Nicole IbarraJune 17, 2020
An Avenue for Cybercrime
All forms of digital activity leave a trail of information, otherwise known as a digital footprint. As a company’s digital presence grows, it becomes easier for cybercriminals to exploit it for financial gain. It’s vital that all organizations, especially financial institutions, consider how their customer’s digital footprint might be the root cause of many fraud attacks. Before they can do this, they must understand how a customers’ online presence might lead to account takeover.
What is a Digital Footprint?
When customers expose their lives online they potentially impact the bank, savings association, credit union or brokerage firm they are connected with. This is because certain aspects of their online activity — such as usernames, date of birth, electronic transactions and social media use — will be tracked by cybercriminals to exploit them for targeted cyberattacks and identity theft.
For example, if a banking customer shares details about their pet’s name or birthplace on social media, they may be unintentionally providing malicious parties with the answers to their bank security questions. Armed with these, the attacker can take over the victim's account and cash out. This not only poses a financial threat to the individual but an economic and reputational one to the financial institution too. To prevent this, financial services providers need to work with their customers to reduce their digital footprint as much as possible. Part of this comes down to educating individuals about data privacy.
How to Educate Customers
Financial institutions need to promote educational campaigns that will help their customers better understand the importance of data privacy and best practices. For example, helping individuals understand that it’s easier to control their digital footprint and keep their data secure when it’s smaller. If customers better understand how to protect themselves, organizations, especially financial institutions, will benefit as the likelihood of a successful cyber-attack with financial and reputational costs is reduced. Here are the top ways customers can reduce their digital footprint:
- Delete old accounts: Try to limit the number of email, online retail, and social media accounts they have to reduce the potential attack surface.
- Check browser’s privacy settings: Most browsers don’t offer much protection by default. Enabling security settings can, however, help limit the amount of data that’s exposed. Alternatively, customers could use an anonymous browser such as Tor.
- Limit social media presence: Social media sites have significantly increased the attack surface for phishing schemes to take place. Sharing too much information on these sites makes it easy for cybercriminals to come across, to an unsuspecting victim, as legitimate with little validation. Consequently, individuals need to be careful about what they post, share and like.
How to Protect Your Institution
Even if businesses have tried to educate customers on the risks of their digital footprint, they will continue to provide openings for attackers to exploit. Ultimately, your customers digital footprint is outside of your control. Financial institutions, therefore, need to take a defensive stance and have the tools in place to detect and respond to potential cybercrime. For example, it’s imperative that businesses work to remove phishing schemes as soon as they go live and reduce the impact they have on customers. Digital Threat Protection helps businesses do this by identifying and removing online threats such as phishing sites, malicious social media campaigns, and malvertising; making it a key tool to introduce. It’s also worth moving toward risk-based authentication where data and context influence the measures necessary to authenticate a user. For instance, once you’ve identified customers who were impacted by a phishing campaign you can automatically increase their risk score and introduce additional measures to protect them. This could include moving beyond passwords to multi-factor authentication such as biometrics, or using data sources such as behavioral analytics, device/user context to determine whether the individual trying to gain access to their account is a true customer or imposter.
When customers leave behind a trail of information through their online activity, they make it easier for fraudsters to target them, putting the financial institutions they’re attached to at risk. To minimize the threat, businesses must recognize the scale of the issue, work with customers to reduce their footprint, and introduce additional layers of security to protect against the threat. Afterall, no company can be successful in today’s business environment unless it’s secure.