Financial institutions have always been at the forefront of battling cybercrime. As one of the most targeted industries, they face multiple threats, such as phishing, spear phishing and banking malware. Even less sophisticated scams, such as 419 scams, often abuse their brands in order to add credibility to the scammers behind them.
As these aforementioned incidents all use email as the primary method of reaching out to potential victims, email security is an incredibly important aspect in the banks’ efforts of protecting their customers. Specifically, preventing scammers from masquerading as the bank by sending emails that appear as if they were sent from its official domain. When email security is properly enabled, only a bank’s approved mail servers can send email messages from their official domains. In such a case, if criminals wish to convince victims that their scam messages came from the bank, they will have to resort to sending the emails from a similar domain, which they can register. These similar-but-not-exact domains naturally have a lower success rate than an email that appears coming from the official domain, as many recipients can tell the difference. They can also be detected through various intelligence services and taken down.
Unfortunately, while the larger financial institutions have been able to implement these important email security measures to protect their customers, there is a part of the financial services industry that has not – Federal Credit Unions. These cooperatives offer their members traditional banking services such as checking accounts, loans and credit cards, and therefore are also a major target for cybercriminals. However, a research that was recently conducted by IntelFinder has shown that only 8% percent of a sample of 300 FCUs had strong email security enabled.