Let's look at examples of incidents that have occurred in the Banking industry.

• Incident 1

Belgian Bank Cleran 2016. Crelan, a Belgian bank, has become the victim of fraudsters. The bank has suffered a significant loss of over 70 million euros, which is approximately equal to $75.8 million. According to reports from the Belgian newspaper Het Nieuwsblad, the bank fell victim to a CEO fraud, also known as a business email compromise (BEC), scam.

In a CEO fraud scheme, attackers often impersonate high-ranking executives, such as the chief executive officer (CEO), and send fraudulent emails or messages to employees within the finance or accounting departments of the company. These emails may request urgent wire transfers or other financial transactions to be made to accounts under the control of the attackers.

• Incident 2

Since 2013, a cybercrime group known as Carbanak has been attempting to attack banks, electronic payment systems, and financial institutions using malware that they have developed, including Carbanak and Cobalt. This criminal operation has affected banks in more than 40 countries, causing cumulative losses of over €1 billion to the financial industry. The organized crime group started its high-tech criminal activity in late 2013 with the launch of the Anunak malware campaign, which targeted financial transfers and ATMs of financial institutions worldwide.

The criminals sent spear-phishing emails with malicious attachments impersonating legitimate companies to employees of banks. Once downloaded, the malware allowed the criminals to remotely control infected machines, gaining access to the internal banking network and infecting servers that controlled ATMs.This provided them with the knowledge they needed to withdraw the money. The Carbanak attacks demonstrate the sophistication and scale of modern cybercriminal activities targeting the banking sector. The use of targeted phishing emails, remote access malware, and an understanding of banking systems enabled the criminals to carry out large-scale thefts with a significant financial impact.

• Incident 3

Bangla Bank. In 2019, a group known as "Silence" infiltrated Dutch-Bangla Bank through a multi-stage phishing campaign targeting bank employees. They collected information about the bank using malware-free emails that appeared to be bulk marketing or spam, which were used to assess the security of the email system and verify targeted email addresses. This information allowed the group to create a phishing attack that distributed a malicious attachment.

When one or more employees opened the attachment, they inadvertently installed malware on the bank's network. The Silence threat actors then gained access to the bank's systems and managed to steal approximately $3 million in the following three months.

• Incident 4

HSBC BANK. Yahoo Finance spoke with several HSBC clients who had lost $50,000 each after falling victim to a scam. Each client received a text message or phone call allegedly from the bank, claiming that a new device had logged into their account or that a payment had been made from their account. The message then provided a number for the customer to call if they believed it was not genuine.

The Australian Competition and Consumer Commission (ACCC) has issued a scam alert to warn customers about these types of fraudulent messages. Yahoo Finance first reported on this scam in November, after learning about it from a couple who had been scammed out of $50,000 weeks before they were due to move into their new home. The couple had received a call from someone claiming to be an employee of HSBC's anti-fraud team. They were told that there had been suspicious activity on their account and that they needed to provide information to verify their identity. However, the caller provided incorrect information and eventually asked for personal details that the couple did not have.

He claimed that an unusual transaction had been made from their account and persuaded them to provide their usernames and passwords over the phone. Fraud victim Gerald Chin told Yahoo Finance that in November, he fell for a scam after receiving a fake text message claiming that his account had been connected to a new device. Yahoo Finance has reported that fraud targeting HSBC customers has resulted in individuals losing $50,000 each.

These individuals have become victims of fake text messages or calls from the bank, which often involve a text message indicating that a new device has logged into their account or that a payment has been made from their account. The message then asks the client to call the indicated number if they have not initiated the transaction.

https://www.helpnetsecurity.com/2016/01/26/belgian-bank-crelan-loses-e70-million-to-bec-scammers/

https://www.europol.europa.eu/media-press/newsroom/news/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain

https://blog.barracuda.com/2023/07/03/banks-have-lost-millions-to-these-common-attacks

https://au.finance.yahoo.com/news/warning-over-hsbc-scam-that-could-cost-you-50000-020205332.html?guccounter=1