Cyber intelligence against bank fraud

Cyber intelligence services are crucial in helping financial institutions effectively combat bank fraud and stay one step ahead of highly motivated criminals

When you were a child and asked your parents for money, you probably heard your pleas met with an argument that was difficult to argue with: when you grow up, you’ll find out how hard it is to earn it. As is almost always the case, they were right. That’s why conflicts over money cause such distress for everyone.

For example, bank fraud suffered by citizens who fall victim to cyber scams can not only cause them significant financial losses but also headaches that are difficult to manage.

Catching the criminals behind bank fraud is a very difficult task, and recovering the stolen money is even more so.

But it is not only the victims of bank fraud who are affected. Financial institutions have been actively combating it for a long time, continuously refining their detection mechanisms and adapting their security strategies to the latest procedures to increase their ability to detect and prevent bank fraud.

A recent ruling by the Supreme Court has underscored the need to continually refine bank fraud detection mechanisms in the face of highly motivated cybercriminals who are constantly innovating in the techniques, tactics, and procedures they employ.

For years, financial institutions have made considerable efforts to prevent bank fraud, investing in cyber intelligence services that enable them to stay at the forefront of the fight against fraud and continually strengthen their security strategies.

1. The cyber resilience of the financial sector is essential for the economy and society

If there is one sector that has always been at the forefront of cybersecurity, it is undoubtedly the financial sector.

Banks have been digitizing their structures and investing in strengthening their security strategies for decades.

In addition, their critical role in the functioning of the productive fabric and society has led legislators to pass stricter cybersecurity regulations for financial institutions.

Proof of this is the DORA regulation, a European regulation that is already in force and which, among other things, requires banks to undergo threat-based penetration tests, also known as TLPT tests. These tests combine:

• Targeted threat intelligence is carried out by a Threat Intelligence team that prepares a specific report on the threats facing a bank.
• Red Team exercises are designed based on intelligence information that allows the level of resilience of a financial institution to be checked and weaknesses to be detected and improved.

Thanks to TLPT tests, banks can optimize their security posture, effectively deal with sophisticated and complex cyberattacks, train the professionals responsible for their cybersecurity, and fortify critical assets and processes against cyberattacks so that they do not impact their operations.

2. Training and awareness for customers about the risks of bank fraud

In addition to TLPT testing, which is mandatory for the vast majority of financial institutions, banks have committed to designing training strategies for their customers. The goal? To prevent the human factor from being exploited by malicious actors to carry out bank fraud.

Who hasn’t received an email from their bank with practical tips on how to avoid becoming a victim of bank fraud? It is now common practice to send communications to users with best practices in cybersecurity.

Additionally, more sophisticated communication initiatives have been launched. For example, Banco Santander launched the fictional podcast Titania, which warned about identity theft and social engineering and won an Ondas Award.

Awareness campaigns help reduce the risk of users being deceived by hostile actors and provide them with information that enables them to detect and prevent bank fraud.

3. Bank fraud is becoming increasingly sophisticated and takes advantage of current events

We must also bear in mind that malicious techniques, tactics, and procedures have evolved, making bank fraud increasingly difficult to detect.

For example, in many cases, the SMS that triggers a cyber scam slips into the thread of legitimate messages from the company whose identity is being impersonated, giving it credibility.

To gain the trust of their victims, malicious actors not only use classic channels such as emails or SMS but also combine them with phone calls impersonating customer service representatives from banks or other companies, using information about each individual obtained beforehand to make the conversation as credible as possible. Malware such as info-stealers is also used to obtain bank credentials.

Another factor driving the threat of bank fraud is the proliferation of malicious services offering packages to carry out this type of attack, including fake login pages or methods to bypass multi-factor authentication, one of the main security mechanisms against bank fraud. This means that malicious actors with minimal technical knowledge and resources can launch banking fraud in exchange for sharing part of the profits with the providers of these services.

Added to this is the fact that criminals exploit current events to the fullest. Thus, fraud was quickly detected after the power outage that hit the Iberian Peninsula in late April 2025.

Criminals impersonated transport companies, energy companies, and insurance companies to obtain banking information from citizens in exchange for purported compensation for damages suffered during the blackout.

4. Generative AI and next-generation bank fraud

When talking about bank fraud, we cannot overlook the impact of artificial intelligence.

Generative AI systems are already being used to create voice and image deepfakes and impersonate specific professionals such as bank advisors or company executives who can order payments and transfers, representing an evolution of CEO fraud.

In fact, banks are already implementing measures to combat this type of fraud, such as using keywords that only bank managers and the companies they work with are aware of.

This way, a company manager can know whether the person on the other end of the phone line is a professional from their bank or whether they are the victim of a scam.

5. The importance of strengthening bank fraud detection mechanisms

As we mentioned at the beginning of this article, the Supreme Court recently published a key ruling on bank fraud.

The Supreme Court focuses on combating bank fraud in the face of the growing efforts by criminals. How can financial institutions continue to combat fraud? By developing, implementing, and refining measures that allow them to:

• Automatically detect «the concurrence of indications that an abnormal transaction may be taking place.»
• Generate automatic alerts for suspicious transactions.
• Temporarily block accounts that carry out anomalous actions such as «repeated transfers without interruption», transfers made at unusual times (e.g., in the early hours of the morning), for amounts that are not consistent with the user’s usual behavior, or recipients to whom no money has ever been sent before.
• Increase control and monitoring of transactions when there are indications that the risk of bank fraud has increased.

6. Cyber intelligence services to combat bank fraud

To design, implement, and optimize these specific security measures and tackle the most innovative and difficult-to-detect bank fraud, financial institutions have a key ally: cyber intelligence services:

• Counter-Phishing. Through this service, cyber intelligence experts can:
  • Detect bank fraud campaigns early.
  • Build a database of malicious actors’ behaviors and patterns to facilitate the detection of illegitimate operations.
  • Implement countermeasures against social engineering campaigns.
  • Deploy a distributed response infrastructure in various regions around the world.
  • Conduct ongoing research to adapt bank fraud detection and response mechanisms to new TTPs.
  • Design policies to prevent bank fraud.
• Threat Intelligence. Targeted threat intelligence offers a comprehensive overview of the primary threats to the financial sector, identifying the most plausible scenarios in which bank fraud can be executed. Thanks to targeted threat intelligence, security measures can be optimized to prevent and detect bank fraud, and Red Team scenarios focused on bank fraud can be designed, or TTP’s can be tested in isolation under Unit Tests.

In short, cybercriminals are launching bank fraud that is increasingly difficult to detect for citizens, professionals, and business owners with basic cybersecurity knowledge.

Therefore, the task of minimizing bank fraud is a daunting mission that financial institutions have been tackling for years. To carry it out successfully, it is essential to invest in cyber intelligence services that help banks learn about the most innovative techniques and tactics used by cybercriminals and implement measures that allow them to stay ahead of malicious actors.