Cybercriminals Leverage the U.K.’s Strong Customer Authentication Requirement in a New String of Phishing Attacks

UK_Flag_shutterstock_1054452542Attackers are taking advantage of the requirement to secure online shopping and banking transactions processed within the U.K. to gather personal details of consumers and users alike.

If you’re unfamiliar with the Strong Customer Authentication (SCA) requirement in the UK, it’s basically multi-factor authentication given a “friendly” name; transactions only that involve banking or credit cards require the individual to authenticate themselves using two of three methods familiar to IT – something only they know (such as a password), something they possess (such as their phone), and something they are (such as their fingerprint).

While the UK’s implementation of SCA looks to be delayed until sometime next year, that isn’t stopping the bad guys from taking full advantage of the average consumer’s understanding that they need to abide by the new requirement.

According to UK news outlet Which, cybercriminals are sending out official-looking phishing emails from several banks designed to get the recipient to “verify” personal details.


While this scam is focused on obtaining information (likely to be sold on the dark web), it can just as easily be used as the vehicle to install malware or ransomware on your corporate network. Users should be warned about this scam and undergo Security Awareness Training to understand ways to quickly test and verify suspicious-looking emails.

Request Your Security Awareness Training Quote

products-KB4SAT6-2Old-school awareness training does not hack it anymore. Your email filters have a ~10% failure rate; you need a strong human firewall as your last line of defense. KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will. Find out how affordable this is for your organization and be pleasantly surprised.

Get A Quote Now

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews