Email fraudsters are increasingly targeting the financial services industry, and they are getting better at identifying the right potential victims, according to cybersecurity regulators and experts.
“It’s almost as if many of the fraudsters have worked in financial services in the past,” Gregory Markovich, regulatory principal at Finra’s Chicago District Office, said last week at the SRO’s 2020 Cybersecurity conference in New York City.
“They know how call centers operate, they know how back office processes operate, and they leverage that,” added Markovich, who is also a part of Finra’s cybersecurity specialist team.
TD Ameritrade saw a billion attempts of credential stuffing — where credentials such as user names are used to gain access to accounts — and password reuse attacks in 2019, according to Paul Nickelson, a director at the firm’s Fusion Center. TD Ameritrade didn’t incur losses from those attempts, he said.