AI boosts rise in phishing and spoofing attacks on banks
The US banking industry has seen a significant uptick in cyberattacks, particularly in phishing and spoofing, and tactics are becoming increasingly advanced due to AI.
New research from BforeAI analyzed 62,074 domains registered between January and June 2024 with finance-related keywords. Of those registered domains, 62 percent were found to be involved in phishing attacks targeting legitimate entities via spoofing websites.
A variety of online scams are based on 'Buy Now Pay Later' (BNPL) offers for cars, phones, and other goods. Major banks like Bankinter, BBVA, HSBC, and PayPal are frequent targets, with over 561 domains associated with each.
The most commonly-used keywords related to the financial domains include, 'money,' 'finance,' 'fintech,' 'cards,' 'debit,' 'credit,' and 'loan.'
The report's authors note, "Spoofing and phishing tactics are becoming increasingly advanced due to AI technology that enables execution on a larger scale and while remaining undetected for longer periods of time. With billions of phishing emails sent every day, countless spamming websites are hosted for the express purpose of receiving redirected victims to harvest and compromise their data. This leads to the generation of multiple newly registered domains (NRDs) on a daily basis, most of which are likely AI-generated."
Ease of access to phishing kits and increasing sophistication of spoofing techniques have contributed to a rise in attacks. By leveraging AI-generated deepfakes and other advanced templates, attackers can create highly convincing phishing campaigns that can deceive even the most vigilant users.
In order to avoid falling victim to threats the report suggests consumers need to focus on cyber hygiene practices such as regular changing of passwords, and use of multi-factor authentication. If you suspect you've been a victim of compromise, you're advised to immediately alert the bank and monitor for any unauthorized transactions. At the same time financial industries and banks should focus on adopting predictive security solutions and early threat indicators along with their existing infrastructure. This includes adopting AI themselves to anticipate threats.
The full report is available from the BforeAI site.
Image credit: BiancoBlue/depositphotos.com