Mon, 13 Jul 2026 · LIVE
Updated Jul 13, 2026 · 15:05
Computer News Updated Jul 13, 2026

Trust-Based Cyberattacks Now Top Threat to Financial Institutions: Report

A new report by Indian cyber agencies reveals trust-based attacks have replaced traditional hacking as the biggest threat to financial institutions. Attackers manipulate trust across biometric onboarding, AI systems, and third-party ecosystems rather than directly targeting passwords or transactions. The report notes deepfake impersonation has become industrialized, with social engineering and Business Email Compromise attacks intensifying. It recommends financial institutions move from static controls to continuous assurance and ecosystem-wide trust management.

Trust-based cyberattacks replacing traditional hacking as biggest threat to financial institutions: Report

New Delhi, July 13

Cyber threats targeting financial institutions are rapidly shifting from traditional hacking to trust-based attacks, with cybercriminals increasingly exploiting digital identities, artificial intelligence, payment systems and third-party ecosystems instead of directly targeting passwords or transactions, according to the Digital Threat Report 2025-26 released by the Indian Computer Emergency Response Team, the Computer Security Incident Response Team in Finance and SISA.

The report said attackers are now manipulating trust across biometric onboarding, partner applications, AI-based decision-making and real-time payments, creating a new threat model for the banking, financial services and insurance (BFSI) sector.

It stated, "Modern financial attacks are moving from direct compromise to trust-chain manipulation across biometric onboarding, partner apps, AI decisioning, real-time payments, APIs, programmable finance, and third-party ecosystems."

According to the report, attacks are no longer limited to compromising credentials or individual transactions. Instead, they are now embedded across identity systems, AI, APIs, payment logic and supply chains, where no single institution has complete visibility over the risks.

The report noted that six of the seven forward-looking predictions made in the previous edition have already been fully realised, indicating that cyber threats are evolving much faster than many institutional control systems were designed to handle.

It said deepfake impersonation has now become industrialised, with real-time executive video deepfakes, adversarial large language models (LLMs) and polymorphic attack variants increasingly being used by attackers.

The report also highlighted that social engineering and Business Email Compromise (BEC) attacks have intensified, while credential theft and session hijacking have become the dominant methods used to gain initial access into systems.

According to the report, cyberattacks are no longer manually crafted but are now generated, refined and deployed at machine speed.

It added that phishing attacks have become context-aware and are now almost indistinguishable from legitimate communications, making the BFSI sector the most targeted industry.

To address these risks, the report recommended making active liveness detection the standard for digital onboarding and adopting continuous session assurance using behavioural biometrics, device posture monitoring and token binding for high-privilege sessions.

It also recommended extending identity governance beyond human users to include service accounts, machine identities and agentic AI, while enabling cross-database identity verification for high-assurance account openings wherever legally feasible.

The report said the biggest challenge is not simply the increase in cyber threats, but the fact that the foundations on which financial institutions have traditionally managed digital trust are being fundamentally rewritten.

It stressed that cybersecurity can no longer rely only on adding more tools to existing systems. Instead, financial institutions need to move from static controls to continuous assurance, from isolated defence to ecosystem-wide trust, and from prevention alone to operational resilience.

— ANI

Reader Comments

Priya S

It's scary how sophisticated these attacks have become. Just yesterday I got an email that looked exactly like my bank's official communication. Only thing that saved me was calling customer care. We really need to educate our parents and grandparents about such threats.

Michael C

This is spot on. As someone working in fintech, I've seen firsthand how attackers are shifting from brute force to social engineering. The recommendation about continuous session assurance using behavioral biometrics is crucial - banks need to implement this ASAP.

Ravi K

Ek baat toh clear hai - technology jitni advanced ho rahi hai, scams bhi utne hi smart ho rahe hain. Par kya humari Indian banks ke paas itna budget hai ki woh AI-based security systems implement karein? Chhoti banks ko toh bahut mushkil hoga. 🏦

Aditya G

While I appreciate the report, I'm skeptical about how quickly Indian banks will adapt. We still have people using SMS-based OTPs, which are notoriously insecure. The report's call for "ecosystem-wide trust" is idealistic unless there's regulatory push. Good analysis though.

Neha E

Deepfake impersonation industrialised? That's terrifying. Imagine getting a video call from your boss asking for money transfer and it's a deepfake. 😨 We need more awareness campaigns like those cybersecurity ads on TV and YouTube. Prevention is better than cure!

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Reader Voices

Leave a comment

Be kind. Add to the conversation. 0/50
Thank you — your comment has been submitted.
JS blocked