Phishing, fraud, and the financial sector’s crisis of trust

The financial sector is under growing pressure from advanced phishing attacks and fraud, causing major financial losses and eroding customer trust.

Escalation of phishing attacks

While traditional phishing relied on generic emails to steal sensitive data, cybercriminals now use targeted spear-phishing, leveraging personal information for credibility. AI-driven attacks, including deepfake scams, allow fraudsters to impersonate bank executives or customer service representatives, making detection more difficult. Voice phishing (vishing) and SMS phishing (smishing) have also risen, with scammers mimicking bank phone numbers and sending deceptive texts to trick victims into revealing financial details.

64% of financial institutions said their organization had experienced cybersecurity incidents in the past 12 months, according to Contrast Security. Researchers also found that 71% of respondents reported zero-day attacks as the key concern to safeguarding applications and APIs, followed by dwell time (43%) and lack of visibility into the application layer (38%).

According to Netskope’s report, adversaries targeting the banking industry primarily aim to commit financial fraud, relying heavily on phishing to steal bank account details and login credentials. Social engineering remains one of the most significant cybersecurity threats in banking, encompassing tactics such as phishing, fake software updates, tech support scams, and Trojans.

Phishing is particularly prevalent, with approximately three out of every 1,000 banking employees clicking on phishing links each month. These links appear in various sources, including emails, messaging apps, social media, advertisements, and search engine results.

Unlike other sectors where attackers often target cloud applications, cybercriminals in the banking industry create phishing sites that closely resemble legitimate banking websites to deceive victims and facilitate financial fraud.

Patrick Harding, Chief Architect at Ping Identity, said: “A staggering 92% of companies have experienced financial loss due to deepfakes in this past year alone. Whether it’s bad actors manipulating audio to get individuals to share financial information, or a deepfake video impersonating company leadership to transfer or receive large sums of money, deepfakes have massively upped the stakes of financial fraud.”

Phishing and fraud erode customer trust, threatening the financial sector’s reputation

The financial toll on victims of phishing and fraud is immense, with many losing significant amounts of money, including life savings, in a single scam. This is often coupled with emotional distress, as victims struggle to recover not only their funds but also their sense of security.

This erosion of trust directly impacts the reputation of banks and financial institutions. In fact, customers would consider switching banks if they fell victim to a fraud incident and felt that the institution failed to provide adequate support.

A key factor in restoring trust is the bank’s response—whether they provide timely fraud detection alerts, offer reimbursement for losses, or take steps to prevent similar incidents in the future. When banks fail to meet these expectations, customers may feel abandoned, which contributes to the broader issue of trust deficit in the financial sector.

As financial institutions continue to experience publicized fraud cases, they face the threat of reputational damage, legal consequences, and regulatory scrutiny. Regulators are demanding that banks implement more proactive fraud prevention strategies and compensate victims of scams. Failure to do so can result in penalties or loss of customers, further eroding consumer confidence in the financial system.

“Effective fraud prevention not only enhances security but also boosts customer experience, retention, and loyalty,” said Jennifer White, Senior Director for Banking and Payments Intelligence at J.D. Power.

Cybersecurity strategies

As cyber threats evolve, financial institutions must adopt advanced, innovative strategies to stay ahead of cybercriminals. One of the most effective innovations is the use of behavioral biometrics. This technology analyzes users’ typing patterns, mouse movements, and login behaviors to establish a unique digital signature for each user.

Another is the adoption of adaptive AI-driven fraud detection systems.

“With many fraudsters leveraging generative AI to launch attacks, fraud solutions can leverage generative AI to stay ahead in many areas. For example, generative AI has already been adopted to automate rule creation and tuning to provide better detection and save fraud teams time and money on trial-and-error methods,” said Yinglian Xie, CEO at DataVisor.

“As boards and organization leaders continue to consider the implications of GenAI across fintech and whether they should charge full speed into its adoption or wait, the SEC’s impacts on GenAI’s adoption are clear. The onus is now on public companies to better track and mitigate security risks, forcing high-value industries to reconsider their security and AI strategies,” said Arti Raman, CEO, Portal26.

“By creating the foundation for GenAI’s governance and auditability, fintech companies can better prepare themselves for the inevitable risks of halting and pushing for GenAI’s adoption. In fact, it’s the next logical step,” Raman continued.

Zero trust security frameworks are also becoming a part of financial institutions’ cybersecurity strategies. Rather than assuming trust based on a network’s perimeter, zero trust operates under the principle that all access, regardless of origin, should be verified.

“It’s important to reduce the organization’s attack surface by minimizing potential entry points for attackers and implementing an architecture that assumes no user or device trust by default. This approach strengthens authentication and reduces the risk of data breaches. Finally, continuous education and awareness programs for employees and consumers are vital in protecting customer data, maintaining trust, and strengthening the human defense layer,” said Sunil Mallik, CISO of Discover Financial Services.

Banks are implementing multi-factor authentication, but with a shift toward passwordless solutions. These include biometric options, such as facial recognition or fingerprint scans, along with hardware tokens or secure devices that provide a stronger barrier against phishing and credential theft. By eliminating the reliance on passwords, which can be compromised in phishing schemes, financial institutions are reducing the attack surface for cybercriminals.

Looking ahead, transparent communication, cybersecurity education, and stronger consumer protection policies will be key to rebuilding and maintaining customer trust. Banks that adopt next-generation security measures while prioritizing customer confidence are poised to set the standard for financial cybersecurity in the years to come.