International law firm Allen & Overy offers extensive insights in cyber security, as it sits at the cross road of many areas of expertise and operates in over 30 countries around the world. Based in Allen & Overy’s Brussels office, Thomas Declerck deals with both the preventive and incident response aspects of cyber security, with a specific focus on investigating and litigating cybercrime.
Members in the picture
Isabelle Marchand & Patrick Wynant
Phishing: 67,000 fraudulent transfers, 34 million euros! As a member of the Cyber Security Coalition, financial sector federation Febelfin focuses on many more aspects of cyber security than just the security of financial systems. To this end, Febelfin counts on the cooperation of a large and diverse community of partners. What challenges does Febelfin see for its members and the general public in the field of cyber […]
Phishing: 67,000 fraudulent transfers, 34 million euros!
As a member of the Cyber Security Coalition, financial sector federation Febelfin focuses on many more aspects of cyber security than just the security of financial systems. To this end, Febelfin counts on the cooperation of a large and diverse community of partners.
What challenges does Febelfin see for its members and the general public in the field of cyber security? And how can Febelfin, as a member of the Cyber Security Coalition, offer solutions or help?
Today’s biggest challenge is, of course, to reduce the number of successful phishing attempts by raising awareness of this huge problem among the general public. In 2020, phishing led to 67,000 fraudulent transfers, totaling approximately 34 million euros. It is a challenge for Febelfin but also for society as a whole and the various members involved in the Cyber Security Coalition today. Tackling this challenge is far from easy, given the variety of techniques and channels used by criminals who are becoming increasingly resourceful in reaching victims. Today this scourge goes beyond emails, exploiting people’s emotions in the aftermath of the pandemic and tempting them to succumb to ‘assistance’ scams (‘I need money’) or ‘vault account’ fraud (‘transfer your money to a secure account’). Banks today are committed to providing secure environments, to detecting fraud and to help recover stolen money. This has to be done in strict mutual cooperation, to optimize our systems and procedures. Today, banks manage to block or recover 75 percent of all ‘valid’ but fraudulent transfers.
As member of the Cyber Security Coalition, we want to work with our stakeholders to advise and raise awareness among the general public. Every customer should learn never to click on embedded links in emails or text messages leading you to online payment platforms, and never to provide personal access codes (PINC and/or response code). Febelfin provides consistent information and messages, while withholding security insights from criminals. In addition, banks focus on promoting secure ways of communication towards their customers, for instance by giving warning messages before they start an online banking session.
What’s the main focus today for actions in collaboration with members, towards the general public? What campaigns are you running on which topics, to which target groups?
All Febelfin initiatives and campaigns are inspired by the four strategic priorities of the federation: financing the economy; ensuring the security and solidness of the financial sector; the digitalization of financial services in the broadest sense; and sustainability, including inclusion and diversity. At the heart of all this, is the societal role of our sector.
A major focus was therefore the continued financing of the economy during and after the corona crisis. Measures were taken to help individuals, families and businesses through this difficult time, with two-way communication to allow for quick adjustments.
Security and solidness include all efforts to raise awareness about cyber security and phishing. We have reached people of all ages through large-scale anti-phishing campaigns on TV, radio and social media, at a time when the country was on lockdown and everybody was shopping online and using digital services as a result of Covid. Another campaign will be held later this year, in collaboration with the Centre for Cyber Security Belgium and the Cyber Security Coalition. We also provide campaigns on specific topics for distinct target groups, such as the ‘money mule’ campaigns, for young and vulnerable people. In doing so, we call on social workers and influencers; as well as providing educational resources to schools. But security is more than cybersecurity. We draw attention to banks’ efforts to combat money laundering and terrorist financing and inform customers about the procedures banks must follow to comply with these ‘anti-money laundering’ measures (e.g., by explaining why people are asked for their eID cards).
As for the third priority – the irreversible digitization of financial services – Febelfin is focusing on leaving no one behind in this transition period. The whole of society is becoming digital, and it is a social responsibility to help people find their way in today’s digital society. Guidance is essential, and we want to guide as many people as possible through the transition to digital services. Examples of these efforts are the dedicated websites ‘digitaalbankieren.febelfin.be’ and ‘banquedigitale.febelfin.be’-sites; a collaboration with the King Baudouin Foundation on bridging the digital divide (123digit.be), and information sessions in cities and towns.
Sustainability efforts take shape through the ‘towards sustainability’-label for investment products, as well as diversity and inclusion initiatives regarding Women in Finance, LGBT+, and a larger inclusion campaign later this year.
This usually involves the use of established communication methods, such as webinars, social media campaigns, research, press, etc., but also new approaches, such as the input of experts like behavioral psychologists.
How exactly do you see the need for even more and stronger cooperation with third parties? Both with Coalition members, as well as with the government, authorities, law enforcement, judiciary and others? With regulations?
Collaboration is paramount to success. We are facing societal challenges, which go beyond the banking sector. We are at a tipping point, with a huge increase in fraud cases through telecom channels and online commerce platforms. To stop this fraud, we need to act together, across sectors and borders! There needs to be a legal framework that allows for more information-sharing between the various stakeholders, each with sufficient resources. Authorities, banks, telecom companies, ISPs, law enforcement and police share the same responsibility and only together we can fight the fraudsters.
There is still work to be done. Banks must be allowed to exchange information about money mules in order to more efficiently prevent these money mules to commit fraud, e.g. by blocking their bank accounts as quickly as possible. This kind of exchange is already possible in several European countries. Quite often, the collaboration with law enforcement in the fight against money mules and money laundering is even tighter in these countries, with law enforcement having more resources to go beyond the small fry and to tackle the big fish in the criminal organizations.
Another help would be the possibility of monitoring the content of SMS messages for links, to prevent ‘smishing’ (phishing by SMS), while respecting privacy regulations. Currently, we have a solid cooperation with the telecom authority BIPT, with regular meetings.
It is clear that collaboration is the basis for an efficient and effective cyber security fight across all financial services.
Other Members in the picture
Cyber diplomacy comes into its own in a world with increasingly severe cross-border state sponsored – as well as criminal - cyberattacks. At Belgium’s Federal Public Service (FPS) of Foreign Affairs, Séverine De Potter focuses on this new extension of the age old art of diplomatic response to skirmishes.