An article from Dark Reading touched on some very valid points with regards to the security at financial institutions. According to the article:

Penetration testers who work with bank clients say the fragile state of the banking community is making it easier for them to dupe understandably anxious bank employees. Bank employees are overly eager or easily coerced into cooperating with “auditors,” or into clicking on links purportedly from the bank about its own financial welfare.

Even though this is very bad from a security standpoint, it seems like a natural human response. However, if someone is able to walk into a bank merely posing as an auditor and without having their credentials checked or challenged, it’s possible for them to make off with a lot of sensitive information.

This type of behavior isn’t limited to just bank employees. Economy-induced anxiety can also affect the judgment of regular users. The most successful phishing attacks prey on a user’s familiarity or interest in the subject presented as bait. So a phishing email claiming to request important information from a bank customer might be more likely to succeed when the economy and specific financial institutions are in a state of flux.

In fact, it would be wise for both bank employees and bank customers to be MORE cautious during times of economic uncertainty, as attackers are notorious for taking advantage of such situations. It just goes to show– when it comes to security, we can’t afford to be careless.