With bad actors offering professionalized phishing-as-a-service software to dupe customers into giving up their credentials, the need for comprehensive customer education is more dire than ever.
Criminals can pay as little as $50 a month to run a realistic-looking Wells Fargo website that includes 24/7 support, according to a report from IronNet, which recently uncovered a large-scale phishing-as-a-service scheme by a platform called Robin Banks. Robin Banks sells access to “phishing kits” that let bad actors easily imitate the likes of Wells Fargo, Citi, and Bank of America, in order to steal customers’ credentials. Bad actors using the kits have stolen at least $500,000 from victims, according to the researchers.
While it stands out for its slick, professionalized toolkits, Robin Banks is just one example of a much larger problem: A record 1,025,968 phishing attacks occurred globally in Q1, surpassing 1 million incidents in a single quarter for the first time, according to the Anti-Phishing Working Group.
“Customer education is the most important way of mitigating these types of attacks,” IronNet threat intelligence analyst Morgan Demboski told Insights Distilled. Banks need to “properly warn customers of the possibility of being targeted” and educate them on how to spot fraudulent emails, texts, phone calls, and websites.