Financial services have always been attractive to cybercriminals, but in 2019 the attacks have become more subtle, more patient, and much harder to detect. Instead of going after bank networks head-on, attackers are shifting their strategy and focusing on email accounts — especially those belonging to executives, branch managers, underwriters, and employees involved in wire transfers.
Business Email Compromise (BEC) is now one of the most financially damaging threats facing banks, credit unions, and insurance agencies. And the worst part? Many firms still rely on older email systems or basic spam filtering that can’t catch these attacks.
Why attackers target email
Financial institutions rely heavily on email for:
- internal approvals
- communication with vendors
- customer correspondence
- loan and underwriting processes
- wire transfer and payment authorization
When an attacker gains access to a mailbox, they gain visibility into the entire workflow — who approves what, who sends what, and how money moves.
That’s priceless intelligence.
How attackers get in
We’re seeing a few specific patterns become common:
- Password spraying (trying a handful of common passwords across thousands of accounts)
- Credential harvesting through highly convincing phishing pages
- Legacy email protocols (like IMAP/POP) being used because they don’t support MFA
- Compromised vendor accounts leading to downstream attacks
Once access is obtained, attackers often wait quietly for weeks.
What attackers do once inside
Unlike ransomware, BEC attacks are subtle and deliberate.
They may:
- Create hidden forwarding rules
- Study email conversations
- Watch invoice/payment patterns
- Wait for a real transaction to insert fraudulent instructions
- Impersonate executives or trusted vendors
Because emails come from legitimate accounts, employees don’t suspect anything.
Why financial services firms are especially vulnerable
- Email is deeply integrated into financial workflows
- Timelines are often urgent
- Staff trust internal emails more than external ones
- Many firms still allow older authentication methods
- Attackers know payments move quickly
This combination makes the industry a perfect target.
How financial organizations can protect themselves
- Enforce MFA — especially for remote, mobile, and legacy logins
If a password leaks, MFA stops the attacker cold. - Disable legacy authentication protocols
IMAP and POP can bypass MFA entirely. - Implement advanced threat protection
Modern cloud tools analyze behavior, message patterns, and anomalies. - Run quarterly phishing simulations
Your team must know how these attacks look. - Audit mailbox rules regularly
Forwarding rules are one of the biggest warning signs.
The bottom line
In 2019, Business Email Compromise is a far bigger risk than ransomware for financial institutions. It's quiet, profitable for attackers, and extremely hard to detect without the right tools and monitoring.
Protecting the inbox is now just as important as protecting the network.