Ways We Look Out for Your Business
From operating accounts and loans to merchant services, we offer the services and solutions to keep your business growing while making banking easy.
This article is written by our friends at Huntington National Bank.
Huntington has a long history of looking out for our communities. We are committed to giving back by focusing on racial and social equity, small business, home and consumer lending, and community development lending and investing.
AI, BEC an more: 5 cybersecurity & fraud trends in 2024
Learn about the top five cyberthreats and fraud trends on the rise in 2024, then explore prevention methods to help protect your organization against them.
By Amber Buening, Security Outreach Director, and Steve Hiddleston, Enterprise Fraud Director at Huntington
Six Key Takeaways:
- Remain Vigilant against cyber criminals and fraudsters.
- Know the business email compromise (BEC) red flags.
- Be proactive against check fraud attempts.
- Increase awareness of new social engineering practices.
- Develop data recovery plans to defend against ransomware.
- Implement a strong security culture at your organization.
Powerful artificial intelligence (AI) learning models and applications changed the security landscape last year for better and for worse. These tools helped businesses enhance threat detection and bolster defenses, but also enabled threat actors to scale attacks and launch more sophisticated scams. This evolution is predicted to have a significant impact on the threat landscape in the year to come – and underscores the need for organizations to prioritize security.
Huntington’s Cybersecurity and Enterprise Fraud teams have analyzed and identified five top threat trends likely to impact organizations in 2024, many of which involve the use of AI. In this report, you’ll learn more about these threats, what they mean for your business, and how you can help protect against them in the coming year.
1. AI-enabled attacks are on the rise
Powerful AI tools soared in popularity in 2023. Cyber criminals leverage these tools to make social engineering attacks, forgery, and voice or image exploits attacks faster and more impactful. One study found phishing emails have increased by 1,265% since the launch of ChatGPT†, which coincides with the rise in overall chatbot usage.
While AI can be leveraged for malicious purposes, it has the potential to benefit your business by mitigating human error, identifying security risks, protecting your employees from harmful content, and automating some tasks to improve efficiency and production. AI technology will only become more valuable as new uses are found to improve and streamline business processes.
What this means for your business
AI cloning models for real-time voice and video are expected to emerge throughout the year, enabling the use of “digital doppelgangers” by threat actors to commit crimes. Expect to see a rise in AI-related cyberattacks and fraud scams in 2024.
Many AI-enabled attacks and scams incorporate the following elements, all of which can be produced using readily available, often free, AI platforms:
- Voice cloning or phishing: Digital simulations of trusted voices are used to request financial transfers, sensitive information, or access to secure systems.
- Deepfakes: Threat actors use these to create convincing video and audio recordings to impersonate public figures, executives, or other trusted individuals.
- AI-generated images or videos: Often used to create fake identities on social media, fabricate compromising situations for blackmail, or generate convincing evidence to support fraudulent claims.
In response, financial institutions are predicted to increase investment in AI fraud mitigation solutions this year to help combat these AI-enabled fraud attacks.
Defend against Cyber Criminals & Fraudsters
- Consider enhancing verification processes through multiple factor authentication (MFA), biometric verifications, and similar methods.
- Educate employees about the threat of AI-enabled scams, including how to spot potential attempts, such as inconsistencies in voice or video communications.
- Implement an incident response plan, which can assist in mitigating damages and analyzing breaches to prevent future incidents.
- Keep systems and applications updated to help avoid vulnerability exploitation.
2. Business email compromise (BEC) continues to cost billions
Billions of dollars were lost due to BEC last year, making it one of the most expensive forms of cyberattacks. This form of attack was identified last year as a top trend for 2023, and the final figures reflect that: BEC attacks resulted in more than $2.9 billion in losses‡.
What makes BEC such an effective threat is that it preys on our instinct to be helpful, and it can be very difficult to identify. Unfortunately, AI is only making it easier for cybercriminals to impersonate legitimate and trusted sources to fool victims.
Five common attack scenarios include:
- Supplier account change: A seemingly legitimate supplier requests funds to be wired to a new account.
- Fraudulent invoice: A fraudster posing as a company or government entity requesting payment for products, services, taxes, or other fees.
- Executive transaction request: A fraudster masquerades as an executive asking for a time-sensitive transaction, such as an immediate funds transfer or gift card purchase.
- Executive data request: Similar to the executive transaction request, scammers pose as an executive to request HR, payroll, audit, or employee data, including earning statements and tax records.
- Specific payment methods: BEC attempts often include requests for funds to be transferred via wire transfers, gift cards, or other online payment platforms.
Educating yourself and your employees on the tactics threat actors use in BEC attempts, as well as what to do if an email is suspected to be from an illegitimate source, can help protect your organization.
Know the BEC red flags
- Portraying a sense of urgency, especially during a crisis, or insisting on confidentiality.
- Sending messages at inopportune times, such as at the end of the day or during high customer volume.
- Refusing to communicate in person or verbally.
- Requesting to move money to a new account, personal account, subsidiary account, or an atypical destination.
- Changing email addresses, removing recipients from an email chain, or changing the Reply To email address.
- Asking for unusual payment amounts or payments without proper justification.
Learn more about how BEC works and best practices for avoiding becoming a victim in our BEC guide.
3. Check fraud remains a persistent threat
As check usage remains high, so do rates of check fraud: 63% of surveyed organizations experienced check fraud in 2023§. Despite the high rate of check fraud each year, most organizations do not plan to change their payment process. In fact, 75% of organizations relying on checks do not plan to discontinue issuing them≠.
What this means for your business
Throughout 2024, expect to see financial institutions invest in enhanced check fraud mitigation controls, including text validation controls and image analytics to match payees to bank accounts. Be aware of the tools available to you that could help avoid a costly fraud incident.
If your organization issues payments via check, there are additional measures you can take to help prevent them from being stolen, forged, or otherwise adjusted.
Practices to help protect against check fraud
- Use electronic methods to make payments whenever possible.
- Deliver checks to a post office instead of dropping them in the mail.
- Consider switching recurring payments from check to ACH.
- Review and reconcile your monthly statements immediately.
- Notify your bank immediately if you discover a check has been forged or stolen.
- Consider using a fraud mitigation service that provides a daily activity report so you can review your checks the day after being presented for payment, such as Reverse Positive Pay.
4. Social Engineering: Phishing, Smishing, and Vishing
Cybercriminals are increasingly leveraging AI tools, such as natural language processing, to understand and generate human-like text. This technology has lowered the bar of entry to social engineering tactics by making it much easier to craft and distribute convincing phishing, smishing (SMS phishing), and vishing (voice phishing) messages at scale.
AI can analyze vast amounts of data from social media, image, voice, and other sources to craft highly personalized social engineering attacks like these, which are designed to manipulate individuals into performing actions or divulging confidential information.
What this means for your business
AI-powered social engineering attacks are anticipated to increase throughout this year as cybercriminals hone their use of these tools. Many of the classic hallmarks of a phishing attempt – misspellings, inconsistent names, etc. – might not be present in these more sophisticated attempts. Adopting a layered security approach that includes both technology and human-centric strategies can help protect against these attacks.
Awareness and vigilance can be key in identifying phishing attempts
- Secure email gateways can offer advanced phishing protection, including analyzing incoming messages and scanning links.
- AI and machine learning can help fight against AI threats. Email filtering and threat detection systems can help identifying phishing attempts that might not be noticed by other tools.
- Encourage employees to use secure, encrypted communication channels.
- Train employees on the latest phishing, vishing, and smishing tactics, and simulate phishing exercises to help them recognize and report attempts.
5. Ransomware remains a vicious threat to organizations
Every 14 seconds, ransomware attacks hit a new target. This form of cyberattack can have devastating consequences regardless of whether the ransom is paid. The latest report from the FBI’s Internet Crime Complaint Center (IC3) shows that ransomware resulted in $59.6 million in lossesⱢ. Even after payment, threat actors might demand additional payments, delete a victim’s data, or refuse to decrypt the data.
Certain sectors are targeted more than others, often because of their potential access to large amounts of funds and data. Ransomware incidents have become increasingly prevalent among nation states, local, Tribal, and territorial (SLTT) government entities and critical infrastructure organizations. The healthcare and public health sector is another highly targeted sector, which can have life-threatening consequences.
Ransomware’s high price tag makes this threat especially dangerous. While cyberattacks can’t always be prevented, there are ways for organizations to mitigate damages.
Defend against the ransom
- Develop and practice a strong data recovery plan.
- Implement regular employee training to help them identify suspicious emails, maintain strong passwords, and understand cybersecurity best practices.
- Ensure your applications, software, devices, and operating systems are updated with the latest upgrades.
- Consider investing in cyber liability insurance, which could help ease the financial burden if your organization is targeted.
Prioritize a strong security culture in 2024
Armed with new capabilities and advanced tools, cybercriminals and fraudsters are becoming more dangerous than ever. Organizations are faced with the challenge of understanding the latest threats and defending against them. Though it may seem like these threat actors have the upper hand, prioritizing a strong security culture at your organization can help protect against attacks and mitigate damage when a breach does occur.
Huntington can support you with the insights, resources, and expertise needed to develop a strong cybersecurity and fraud prevention strategy. Explore our cybersecurity and fraud resources, then contact your relationship manager to learn how Huntington can help you protect your employees and your business.
Ways We Look Out for Your Business
From operating accounts and loans to merchant services, we offer the services and solutions to keep your business growing while making banking easy.
This article was written by: Amber Buening, Security Outreach Director, and Steve Hiddleston, Enterprise Fraud Director at Huntington
Huntington has a long history of looking out for our communities. We are committed to giving back by focusing on racial and social equity, small business, home and consumer lending, and community development lending and investing.