Pro-Formats

Recent Trends in Cybercrime &Cyber Frauds in Financial Sectors

Chapter 2 Β· AICITSS Cyber Security

Recent Trends in Cybercrime &
Cyber Frauds in Financial Sectors

An interactive guide to the latest cybercrime trends β€” ransomware evolution, supply chain attacks, phishing sophistication, remote work vulnerabilities, insider threats, real case studies from India’s banking sector, and prevention strategies for financial institutions.

πŸ“ˆ 5 Major Cyber Trends
🏦 Financial Sector Focus
πŸ“° 2 Indian Banking Cases
πŸ›‘ 10+ Prevention Measures
πŸŽ“ AICITSS Curriculum
🌐

Digital Financial Services & Cybercrime

How Internet dependence has created new vulnerabilities in the financial sector

The recent advancements in technology have made mankind highly dependent on the Internet β€” for communication, online shopping, data storage, online reservations, gaming, and especially the finance sector. This over-dependence has given rise to a significant number of cybercrimes. Digital Financial Services (DFS) hold great promise for financial inclusion β€” but cybercrime has become a key threat, particularly in developing and emerging economies.

πŸ“Š

Key Global Statistics β€” Scale of the Problem

74%
Increase in cyber threats faced by financial institutions
83%
Philippine mobile money users who received fraudulent SMSs (ITU/CGAP 2016)
56%
Ghanaian mobile money users who received fraudulent SMSs
17%
Mobile money users in Philippines & Tanzania who lost money to fraud
β‚Ή228B
ABG Shipyard bank fraud β€” largest in India (2022)
β‚Ή114B
Punjab National Bank scam β€” Nirav Modi (2018)

πŸ“± ITU & CGAP Survey β€” Mobile Money Fraud (2016)

Survey of 5,220 mobile money users from Ghana, Philippines, and Tanzania revealed alarming fraud rates:

πŸ‡΅πŸ‡­ Philippines83%
Received fraudulent/scam SMSs Β· 17% lost money to fraud
πŸ‡¬πŸ‡­ Ghana56%
Received fraudulent/scam SMSs Β· 12% lost money to fraud
πŸ‡ΉπŸ‡Ώ Tanzania27%
Received fraudulent/scam SMSs Β· 17% lost money to fraud

Source: ITU & CGAP Mobile Money User Survey, 2016 Β· n=5,220 respondents

πŸ‘₯

How Cybercrime Affects DFS Customers

Key factors that lead to financial loss and customer dissatisfaction

⚑
System Outages
Unplanned system outages are a significant cause of customer dissatisfaction with DFS providers β€” making transactions impossible when users need them most.
πŸ“±
Network Downtime
Inability to transact due to network downtime was rated as one of the greatest annoyances by low-income mobile money users β€” leading to risky workarounds.
πŸ”’
Insecure Channels
Consumers use devices and channels not designed for financial transaction security (e.g., USSD technology) β€” increasing vulnerability to fraud attacks.
πŸ“‰
Eroded Trust
Negative experiences significantly decrease the level of trust in DFS providers and the financial system altogether β€” hindering financial inclusion goals.
βš–οΈ
Customer Liability
In developing countries, customers are often held liable for losses from cyber incidents β€” or must bear the burden of proving they were the victim of fraud.
πŸŽ“
Awareness Gap
Consumers are often less aware and educated about social engineering attacks β€” making them particularly vulnerable targets for phishing and scam campaigns.
🌍 Global Recognition: International bodies including the G7, G20 Finance Ministers, Central Bank Governors, and the Committee on Payments and Market Infrastructures (CPMI) at the Bank for International Settlements (BIS) have formally recognized cybercrime as “a growing and significant threat to the integrity, efficiency, and soundness of financial markets worldwide.”
🎣

Types of Phishing & Social Engineering Attacks

Phishing has evolved from bulk email blasts to sophisticated, targeted campaigns

Phishing attacks have remained prevalent and increasingly sophisticated in recent years. Cybercriminals now use highly targeted methods, personalized content, and AI-generated messages to trick individuals into divulging sensitive information or clicking on malicious links. Understanding the different types is essential for building effective defenses.

πŸ“§
Email Phishing
The most common type. Attackers send mass fraudulent emails impersonating banks, e-commerce sites, or government agencies to steal credentials or deploy malware via malicious links or attachments.
Most Common Type
🎯
Spear Phishing
A highly targeted variant. Attackers research the victim β€” their name, role, colleagues, recent activities β€” to craft personalized messages that appear completely legitimate. Far more effective than generic phishing.
Highly Targeted
πŸ‹
Whaling
Spear phishing specifically targeting senior executives (CEOs, CFOs, board members). These individuals have authority to approve large wire transfers and often receive less cybersecurity training. One successful whaling attack can cost millions.
C-Suite Target
πŸ“±
Smishing (SMS Phishing)
Fraudulent text messages impersonating banks, delivery services, or government agencies. Contains a link to a fake login page or a call-to-action to call a fraudulent number. Exploits the trust people place in SMS communication.
SMS Based
πŸ“ž
Vishing (Voice Phishing)
Fraudulent phone calls posing as bank security teams, TRAI, CBI, or IT Department officials. Caller ID spoofing makes numbers appear legitimate. Victim is pressured to share OTPs, card numbers, or transfer money urgently.
Phone Based
πŸ“Έ
Angler Phishing
Attackers create fake social media accounts impersonating customer service handles of banks or companies. When customers publicly complain about service issues, the fake account contacts them offering “help” β€” and steals their credentials.
Social Media
πŸ”

How to Spot a Phishing Attack

Red flags that reveal a phishing attempt

🚨 Urgency & Fear Tactics

Phrases like “Your account will be suspended in 24 hours!” or “Immediate action required!” create panic designed to make you act without thinking. Legitimate organizations never demand instant action under threat.

πŸ”— Suspicious Links

Always hover over links before clicking. Check the actual URL β€” phishing links often use slight misspellings (e.g., “amaz0n.com” or “paypa1.com”). The displayed link text may say one thing while pointing to another address.

πŸ“§ Generic Greeting

“Dear Customer” or “Dear User” instead of your actual name indicates a mass phishing campaign. Your real bank or service provider will usually address you by name in official communications.

✍️ Grammar & Spelling Errors

Many phishing emails (especially from international criminal groups) contain grammatical errors, awkward phrasing, or unusual formatting that legitimate corporate communications would never contain.

βœ… Verify Independently

Never use contact details provided in a suspicious email. Go directly to the official website by typing the URL, or call the official customer service number from the back of your card or from their official website.

πŸ” Never Share OTP

No legitimate bank, government agency, or company will ever ask you for your OTP, full card number, CVV, or net banking password over phone, email, or SMS. These are always secret β€” never share them.

πŸ‘€

Insider Threats

When the danger comes from within β€” employees, contractors, and trusted individuals

Insider threats occur when employees or trusted individuals intentionally or unintentionally compromise data or systems. CISA (Cybersecurity and Infrastructure Security Agency) defines an insider threat as: “The threat that an insider will use their authorized access, wittingly or unwittingly, to do harm to the department’s mission, resources, personnel, facilities, information, equipment, networks, or systems.”

😀 Intentional (Malicious) Insiders

Employees who deliberately misuse their authorized access β€” disgruntled workers seeking revenge, employees bribed by competitors, or individuals with ideological motives. They know the systems, bypass security controls, and are extremely difficult to detect before significant damage is done.

πŸ˜• Unintentional (Negligent) Insiders

Employees who accidentally cause security incidents β€” clicking on phishing links, using weak passwords, losing devices, sharing sensitive data inappropriately, or misconfiguring systems. No malicious intent, but the damage can be equally severe. Responsible for the majority of insider incidents.

⚠️

Types of Harmful Insider Behaviors

πŸ•΅οΈ
Espionage
Sharing organizational secrets β€” trade secrets, customer data, strategic plans β€” with competitors, foreign governments, or criminal organizations for financial reward.
πŸ’£
Terrorism / Sabotage
Deliberately disrupting or destroying organizational systems, data, or operations β€” motivated by extremist ideology, personal grievance, or external pressure.
πŸ“’
Unauthorized Disclosure
Sharing confidential or classified information with unauthorized parties β€” intentionally (whistleblowing gone wrong) or unintentionally (accidental email misdirection).
πŸ’°
Corruption / Financial Crime
Participating in financial fraud, bribery, embezzlement, or money laundering β€” including involvement in transnational organized crime that uses insider access for financial gain.
πŸ”§
System Sabotage
Intentionally corrupting, deleting, or making systems unavailable β€” planting logic bombs (code that activates on a trigger), deleting backups, or corrupting databases.
πŸ“‰
Resource Degradation
Intentional or unintentional loss or degradation of organizational resources and capabilities β€” from data loss due to poor backup practices to capacity reduction through misuse.
πŸ›‘

Mitigating Insider Threats

πŸ” Zero Trust Architecture

Never trust, always verify β€” even for internal users. Limit access to the minimum necessary for each role. Regularly audit and revoke unnecessary permissions, especially for departing employees.

πŸ“Š User Behavior Analytics (UBA)

Monitor user activity for anomalies β€” unusual login times, mass data downloads, accessing systems outside their normal scope. Automated alerts for deviations from established behavioral baselines.

πŸŽ“ Security Awareness Training

Regular mandatory cybersecurity training for all staff β€” especially focused on recognizing social engineering, proper data handling, and reporting suspicious requests from colleagues or external parties.

πŸ”„ Offboarding Process

Immediately revoke all system access when an employee departs β€” especially disgruntled terminations. Change shared passwords, disable accounts, and audit access logs from the final weeks of employment.

πŸ›‘

How to Prevent Cyber Attacks in the Finance Sector

10 essential security protocols for financial institutions

Financial institutions experienced a 74% increase in cyber threats. Limited staffing and investment in cybersecurity contributed to security struggles. While there is no single “silver bullet,” implementing multiple layers of security controls significantly reduces risk. Here are the most effective, easy-to-implement protocols:

πŸ”

Account & Transaction Security

πŸ“±
Multi-Factor Authentication (MFA)
MFA systems function as core elements of identity and access management. Require multiple forms of verification before granting access to financial systems β€” significantly thwarts credential theft attacks.
πŸ‘₯
Dual & Triple Controls
One person creates a financial transaction, a second approves it, and a third authorizes sending it. This layered human control prevents single points of failure and dramatically reduces fraud risk.
πŸ’³
Transaction Limits
Set daily limits for card users and request monitoring of transactions above or below specific thresholds. Banking institutions can flag unusual transaction patterns for immediate review.
πŸ“‹
Regular Reconciliation
Reconcile accounts at the start or close of each business day. The longer the gap between a fraud attempt and detection, the less likely stolen funds can be recovered. Early detection is critical.
πŸ“Š

Data & Monitoring Security

πŸ”
Security Monitoring Tools
Retain tools that allow comprehensive visibility into systems β€” enabling IT admins to effectively monitor security events. PCI DSS requires security solution implementation, but organizations should seek higher-quality tools.
πŸ›‘
Threat Detection Tools
Deploy robust endpoint security solutions. Tracking endpoint security without the right tools is a major vulnerability. Regularly reassess existing tools and invest in advanced threat detection platforms.
🚨
Incident Response Plan
Every organization must maintain an updated, tested incident response plan β€” tested in “drill mode” at different times of day, with different staff members available. Not just a document β€” a practiced procedure.
🀝
Third-Party Risk Management
Accurately assess third-party cybersecurity and compliance measures. Due diligence on vendors reduces account takeovers, corporate data theft, and supply chain vulnerabilities originating from partners.
πŸš€

Advanced Security Strategies

πŸ”’
Zero-Trust Network Model
Never trust, always verify β€” every access request, whether internal or external, must be authenticated and authorized. Layering zero-trust policies limits liabilities in the event of a network intrusion.
πŸŽ“
Fraud Awareness Training
Educate employees about financial fraud β€” corporate account takeovers, remote desktop access scams, and ransomware. Human awareness remains the most cost-effective defensive investment.
πŸ“°

Case Studies β€” Indian Banking Fraud

Landmark financial fraud cases that shook India’s banking system

Case Study 1 2022

ABG Shipyard Fraud β€” India’s Largest Bank Fraud

ABG Shipyard Limited was accused by the CBI (Central Bureau of Investigation) of participating in one of the largest bank frauds in Indian history. The defendants are accused of stealing β‚Ή228.42 billion from 27 lenders, including SBI (State Bank of India) and other major banks.

The proprietors of the business are allegedly responsible for misappropriation, mischief, embezzlement, and abuse of public trust over the period 2012–17. The loan account was first identified as a non-performing asset (NPA) in July 2016, but fraud was discovered only in 2019.

2012–17Alleged period of fraud
Jul 2016Loan flagged as NPA
2019Fraud discovered
Nov 2019SBI files initial complaint
Aug 2020Case refiled
2022CBI arrests made
βš–οΈ
Legal Action: CBI filed charges and made several arrests in connection with misappropriation, embezzlement, and abuse of public trust. Investigations are ongoing β€” the case set a record as the largest bank fraud by value in Indian history at the time of discovery.
β‚Ή228.42 Billion 27 Banks Defrauded SBI Complainant CBI Investigation Embezzlement Misappropriation
Case Study 2 2018

Punjab National Bank Scam β€” The Nirav Modi Case

The Punjab National Bank (PNB) received a scam notice in 2018 involving β‚Ή114 billion β€” described at the time as the biggest banking heist in Indian history. The primary accused included jeweler Nirav Modi, his associates Ami Modi and Nishant Modi, Mehul Choksi, and several PNB staff members.

A junior PNB staff member illegally fabricated “Letters of Undertaking” (LoUs) β€” which are essentially guarantees to foreign banks β€” to obtain short-term loans from overseas branches of Indian banks to pay vendors. These payments were never recorded in PNB’s primary banking system (CBS β€” Core Banking Solution), bypassing all normal controls. PNB’s higher management failed to detect or notify the fraud.

A total of β‚Ή114 billion was stolen from 30 Indian banks’ overseas branches through fraudulent LoUs issued over years without the knowledge of senior PNB management.

Multiple YearsLoUs issued fraudulently
Jan 2018Fraud discovered by PNB
Jan 2018Nirav Modi flees India
Aug 2018CBI charges filed
PresentModi detained in UK prison
βš–οΈ
Legal Outcome: Indian government charged Nirav Modi with criminal conspiracy, financial fraud, embezzlement, fraud, and contract violation. He fled India just days before the theft was revealed. He is currently detained in Wandsworth Prison, southwest London, UK, fighting extradition to India.
β‚Ή114 Billion 30 Banks Nirav Modi Mehul Choksi Fraudulent LoUs CBI Investigation UK Extradition
πŸ“š

Key Lessons from Both Cases

πŸ” Early Detection is Critical

ABG Shipyard fraud went undetected for years after the loan was flagged as NPA. The longer fraud continues undetected, the less likely funds can be recovered and the greater the total damage.

πŸ–₯️ Systems Must Communicate

In the PNB scam, fraudulent transactions bypassed the core banking system entirely β€” creating a massive blind spot. All financial systems must be fully integrated with comprehensive audit trails and reconciliation processes.

πŸ‘₯ Dual Controls are Essential

A single junior employee fabricated LoUs worth billions without detection. Robust dual and triple authorization controls for high-value transactions would have caught this fraud far earlier.

🌍 Cross-Border Complexity

Nirav Modi fled India before charges were filed β€” highlighting how quickly accused individuals can relocate internationally. Extradition proceedings are lengthy, complex, and not always successful.

🧠

Quick Quiz β€” Chapter 2

Click an option to instantly check your answer

1. According to the ITU & CGAP 2016 survey, what percentage of Philippine mobile money users received fraudulent SMSs?
A
27%
B
56%
C
83%
D
17%
2. Ransomware can be traced back to which year when the “AIDS Virus” was used for extortion?
A
1996
B
1989
C
2001
D
2010
3. A supply chain attack targets an organization by attacking:
A
The main target directly through brute force
B
A weaker third-party supplier or vendor connected to the actual target
C
Customer-facing websites and apps only
D
The organization’s marketing supply chain
4. “Whaling” phishing attacks are specifically designed to target:
A
Marine industry organizations
B
All employees equally
C
Senior executives like CEOs and CFOs with financial authority
D
IT and cybersecurity department staff
5. The Punjab National Bank scam (2018) involved fraudulent “Letters of Undertaking” (LoUs). What was the total amount stolen?
A
β‚Ή228.42 billion
B
β‚Ή114 billion
C
β‚Ή50 billion
D
β‚Ή75 billion
6. The Zero Trust Network Model in financial security is based on which core principle?
A
Trust internal employees but verify external ones
B
Trust verified partners without repeated authentication
C
Never trust, always verify β€” every access request must be authenticated
D
Trust users after their first successful login
7. According to Chapter 2, financial institutions experienced what percentage increase in cyber threats?
A
50%
B
56%
C
74%
D
83%
8. In the context of insider threats, which of the following is an example of an UNINTENTIONAL insider threat?
A
An employee deliberately sharing trade secrets with a competitor
B
A disgruntled employee planting malware before resignation
C
An employee clicking a phishing link that compromises company systems
D
A contractor selling confidential customer data online

AICITSS Cyber Security β€” Chapter 2

Recent Trends in Cybercrime & Cyber Frauds in Financial Sectors Β· Interactive Learning Page

5 Cyber Trends Β· 6 Phishing Types Β· 2 Indian Case Studies Β· For Educational Use