Criminals seem to be recycling old attack methods as a new report has found that phishing attacks remain the top threat to financial services organisations and customers.
The study by cloud delivery network provider Akamai Technologies found that 50 per cent of all unique organisations impacted by observed phishing domains were from the financial services sector.
The goal of phishing is to trick the recipient of a malicious email into opening and engaging with it.
The “sender” of the email deceives the victim by making the email appear to be sent from a reputable source, such as a government department, a supplier, or a customer of the business.
The phishing email may have a malicious attachment, like a PDF or Word document, that, once opened, will harm the user’s computer by installing malware.
Or, the phishing email will contain a malicious URL link in its body. When the user clicks on that link, they might be directed to a site that appears legitimate, but in actuality it is used to collect confidential information such as usernames and passwords, or to install malware onto their device, according to Akamai.
The report indicates that between December 2, 2018 and May 4, 2019, nearly 200,000 phishing domains were discovered, and of those domains, 66 per cent targeted consumers directly.
In addition to unique phishing attempts, adversaries also leveraged credential stuffing attacks to the tune of 3.5 billion attempts during an 18-month period (November 2017 to
April 2019), putting the personal data and banking information of financial services customers at risk, said the “State of the Internet/Security Financial Services Attack Economy” report.
In credential stuffing, bad actors use real credentials stolen from a third-party resource. They take advantage of a common habit of people using the same credentials for different online accounts.
“We’ve seen a steady rise in credential stuffing attacks over the past year, fed in part by a growth in phishing attacks against consumers,” said Martin McKeay, Security Researcher at Akamai.
“Criminals supplement existing stolen credential data through phishing, and then one way they make money is by hijacking accounts or reselling the lists they create. We’re seeing a whole economy developing to target financial services organisations and their consumers,” McKeay added. (IANS)