Phishing Attacks in the Finance Industry
“Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities.Cybercriminals typically look for the path of least resistance, which is frequently the end user. BlueVoyant’s October research of attacks within the financial industry confirms this. Phishing attacks occur as often as every other attack vector in the financial sector combined - surpassing the second top attack vector by 292%. Phishing has continued rapid growth through 2019, with a 400% increase in phishing URLs discovered from January to July 2019. According to a recent report from Webroot, the top industries impersonated by phishing are listed in the chart below. Phishing kits are one of the top methods of launching phishing campaigns. These kits are widely available, inexpensive, and easy to use. According to a recent report from Akamai, the top impersonated brands used by phishing kits include:
- Microsoft - 62 phishing kit variants, 3,897 domains
- PayPal - 14 phishing kit variants, 1,669 domains
- DHS - 7 phishing kit variants, 1,565 domains
- Dropbox - 11 phishing kit variants, 461 domains
- Check the web address (URL) before you click on a link. On a web browser, hover over the link and look at the URL that shows up on the bottom of your browser. Is it pointing to a page at stripe.com?
- Stripe emails will come from the “stripe.com” or "e.stripe.com" domains, and you can always reply directly to the message to get in touch with us.
- Only type your password into a website after confirming that it is the website you want, not one that was created to look like Stripe:
- Check the domain name for typos (such as “stirpe.com”).
- Check for our Extended Validation Certificate; this usually looks like a green lock next to the URL, and it lets you know that you are on the genuine Stripe website.