Due to multi-layered security controls in place by many financial institutions, "hidden tunnels" are used to move data and keep it safe. Cyber criminals acquire tools from the dark web that allow them to extract data and circumvent access controls of these tunnels and exfiltrate data. An example of these could be SaaS services for moving data securely, such as Dropbox for Business or similar services. Something as simple as a phishing attack can grant access to an attacker allowing them into the organization and behind their security. Banks using this layered security should ensure their security awareness training always includes best practices for identifying phishing attacks.