At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Half of all Sites Used in Phishing Attacks Impersonate Financial Institutions

    As credential theft-focused phishing attacks continue to assist initial access brokers, new data shows banking fraud continues to be a material threat to individuals and businesses alike.

    Behind every cyberattack is the motive to monetize the attack as quickly as possible. And one of the fastest ways is to simply obtain the victims banking credentials. According to new data from cybersecurity vendor Fortra, the financial services sector was the most impersonated in Q4 of last year, representing 55% of all impersonated business sectors. Up just 3% from the previous quarter, the financial services sector continues to provide threat actors with an easy means to trick victims into giving up direct access to their money, credit cards, lines of credit and more.

    Q4Phishing-TopTargetedIndustries_25a6b3d34da4e36d6209a9c2e3901d1e_800

    Source: Fortra

    According to the report, the impersonation of businesses within the financial sector included national and regional banks, credit unions and other related businesses. The credential theft at the end of these attacks was primarily done at no cost to the attacker; according to Fortra, three-quarters of the phishing sites were staged through no-cost methods such as compromising an existing website or abusing a free web tool or service. In nearly 60% of the attacks, a legacy global top-level domain name (e.g., .com and .org) were used to add legitimacy to the attacks.

    It’s been shown that banking scams work very well, putting both individuals and businesses at financial risk – all it takes is the right set of banking credentials and the victims accounts can be completely wiped out in a matter of minutes. And because these attacks all start with a phish, it’s imperative that businesses enroll their users in continual Security Awareness Training to ensure they are kept updated on the latest phishing scams and social engineering tactics, so that the organization – and it’s money – stay secure.

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry
    Go Phishing Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top