Half of all Sites Used in Phishing Attacks Impersonate Financial Institutions

phishing attacks impersonate financial institutionsAs credential theft-focused phishing attacks continue to assist initial access brokers, new data shows banking fraud continues to be a material threat to individuals and businesses alike.

Behind every cyberattack is the motive to monetize the attack as quickly as possible. And one of the fastest ways is to simply obtain the victims banking credentials. According to new data from cybersecurity vendor Fortra, the financial services sector was the most impersonated in Q4 of last year, representing 55% of all impersonated business sectors. Up just 3% from the previous quarter, the financial services sector continues to provide threat actors with an easy means to trick victims into giving up direct access to their money, credit cards, lines of credit and more.


Source: Fortra

According to the report, the impersonation of businesses within the financial sector included national and regional banks, credit unions and other related businesses. The credential theft at the end of these attacks was primarily done at no cost to the attacker; according to Fortra, three-quarters of the phishing sites were staged through no-cost methods such as compromising an existing website or abusing a free web tool or service. In nearly 60% of the attacks, a legacy global top-level domain name (e.g., .com and .org) were used to add legitimacy to the attacks.

It's been shown that banking scams work very well, putting both individuals and businesses at financial risk – all it takes is the right set of banking credentials and the victims accounts can be completely wiped out in a matter of minutes. And because these attacks all start with a phish, it’s imperative that businesses enroll their users in continual Security Awareness Training to ensure they are kept updated on the latest phishing scams and social engineering tactics, so that the organization – and it’s money – stay secure.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Phishing

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews