Sponsored Content
Fighting fraud is a team effort, says Will Wright, chief operating officer of Santander International. He spoke to Meg Winton about how individuals can work with banks to defend themselves against cybercrime in the rapidly developing digital environment
MANY of us have spent October marking Cybersecurity Awareness Month, taking time to learn more about online safety and the fight against cybercrime.
It’s an ever-evolving topic and being aware of the constant stream of new threats, developments or challenges is vital to protect yourself.
The importance of personal cybersecurity cannot be overstated, says Will Wright, chief operating officer of Santander International, who adds: “It’s about protecting your personal information, devices and identity.
“We are sharing more information online all the time, which becomes a risk.”
Fraud and scams affecting individuals are on the rise, so, as a bank, Santander International keeps cybercrime at the top of its priorities.
“It’s something we’re talking about internally on a weekly basis,” Will said. “Across the Santander group, we spend millions on protecting our customers.”
And that spend is seen as an investment. A report by Santander UK and the Social Market Foundation analysed the financial impact fraud has on the economy, and its findings are significant.
“Between 2021 and 2023, ten million Britons were impacted by fraud, and a lot of that was driven by cybercrime,” Will explained. “It cost the economy £16bn and the average loss to an individual was around £1,000.”
So how are these criminals getting their hands on our cash? Will says it is through “deceit, manipulation and playing on our instincts and emotions”.
With this in mind, he explained what people should keep an eye out for.
“The most common threat is phishing, which is when someone sends a deceptive email to get you to click on a link or give up some information,” he said.
“Of all malware, 35% is delivered by email now, and over 90% of organisations have had an event triggered by someone acting on a phishing email. It’s really important to consider whether an email you’ve received is genuine.”
There are also variants of this approach for different channels.
“Smishing is when a scam is delivered via a text message or WhatsApp, and this is very, very common now,” said Will.
“Vishing is through voice. Someone will call you to try to extract data or lead you onto a scam. Recent reports have suggested more than half of calls to landlines nowadays are fraudulent.”
We’re also at risk of being duped into installing dangerous software. Hackers and criminals use malware to extract data or take control of your device for malicious purposes.
“Ransomware is a very specific version of malware that allows criminals to take complete control of your machine and lock it down. You’ll probably get a request for payment to get back into your machine, or they may threaten to release some of your data.”
Will continued: “This type of attack could be a catastrophic risk to small businesses who may not have been able to invest in protection against this threat and can’t afford to lose access to their online capabilities.”
Many criminals are successful in their scam attempts because they employ social engineering, the tactic of influencing or deceiving someone based on information they’ve gathered on the victim.
“Social engineering is when criminals use what you post on social media, or what was out there already through data breaches, to show they know enough about you when pretending they’re from a source you trust,” said Will. “It doesn’t mean they are who they say they are, so don’t be pressured on a call or via email.
“Don’t be fooled by an offer that’s too good to be true either. Think about how you’re being contacted, and if it’s a phone call, the right approach is to call back using a verified number.”
An arguably old-fashioned way that criminals can access your data or steal from you is through password attacks.
But what Will wants us to understand is that it’s not one individual trying to guess your password on the off-chance they will get it right; criminals have sophisticated, advanced software to inflict brute-force attacks on your password.
“Password attacks are pretty simple. The longer the password, the harder it is for a super-powerful computer to crack,” said Will. “But a password only offers you protection for so long. Having 16 characters is a good starting point, but there are extra security measures you can put in place to strengthen your protection.”
Speaking of extra security measures, what can we do to prevent falling victim to one of these scams?
The first port of call, Will says, is education.
“The National Cyber Security Centre has a great website with lots of advice. Even if you spend an hour a year updating your knowledge of cybersecurity, that will protect you significantly.”
Will established that passwords can be relatively weak protection on their own, so extra methods are important, namely multifactor authentication.
It’s a multi-step login process where in order to get access to a website, portal or account, you need to provide more information than just your password.
“Multifactor authentication is probably the most important tip,” Will stated. “In banking, for example, the second factor could look like a one-time passcode that’s sent to your device once you’ve entered your password, the first factor.
“Ideally, you have a third factor, which is where biometrics, like face IDs or fingerprints, come in. A combination of all three factors is great.”
A bit of digital housekeeping makes a difference too.
“We should keep the software we use up to date,” Will shared. “Do the security updates on your iPhone or Android and install the virus-scanning software on your home PC or laptop. These are all layers of protection.”
Will also advises being generally cautious when it comes to your personal data.
“It’s the most powerful type of information a fraudster can get hold of to then follow through with other cybercrime, fraud and scams,” he said.
“When you’re sharing your personal data, like filling in a form, always ask yourself, ‘why do they need this data’?. If you’re not comfortable sharing it, consider whether you need to.”
Will advises a cautious approach when it comes to personal data
What we can conclude from Will’s advice and expertise is that personal cybersecurity is crucial to navigating our digital world safely.
Cybercrime nowadays is advanced and intimidating, so how is Santander International supporting its customers and community from attacks that are, at this point, inevitable?
“Cybercrime is a constantly evolving battle, but we have insight of UK and global trends which help us understand the risks associated with scams and fraud. We communicate these risks as best we can to our customers over social media.
“A lot of payments go through the bank, so customers may find that they slow down as we check those that may appear suspicious. We know it can be a frustration, but hopefully our customers understand we do it to protect them,” he said.
Will highlights the importance of working together in this fight and the personal responsibility we must all take to protect ourselves.
“If you know you’ve been hacked, you need to act quickly by contacting your bank or whoever you hold that account with through a verified number. In a workplace scenario, tell your boss or cybersecurity representative. Make sure people are aware and don’t try to hide it.”
He added: “As a bank, we put lots of controls in place to protect our customers from cybercrime, but if they’re unaware of the risk or don’t know what to do in those situations, it makes it very difficult.”
And Santander is happy to support its customers to do their bit, Will shared.
“If you’re not confident with the digital world, don’t be embarrassed to ask for advice or speak to a friend. For our local customers, walk into the Santander Work Café and speak to our staff about any concerns regarding their online banking, for example.”
Will continued: “Santander staff will never call you for security information or one-time passcodes, they won’t ask you to move money to another account, nor will they pressure you to stay on the phone. We’ll be more than happy for you to call back if you want to confirm the call is genuine. We want to be challenged.”
As we conclude Cybersecurity Awareness Month for 2024, Will leaves us with a poignant reminder about the reality of cybercrime, fraud and scams. “People should not feel they’re immune to this,” he said.
“Some people think that only vulnerable people fall foul of this issue, but everybody is at risk, and we must be on guard.”
To hear more tips, guidance and advice from Will, click here to listen to the podcast.
