According to an article by SecureList, the rate at which cyber-criminals are attacking the financial industry has doubled since 2012.
How are these scammers doing it? One word: phishing.
Phishing, or creating fake copies of sites to obtain confidential user data, is a common cyber threat. This is largely due to the fact that to deploy the most simple pushing campaign, cyber-criminals do not need to have programming knowledge. As phishing is based primarily on forged websites, it’s enough to just have web design skills.
For example, an article by SmartMoney showed how one phishing attack that used a Virginia based payment processing company sent out 167 million forged emails in a single day. The emails contained company imagery and content taken directly from their website – luring victims in with the company’s well known, and trusted, logo.
Widespread brand recognition is one of the mail tools of the phishers: the more popular the brand, the easier it is for cyber-criminals to use its name to lure users to fake websites. In 2013, 25 banks attracted about 60% of all attacks. These 25 organizations are the largest international banking brands around, operating in dozens of countries worldwide.
The worst part? Depending on the type of phishing, cyber-criminals can net up with $70,000 of consumer’s money from a single attack.
With numbers such as these, it is evident that phishing isn’t going anywhere and that consumers can expect the number of incidents to steadily increase as more money is made. To fight back organizations need to actively educate their consumers while taking advantage of systems that offer both website verification and two-factor authentication.