Kyle Ferdolage, lead trust and safety analyst at N26 believes that the mobile bank has improved at optimising fraud prevention technology and minimising online threats to consumers.
He also explains how phishing-as-a-service (PhaaS) has become more prevalent in black market circles: “PhaaS refers to the black-market sale of tools and knowledge required to carry out a phishing attack. Essentially, it is the creation of a software-as-a-service style model for bad actors that lowers the barriers of entry for those with limited technical knowledge and experience, thus expanding the reach and magnitude of phishing attacks.”
PhaaS has opened up a whole new world of opportunities for amateur fraudsters to target potential victims and launch successful cyber-attacks through phish kits, bait scams, and SMS phishing attacks. PhaaS produces an environment for non-sophisticated actors to create more convincing scams.
Ferdolage details that N26 is taking measures to optimise their technology to constantly monitor their platform for phishing scams.
Accoding to Ferdolage, N26 is prioritising making customers aware of the latest threats and tricks that are used to target accounts; “As a bank, we have a responsibility to help consumers understand the risk and threats they are exposed to when it comes to phishing and fraud.”
In a world where scams are at every dark corner and wrong turn, consumers need to be weaponised with fraud prevention strategies to protect themselves from phishing attacks.
Ferdolage recommends that consumers maintain a “healthy dose of scepticism” and think through the legitimacy of possible phishing scenarios.
“As a rule of thumb, anything that seems either unusual, out of place or too good to be true, probably is. Some helpful practices include slowing down and not reacting to urgent messages immediately, and instead taking a minute to look into the company or claim to decide whether the request makes sense and comes from a legitimate source. It is best to contact the person or institution directly via a listed or known point of contact to verify the legitimacy of the source before engaging further.”
Ferdolage also suggests staying in the loop on the changing nature of cyber scams and “maintaining good internet hygiene,” meaning that users should not reuse passwords and always utilise multi-factor authentication for accounts.
To safeguard customer security, N26 ensures only device owners can access their accounts through two-factor authentication, personalised security settings, locks on cards, adjustable spending and withdrawal limits, and restricted overseas and online transactions.
Ferdolage concludes: “The growth of fraud in the digital space is a real threat not only for digital players like N26 but the industry as a whole. In today’s fast-moving digital economy, phishing attacks can come in many shapes and forms as scammers often change their approaches to evade detection. As bad actors are constantly improving their schemes, using increasingly sophisticated and complex tactics, it is key for financial institutions to quickly respond to combat these trends as they emerge. The only way financial crime can be tackled globally is by recognising the need for a coordinated approach across the entire industry – tech players, traditional banks, the relevant authorities and society.”