Organizations, especially financial service organizations like banks, face the same threat as individuals from scammers who want to steal their most precious commodity, their names and all connected identifiable information.
DomainTools’ recent research revealed how high-profile financial institutions are caught up in phishing scams via spoof domains set up by criminals. For example, in just one day, over 180 fake and malicious websites/email addresses were associated with Bank of America and Wells Fargo.
Because phishing is a form of social engineering designed to fool a human victim into taking a specific action, there are certain characteristics that phishing domains often exhibit:
Typosquatting: often a very close variation on the legitimate brand, created via typos or look-alike characters (homoglyphs). Some of the typos favored by phishers can be hard to spot.
Cybersquatting: the phisher appends another word or words onto the brand name.
DomainTools explained scammers know the difficulty for an organization to proactively register all the different combinations and permutations that could involve their name. So, the scammers send out phishing emails containing links to pages that look like the financial institution’s login page. “The victim then goes there and types in their credentials and now the bad guy has those credentials, and the more sophisticated ones, redirect the user to the real bank site so that the user then has an uninterrupted experience and thinks everything’s fine.” Except their username and password are now in the hands of the criminal who will use them later or sell them.
The bigger the firm, the bigger the bullseye. So for its research, DomainTools created lists of the largest financial institutions in the U.S. and the UK and used these as its queries, which returned lists of domains corresponding to each keyword (brand).
The top U.S. institutions in the study were Bank of America, Wells Fargo, US Bank and TD Bank. The most-spoofed European institutions: Blackstone, Blackrock and Deutsche Bank
A separate recent study from IDology found despite high-profile breaches, 98.6 million consumers still write down passwords, and 163.6 million seldom change them, making them vulnerable to identity theft. Nevertheless, 56% are more likely to choose a financial institution that uses advanced identity verification methods to ensure their authentication.
The IDology study’s findings demonstrate the need for financial institutions and businesses to comprehend shifting consumer behaviors, changes in cybercrime, and the need for stronger, yet frictionless identity verification to enable the overall growth of digital business.
The IDology study observed consumers view biometrics, knowledge-based authentication, and one-time passcodes as the most secure methods of authentication. Overall, 90% of consumers are comfortable answering knowledge-based authentication questions to verify their identities but prefer demographic-based questions over credit-based questions two to one.
When opening an account online, consumers place a premium on security (88%) and ease (72%), with 31% reporting they have abandoned signing up because it was too difficult or took too long. This reveals more than ever, consumers look to do business with financial institutions and companies that have minimal friction as part of their overall service experience, along with assurance that their transactions and identities are secure.
The IDology study also revealed 43% of American adults use passwords that are the same or have only slight variations, across multiple accounts, the IDology report revealed. This is dangerous—once a criminal gets a password from a data breach, they use those credentials to gain access to financial accounts.
The study also discovered that many consumers place a higher responsibility to protect their identities on companies than on themselves, while still expecting a seamless experience.