Biggest phish in the sea? These banks are growing targets
Phishing is the one cybersecurity issue that never seems to go away.
Despite the repeated warnings and efforts at raising customer awareness, cyberthieves continue to trick users with fake emails resembling legitimate ones, intended to direct them to a link where thieves can steal their credentials.
Perversely, cybercriminals are in fact exploiting that awareness, said Adrien Gendre, CEO of Vade Secure North America, which just released a report on phishing attempts via spoof emails in the third quarter.
“The biggest reason that banking customers continue to fall for phishing emails is fear," Gendre said. "Hackers have evolved from simple password-reset scams to emails that use fear to compel recipients to act, without scrutinizing the message properly."
For example, an email that states, “Your account has been suspended. Unlock it in the next 24 hours.” A customer clicks on the link and is redirected to a site set up by hackers. Most will remain unsuspecting, since many hackers now build legitimate-looking sites with unique URLs.
On top of that, hackers continue to refine the technical aspects of their phishing emails, Gendre said, "using techniques such as cousin domains, homoglyphs, or attacks that only render their content on mobile devices to take advantage of recipients being distracted or on the go.”
Following is a list of the banks that made Vade Secure's top 10 phishing list in the third quarter, along with insights into how lenders can protect themselves: