Email Phishing In Financial Industry: Fake Login Pages And Credential Theft

1 week ago | Mina Olson

Email Phishing In Financial Industry: Fake Login Pages And Credential Theft

The U.S. Federal Bureau of Investigation (FINRA) issued a cybersecurity warning earlier this year, warning business members of a "widespread, continued phishing attack" targeting financial markets. maker, in rare steps. The phishing email was sent using the author "@ broker-finra.org," according to FINRA, and was designed to look like they were sent by Bill. The organization's two vice presidents, Wollman and Josh Drobnik. According to FINRA, the phishing email had a PDF file attached with a link that sent users to a website that asked them to input their login credentials.

Webpage (aka false login page) asking members to submit their credentials is important here. The use of credentials by cyber attackers to get past email security systems is part of a larger trend.

These pages are almost identical to authentic websites, with logos, formatting, and overall templates that are hard to tell apart from the real thing. This is related to the extreme success of the ultimate goal of stealing their credentials. But how common are problems with phony login pages? How vulnerable is the financial sector as a whole?

>>>See:How to Join the Breakout Room in Zoom?

Email security tools are bypassed by fake login pages

Fake login pages are not new, but they are becoming more popular for two reasons. For starters, mail with fake logins can now evade technical restrictions such as regular secure email gateways (SEGs) and spam filters, without adversely investing time, money or resources.

The psychological explanation of the second reason is as follows: Inattentional blindness is a condition in which an individual fails to notice an unanticipated change in plain sight. IRONSCALES researchers spent the first six months of 2020 identifying and evaluating potential candidates. analyzing fake login pages to emphasize the seriousness of today's hacking and phishing threats. Here is a brief description of what was discovered:

Over 50,000 fake login sites have been discovered.

Fake login pages were used to defraud over 200 of the world's most famous brands.

Financial industry employees are the most typical recipients of fake login page emails, with PayPal among the top five fake brands.

PayPal, Microsoft and eBay are among the most popular spoofing brands. Despite the fact that PayPal tops the list, the greatest risk may be imposed by In the form of malicious Office 365, SharePoint and One Drive login pages, there are 9,500 Microsoft spoofs, putting not only people but entire enterprises at risk. Furthermore, the previously mentioned FINRA warning was a direct attempt targeted at obtaining users' Microsoft Office or SharePoint passwords. Several financial services businesses, including Bank of America, Coinbase, JP Morgan Chase, Stripe, Squarespace, Visa, and Wells Fargo, Sage Intacct, topped the list of top false login pages, in addition to the brands mentioned above.

A most efficient way to prevent fake login URLs from reaching inbox for financial services firms

Traditional email security systems focus on the content of the email, such as a malicious link or attachment, and they generally do a good job of preventing such communications from reaching their intended recipients. Because of the persistence of these security measures, hackers have been forced to adopt and change their strategy, relying on social engineering attacks. There is no hazardous material that these security systems can detect.

Instead, these emails are designed to show that they are from someone or something that you are familiar with (such as a brand other these attacks are often perpetrated by someone the victim knows, such as a co-worker, supervisor, acquaintance, or family member... It can also be found at FINRA. Earlier this year, the organization issued a warning that two famous personalities in the organization were cheating.

Natural Language Processing (NLP) is a new technology emerging to protect employees from these threats (NLP). It works like this: An email is sent, and because it doesn't contain any links or dangerous content, it goes through the first stage of protection. However, NLP will check the actual data. Look for suspicious tendencies in email phrases, such as the aforementioned availability check or financial request. Traditional signs of compromise (IOC), such as malicious URLs or attachments, will not be able to detect these attacks in real-time. Fake login pages disseminated through social engineering strategies pose a significant threat to financial services firms. According to a recent study by IBM and the Ponemon Institute, the average cost of a data breach in 2020 will be $3.86 million, not including reputational loss and lost customers. While new technology is beginning to aid defenses in reducing threats, The most widely used email security and anti-phishing programs have a long way to go before the threat of phony login pages is completely eliminated.

>>>See:Why is Password Security Important?

Fake Login Pages Bypass Email Security Tools

Fake login pages are not new, but they are becoming more popular for two reasons. For starters, mail with fake logins can now evade technical restrictions such as regular secure email gateways (SEGs) and spam filters, without adversely investing time, money or resources.

The second cause may be explained by unintentional blindness, a psychological phenomenon that occurs when a person fails to notice unexpected changes in clear vision.

YOU MAY ALSO LIKE

Are you worried that IRS might expose your data? Many times, people need to fill in their private data…
Do you have more than one user account on Your Windows PC and want to delete an Account; that is not…
Alter your WordPress login URL and cover up your wp-admin to outmaneuver programmers and avoid brute-force…
Credit cards are valuable tools that we carry with us everywhere we go. But then, they account for a…
One way or another, passwords are continuously within the news. They’re either being stolen in…
Your app login design is one of the most important pages on your website. After all, it’s the…