Attackers are increasingly building capabilities to target the core banking system, as well as exploit the human interaction around them, by targeting the employees, and customers. Something similar happened with Wells Fargo customers when attackers targeted them via phishing attacks.
Wells Fargo - an attractive target
Recently, customers of Wells Fargo bank became the target of three different phishing attacks within one month.
- This month, a phishing campaign impersonated and lured the Wells Fargo customers to phishing pages with the help of fake calendar invites via .ics calendar file attachments. It tricked them into entering sensitive information such as their credentials, as well as their cards’ four-digit PIN.
- In the same month, an email spam campaign was uncovered in the United States spreading the malware IcedID malware to harvest credentials from the customers of Wells Fargo and few other banks.
- In early June, attackers used Qbot Trojan payload to steal data from customers of dozens of US financial institutions like Bank of America, Wells Fargo, JP Morgan, etc.
Phishing attacks duping other financial organizations
In the past several months, hackers have carried out phishing attacks on various other financial organizations to gain access to users' sensitive information.
- In April 2020, in multiple spam campaigns, scammers sent out emails impersonating the U.S. Federal Reserve and lured recipients with financial relief options through the Payment Protection Program.
- In December 2019, a new phishing campaign impersonated the customers of several banks, including Royal Bank of Canada (RBC), Scotiabank, BMO Bank of Montreal, Interac, Tangerine, CIBC Canadian Imperial Bank of Commerce, Desjardins Bank, TD Canada Trust, Simplii Financial, ATB Financial, American Express, Rogers Communications, and Coast Capital Savings to steal sensitive data.
To avoid such phishing attacks financial institutions should educate and train their employees with mock phishing scenarios. Deploy a SPAM filter to detect viruses, blank senders, harmful attachments, etc., and a web filter to block malicious websites.