accounts department or CEO.

Unfortunately, wire fraud scams have a high success rate. This is partly because spoofed emails are more likely to escape spam filters (as they appear to be from your corporate domain). Furthermore, fraudsters take time to carefully craft emails, target the relevant employees and create a sense of urgency. So what appears to be a legitimate email asking you to set up an urgent payment to a supplier, is actually fake wiring details from an internet-criminal. Here at Equilibrium, we have supported numerous companies in the aftermath of BEC attacks. We have seen first-hand how devastating it can be, not only from a financial perspective, but it can also take a psychological toll on the employee who was lured into to the trap.

In recent months, the FBI have identified an upsurge in Covid-19 BEC attacks against financial services companies. One specific bank received a spoofed email posing as their CEO, the scammers requested a change of bank details for a scheduled transaction of $1 million, which was supposedly ‘due to the coronavirus outbreak and quarantine processes and precautions’. Another firm took a significant financial hit after receiving an email from a ‘supplier’, requesting payments to be sent to a different account- as they were going through ‘coronavirus audits’. Other reported scams include phishing emails titled, ‘Internal guidance for business grants and loans in response to COVID-19’. In these attacks hackers pose as Senior Executive’s and include malicious links which redirect to fake Office 365 login screens.

How can you protect your corporate domain from spoofing attacks?

With the threat of BEC and email spoofing attacks growing in volume and sophistication, financial services organisations need to take back control of who can send emails on their behalf. Thankfully, there are ways to protect your domain from impersonation attacks. By fully implementing DMARC, you can ensure that all emails from your private domain are authorised and legitimate. Although DMARC is a crucial protocol to help prevent fraud and spoofing (recommended by the National Cyber Security Centre), the global uptake is still relatively slow. Unfortunately, until more businesses fully adopt DMARC, email spoofing will continue to be a problem. In a study of 119 financial services organisations' primary domains, 64% had published a DMARC policy but just 28% of these organisations had implemented a ‘reject’ policy, (the most effective way to protect your domain).

By deploying anti-spoofing controls such as DMARC, SPF and DKIM, you can reduce the risk of your domain being used for spoofing scams.What is DMARC?
  • DMARC is an email protocol which determines the legitimacy of an email, it allows ISPs to filter and block domain spoofing and phishing attacks by identifying unauthenticated emails. If DMARC is not deployed, anyone can send an email directly to your customers pretending to be you. (Your email provider such as Office365 does not configure DMARC by default)
  • Products such as Redsift’s ONDMARC, not only reduce the risk of spoofing, they also provide in-depth visibility into who is sending on your behalf, where your domain is being used and how many of your emails are passing DMARC validation.

Besides the benefit of protecting your own email domain, there are numerous other advantages of implementing DMARC. For example, your own emails are less likely to land in spam folders, meaning overall deliverability will increase. Secondly, you will no longer be at risk of reputational damage due to your domain being involved in spoofing fraud. This will naturally lead to more consumer trust in your brand. Lastly, by encouraging suppliers to implement anti-spoofing controls, you will have more confidence when receiving attachments, clicking links and making payments.

Would you like to find out more about DMARC?

If you would like to find out more about DMARC and how to protect your domain against spoofing attacks, register for our webinar alongside Red Sift on the 4th March. This educational session will explore how the financial services industry can prevent spoofing attacks, improve brand trust and take back control of your corporate domain.

We will be joined by Keynote speaker: Ned Stevanovski, CISO, Mishcon De Reya LLP.

Here is a taste of what the session will cover...

  • How Red Sift's OnDMARC solution can be used to: reduce the risk of spoofing, gain in-depth visibility into who is sending on your behalf, where your domain is being used and how many of your emails are passing DMARC validation.
  • Learn how to fast-track your DMARC and SPF journey, by implementing a future-proof email architecture.
  • How to put a stop to unwarranted use of your corporate domain.
View all News

The Safety & Security Event Series