Sales League Table 2020 | Banking Technology Winners

Results Announced!

Stay up-to-date with the latest industry news and analysis.

Subscribe to BankTech Daily News today. Limited time offer.

The Black Swan Opportunity | Get your bank digital ready.

IBSI Special 5 Digital Report Package with Special Offer. Subscribe now

Core Banking Market Dynamics Report 2020

Global analysis of core banking system sales. Subscribe now

Phishing campaign targets prominent bank account holders in Canada

A cybergang has been targeting Canadian business banking customers with customised phishing attacks, designed to trick account holders into disclosing their credentials.

Likely based out of Ukraine, the group uses targeted emails, sent to stakeholders with tailor-made messages crafted to look genuine. These include correct bank logos, accurate information and proper language.

Inside this emails is an infected PDF file which victims are encouraged to download and open. Within these files are the URL links, keywords and brand abuse factors which are usually detected by security programs.

X-Force researchers noted that the content of the PDF changed corresponding to a specific victim’s role, an indication that the attackers had prior knowledge of their selected recipients.

If victims clicked the embedded link inside the PDF, they were sent to an initial URL that redirected them to the next one. The second bounce is where the phishing attack was actually hosted, presenting victims with a fake process to synchronise their token devices. Account information, when entered into the fake site, was sent in real-time to attackers.

“This is a perfect example of how Phishing campaigns are becoming increasingly sophisticated and targeted,” said Eyal Benishti, CEO and founder of IRONSCALES. “As is the case here, fraudsters are frequently adopting spoofing and impersonation techniques in a quick, easy, and incredibly successful way to lure their potential victims into a false sense of security. As a result, it is becoming virtually impossible for end users to identify these phishing emails as they land in inboxes across the workforce.

“It is imperative to help users identify well-crafted impersonation techniques, in order to avoid a potential cybersecurity incident, which could be crippling for an organisation. By integrating automatic smart real time email scanning into multi anti-virus, and sandbox solutions, forensics can be performed on any suspicious emails either detected, or reported.”

Related IBS Intelligence Research

Related Posts

cred.ai emerges from stealth mode & launches technology-powered Metal Card

cred.ai, a Philadelphia-based FinTech company, has announced its emergence from stealth mode to debut technology-powered Metal Card, a consumer spending product that leverages proprietary technology to give users controls, convenience, and automatic credit score optimization. With cred.ai Guaranty, customers do not have to pay fees or interest. They will also receive a premium brand experience […]

This post is only available to members.

Read More »

Cloud9 Technologies teams up with comitFS to boost real-time voice trading APIs

Cloud-based communications provider Cloud9 Technologies has teamed up with comitFS, a UK-based provider of voice middleware and API abstraction capabilities for financial services companies. The collaboration will facilitate the development of real-time call control capabilities for voice trading within the institutional marketplace. “As trading dynamics shift to a more digitally-driven environment, firms want the peace […]

This post is only available to members.

Read More »

Quantum Group acquires mobile cashback app Tail

London-based FinTech incubator Quantum Group today announced the acquisition of mobile cashback app Tail. The acquisition is expected to enable Quantum Group to increase the number of banking partners integrated with Tail and to onboard different retailers from around the UK. Tail’s platform enables retailers to create hyperlocal marketing campaigns, thus allowing them to increase […]

This post is only available to members.

Read More »