Financial services firms face high incidence of phishing attacks

As financial institutions lean on digital channels to keep pace with customer requirements during the pandemic, cyberattackers have multiplied their efforts to gain access to user credentials via phishing attempts.

Financial services accounted for eight among the top 25 firms targeted most often by such attacks, according to a recent report from cybersecurity firm Vade. Topping the list of brands targeted by phishing attacks is the France-based $2 trillion Credit Agricole. The list is compiled from Vade’s own detection system, which found 17,755 unique phishing URLs between Jan. 1 and June 30 of this year.

Other sectors targeted by phishing campaigns include social media, cloud computing, e-commerce, telecommunications and government websites, the report noted. However, the number of incidences of Credit Agricole being targeted was so high that it inched out tech companies like Facebook and Microsoft as likely targets for impersonation. The list was compiled based on the number of newly created web pages per brand, as detected by Vade, Adrien Gendre, chief product officer at Vade, told Bank Automation News.

Vade offers security services for enterprise email inboxes and identified the phishing URLs by analyzing emails and links contained in them. With a phishing attack, usually “the goal is to capture user’s credentials,” Gendre said.

Phishing attacks can also be used to plant malware into a recipient’s computer, Gendre added. Quite often an email becomes the attack vector for such an attempt and eventually redirects the user to a fraudulent web page, designed to look like the original, that will capture the user’s credentials for subsequent use by the attacker. “Phishers continue to rely on recognizable domains from which to deliver phishing emails, with Google being the most popular service,” the report noted.

Overall, financial services companies represented 36% of all malicious URLs detected by Vade. The report noted that some of this increase in phishing activity could be attributed to the rise in loan applications for government-backed credit and moratorium programs established to manage the economic ripple effects of the pandemic.

Of the financial institutions that fall into the top 25 most target companies:

• La Banque Postale ranked No. 5 with 7,180 URLs;
• PayPal ranked at No. 9 with 2,601 URLs;
• Chase ranked at No. 10 with 2, 537 URLs;
• Wells Fargo ranked at No. 15 with 1,564 URLs;
• Square ranked at No. 22 with 786 URLs;
• HSBC ranked at No. 24 with 699 URLs; and
• Banque Populaire ranked at No. 25 with 695 URLs.

Three types of phishing attacks are usually discovered in operation: generic, customized, and in-between, the Gendre noted. “Some are very generic, they don’t try to customize the [e-mail] blast. Some are very customized and targeted, built for a specific company,” he said.

While the use of additional security measures like two-factor authentication should notionally have helped stem the tide of these attacks, Gendre said Vade has observed attackers absorbing those techniques into their operations and often redirect to pages that ask for the second password layer as well.

Financial institutions can adopt some technical solutions to prevent their domain names from being replicated, “the most effective and long-term way is to the educate [the] user,” Gendre said. Such education should include clear communication on issues like how the bank normally communicates with clients, and that a financial institution is unlikely to request user credentials via email.

The Bank Automation News webinar on automation technology for exceptional bank cybersecurity and ID verification takes place on Thursday, Sept. 9, at 11:30 a.m. ET. Register here. Attendees will be able to ask questions via chat.