Social engineering is a popular tactic many attackers use, from sophisticated geopolitical and criminal groups to low-level ransomware affiliates and cybercrime gangs. These attackers employ various tactics such as phishing, pretexting, malware, and deepfakes to manipulate individuals within target organizations. Social engineering is successful when attackers gain trust, instill fear, or manipulate victims into compromising security.
Among financial services, one of the most common social engineering tactics is tricking victims into downloading and executing malware. 9.8 out of every 1,000 users are tricked into downloading malware every month. The following is a list of the five most common malware families encountered in the past year, highlighting multiple JavaScript downloaders used to deliver malicious payloads, traffic direction systems used to redirect victims to malicious sites, and the popular Cobalt Strike beacon used to control compromised systems.
Downloader.Nemucod is a JavaScript downloader that has previously delivered Teslacrypt.
Trojan.FakeUpdater (a.k.a. SocGholish) is a JavaScript downloader that delivers various payloads, including NetSupport RAT, RedLine Stealer, and Cobeacon.
Downloader.SLoad (a.k.a Starslord) is a downloader often used to deliver Ramnit.
Trojan.Parrottds is a JavaScript-based traffic direction system that has been infecting websites since 2019 and has been used to redirect traffic to various malicious locations.
Backdoor.Cobeacon is a malicious agent created using the Cobalt Strike red-team operation software to maintain control of a compromised system.
One of the social engineering techniques attackers use to deliver malware is to host the malware on popular cloud services. Of the 9.8 out of every 1,000 users downloading malware from cloud apps each month, 1.7 download the malware from popular cloud apps. The top apps by the percentage of organizations with malware downloads include the most popular cloud storage apps and the popular code-sharing platform GitHub, where various hacktools are hosted.
Phishing is the second most common social engineering technique, with 4.7 out of every 1,000 users in financial services visiting a phishing site every month. Whereas Netskope tracked a global increase in phishing over the past year, phishing rates in the financial services industry remained relatively stable as the rates in other industries have caught up. As shown in the figure below, nearly half of phishing attacks mimicked cloud apps and banking institutions.
Microsoft was the most commonly mimicked brand among cloud phishing attacks, while DocuSign and Adobe baits were also frequently used to steal login credentials for various other services.
Analysis of the referrers of the phishing pages visited by victims in financial services highlights a noteworthy trend: search engine optimization (SEO) poisoning remains a popular tactic to get phishing pages listed in search engine results where victims may have their guard down. After search engines, the remaining traffic to phishing pages comes from various sources.
Back 
